As a System Administrator, you should have probably encountered some errors such as “Remote Desktop Disconnected” or “An internal Error has occurred” when you try to connect to the server via RDP. It was easy to troubleshoot such errors in the past years. But now, these errors does not implies to the exact root cause. So, only a step by step RDP troubleshooting is the best possible way.

First, let us make sure the client side is okay.

1. Try to connect after disabling “Reconnect connection” option

  • Open Remote Desktop Connection Application
  • Click Show Options button in the bottom
  • Navigate to Experience tab
  • Uncheck Reconnect if the connection is dropped option
  • Try to reconnect to the server

2. You can try to connect to the server running the Remote Desktop Connection as
Administrator.

3. Verify the connections are accepted on the remote server, there are high chances the remote connectivity to RDP port ( 3389 by default ) is blocked on the server.

On command prompt issue the command

telnet <server name or IP > 3389

If the connection is Okay, the server should accept the connection.

If the connection is not accepting, check and verify the remote connection is accepted in the server.

Once the client side connectivity is verified let us move to the server side.

In the following steps, you will be needing console access to the server

1. Restart Remote Desktop Services

Simple, but on 10% cases in my experience, the restart fixed the problem.

  • Go to Services and find Remote Desktop Services
  • Restart the service
  • Try to connect to the server

2. Check whether there is any port conflict. First, we need to check which application is using the port same as RDP. We can simply find this using netstat

  • Click start, click Run, type cmd and then click Ok
  • At the command prompt, type “netstat -a -o” and press Enter
  • Look for an entry for TCP port 3389 (or the assigned RDP port) with a status of Listening. This indicates another application is using this port. The PID (Process Identifier) of the process or service using that port appears under the PID column.

To determine which application is using port 3389 (or the assigned RDP port), use the tasklist command-line tool along with the PID information from the netstat tool.

  • On the terminal server, click Start, click Run, type cmd, and then click OK.
  • Type tasklist/svc and then press ENTER.
  • Look for an entry for the PID number that is associated with the port (from the netstat output). The services or processes associated with that PID will appear on the right.

3. If the server is running on a domain, try to remove and rejoin to the domain might fix the issue.

4. Make sure the service "NETWORK SERVICE" is selected in the remote desktop services logon.

To check, go to services-> remote desktop services->-> right click-> properties-> log on tab-> NETWORK SERVICE in present in the "This Account" column

5. In this case, if you are using the AADServer Firewall (custom firewall used to secure Terminal Server, Application Server and Remote Desktop Connection) whitelist your IP Address in the AADServer Firewall

6.Server Credentials Private Key Error

This error will occur if the permissions for the machine keys are modified in an improper way. To fix this issue, apply the correct permissions for the keys.

    • Open Explorer
    • Go to

C:\ProgramData\Microsoft\Crypto\RSA\

  • Check whether the following permissions are applied to the folder named “MachineKeys”
  • a)Owner - SYSTEM
  • b)Permissions – Administrator : Full Control

Everyone : Read
NETWORK SERVICE : Read and Execute

  • If everything looks fine, then navigate to the folder “Machine Keys”
  • Search for a keyword "f686aace6942fb7f7ceb231212eef4a4"
  • Repeat the step a) and b). If the permissions are not present, then apply the permissions accordingly. (We need to do this because if there is no owner set for the key, the applied permissions on the folder “RSA” will not take effect on the key inside the folder. So, we need to do this manually by setting the owner first)

7.Run command sfc/scannow . But, this will require a reboot to finish the troubleshooting

Most RDP issues will be sorted out by following up this tutorial. Get in touch with us if it does not solve the problem, we will be glad to assist.

Happy troubleshooting!

Thanks for dropping by. Ready for the next blog?

Google PageSpeed mobile score a factor on search ranking from July 2018 onwards

  • Akhil Suresh

    I just tried to change permission of RSA folder. But its shows an error

    • AskAlly

      Did you tried as Administrator, can you share a screenshot?