question

LeirkEnterprise avatar image
0 Votes"
LeirkEnterprise asked LimitlessTechnology-2700 commented

Remote Dekstop to Windows Server 2016 not working

Hi,

I was able to remote desktop from a different subnet to my windows server 2016 for weeks. One day I install Hikvision's app on the server and since then I've not been able to access the server. Tried a couple of things that didn't work:

  • checked whether I've enabled port forwarding on the cisco firewall (yes)

  • checked whether remote desktop is enabled on server and unchecked connection requiring NLA (yes)

  • checked whether the server is listening on the port (yes)

  • checked group settings to see whether the server allows incoming connections (yes)

  • checked whether 'require use of security layer' in group settings is enabled and configured for RDP (yes)

  • checked windows firewall to see whether the inbound port rule is correct & allowed (yes)

  • checked whether the particular port is configured in the registry ,since I'm not using 3389 (yes)

I'm now stuck. Anyone with any ideas what the issue could be?



remote-desktop-serviceswindows-server-2016
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

when I used the troubleshooting toll on the windows server, it gave me the following msg

"The IPsec security policies of the two computers don't match. This is preventing the connection.
Contact your network administrator Completed


Your computer's security policy doesn't match the policy on the computer you're trying to reach. The security policy settings need to be modified."

Anyone know how to resolve this between a Windows 10 Client and Windows 2016 server?

0 Votes 0 ·
DSPatrick avatar image
2 Votes"
DSPatrick answered DSPatrick commented

Might try from PowerShell from source and target (use target ip address in both cases).

Test-NetConnection -ComputerName "192.168.49.142" -CommonTCPPort "RDP" -InformationLevel "Detailed"

--please don't forget to upvote and Accept as answer if the reply is helpful--





· 18
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·

will this work from another subnet? also, I changed the port from standard 3389 to another port

0 Votes 0 ·

Then do;
Test-NetConnection -ComputerName "192.168.49.66" -Port "999" -InformationLevel "Detailed"




0 Votes 0 ·
Show more comments
LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered LimitlessTechnology-2700 commented

Hello,

Thank you for your question.

I would like to suggest you to check below Troubleshooting steps.

  1. Please try to ping the server

  2. Disable Firewall on Client computer and on the Server for temporary.

  3. Disable Antivirus on Client computer and on the server for temporary.

  4. Please check date and time are synced

  5. Download PortQry from below Microsoft site to see if the port open and reachable from client computer
    https://www.microsoft.com/en-in/download/details.aspx?id=24009

Hope this helps,
Thank you,

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I've tried to disable the windows firewall on both client and server as well as sync the time, but RDP still doesn't work.

Thanks for the tool, it returns the following query

UDP port 5137 (unknown service): LISTENING or FILTERED
portqry.exe -n xxx.xxx.xxx.xx -e 5137 -p UDP exits with return code 0x00000002.

0 Votes 0 ·

Hello,

Please chech what port is used by Hikvision application , it may be the port conflict and used by this application.

Try stop Hikvision services and see if you are able to access RDP. If yes then you may need configure this application port to other port.

Hope this helps.

0 Votes 0 ·

Hello @LeirkEnterprise

If uninstalling or stopping Hikvision software fixes the issue, most likely the problem is the conflict of network usage, and you may want to get more information from the manufacturer about the coexistance with other services like RDP.

Does any difference if you access from the same subnet?

On the other hand, to remove this problem (also for enhanced port security) you can configure a port redirection in your router for RDP incoming connections to the server meaning that you can assign a new "public" port, that gets redirected to the 3389 (RDP) internally. the only difference would be that currently your machines will be connecting with xxx.xxx.xxx.xxx as destination and then will need to connect with xxx.xxx.xxx.xxx:<publicporttoredirect>

Hope this helps in your case,
Best regards,

0 Votes 0 ·
cthivierge avatar image
0 Votes"
cthivierge answered LeirkEnterprise commented

What is the particular RDP port you are using ?

Is it possible it has an issue with one of the port the application is using ?

hth

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

UDP 5137

It could be, but it worked fine for weeks so I don't understand why the port would suddenly have an issue

0 Votes 0 ·
cthivierge avatar image
0 Votes"
cthivierge answered LeirkEnterprise commented

If you open a cmd with admin rights on the Windows 2016 server, run this command

Netstat -anob > c:\temp\portlist.txt

Then look for the RDP port and look for the process that is associated with the port

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

UDP [::]:5137 : 368
TermService
[svchost.exe]


it shows the RDP process 'termservice'

0 Votes 0 ·

So TCP 5137 and UDP 5137 are configured on the port 5137 and it's Termservice the associated process...

If you run the command line:
Test-NetConnection -ComputerName "192.168.49.142" -Port 5137 -InformationLevel "Detailed"

Everything is working?

0 Votes 0 ·

ComputerName : 192.168.2.20
RemoteAddress : 192.168.2.20
RemotePort : 5137
NameResolutionResults : 192.168.2.20
MatchingIPsecRules :
NetworkIsolationContext : Private Network
InterfaceAlias : Ethernet
SourceAddress : 192.168.2.20
NetRoute (NextHop) : 0.0.0.0
TcpTestSucceeded : True

0 Votes 0 ·
cthivierge avatar image
0 Votes"
cthivierge answered LeirkEnterprise commented

Does it try to negotiate a connection?
Can you see... "Securing remore connection" or "Configure remore session" or there is nothing

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

The remote desktop app from my client (different LAN) just says "Initiating remote connection"...then fails (see attached image)

I hope that's what you're asking? 132328-rdp-error.jpg


0 Votes 0 ·
rdp-error.jpg (29.9 KiB)
cthivierge avatar image
0 Votes"
cthivierge answered LeirkEnterprise commented

Try this...

On your client computer, open a cmd and run this command just after launching the rdp connection

Netstat -ano | find /i "5137"

What is the status of tge connection?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Here's the result

132408-netstat-ano.jpg


0 Votes 0 ·
netstat-ano.jpg (15.0 KiB)
cthivierge avatar image
0 Votes"
cthivierge answered LeirkEnterprise commented

Is this on the client or on the Windows 2016 server?

It has to be run like a second after launching the RDP connection

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

this is on the client (which is on a different LAN)...I ran it just right after launching RDP

0 Votes 0 ·
cthivierge avatar image
0 Votes"
cthivierge answered LeirkEnterprise commented

Try the same thing bit with this command

Netstat -ano | find /i "[remote server ip address]"

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

C:\WINDOWS\system32>Netstat -ano | find /i "xxx.xxx.xxx.xx"
TCP 192.168.100.20:61185 xxx.xxx.xxx.xx:61811 ESTABLISHED 3984

0 Votes 0 ·
cthivierge avatar image
0 Votes"
cthivierge answered LeirkEnterprise commented

Ok... So do you see any port 5137 ?
Even with a bad connection attempt, you should see a connection to the remote server...

There is a graphical toll that does the same thing as netstat and it's tcpview from the Sysinternals tools.

You could try to run tcpview from the client computer and then try to connect to the server.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for referencing the tool, I didn't know about it. I've downloaded and run it, and even while trying to RDP, I can only see that it's listening on port 5137, and this is from yesterday (see below)

svchost.exe, 1228, TCP, Listen, 0.0.0.0, 5137, 0.0.0.0,0, 14/09/2021 18:59:34, TermService
svchost.exe, 1228, UDPv6, ,::, 5137, *,, 14/09/2021 18:59:34, TermService


is there something specific I should be looking for?

0 Votes 0 ·