[isalist] Re: RDP Quit Working
- From: "Ball, Dan" <DBall@xxxxxxxxxxx>
- To: "'isalist@xxxxxxxxxxxxx'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 26 Aug 2009 21:45:17 -0400
Yes, we have one server that we publish RDP, accessible to only three IPs
downstate. Forgot about that until you mentioned it.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Wednesday, August 26, 2009 6:01 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: RDP Quit Working
Interesting - you must be publishing RDP through your ISA, then?
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
Ball, Dan [DBall@xxxxxxxxxxx]
Sent: Wednesday, August 26, 2009 8:19 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: RDP Quit Working
Well, the changing of the port didn't help, but I did find an obscure message
in the event log that led me through a few trails and finally to this article:
http://support.microsoft.com/kb/555382
Interestingly enough, my configuration was set to work on all adapters with the
protocol installed, but once I set it to work only on the Internal Network
adapter RDP connections started working again...
Thanks for your assistance!
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Wednesday, August 26, 2009 9:48 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: RDP Quit Working
This is typical of a failure in RDP itself; not ISA. The next place to look is
in the system and application event logs for errors RDP might be throwing.
One thing you can do is try changing the listening port to something else,
reboot, then change it back to 3389 and reboot again.
I've not heard a good explanation as to why this failure occurs, but when it
does, port assignment reset has been the remedy.
To change the port from the default, open a command window and type:
reg add "HKLM \SYSTEM\CurrentControlSet\Control\Terminal
Server\Wds\rdpwd\Tds\tcp" /v PortNumber /t REG_DWORD /d 666 /f
To change the port to the default, open a command window and type:
reg add "HKLM \SYSTEM\CurrentControlSet\Control\Terminal
Server\Wds\rdpwd\Tds\tcp" /v PortNumber /t REG_DWORD /d 3389 /f
(quotes are required)
Jim
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Ball, Dan
Sent: Wednesday, August 26, 2009 6:17 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] RDP Quit Working
This one is stumping me pretty good:
I set up a second "fresh" install of ISA 2006 SP1 on W2K3 R2, and had it
running for quite awhile while I setup the access rules (using RDP). Then, I
took the active ISA server offline, swapped the two, and RDP is no longer
working from the same computer I was using previously.
I check the logs, and here is what I get upon trying to do Remote Desktop:
Original Client IP Client Agent Authenticated Client
Service Server Name Referring Server Destination Host Name
Transport MIME Type Object Source Source Proxy
Destination Proxy Bidirectional Client Host Name
Filter Information Network Interface Raw IP Header Raw
Payload GMT Log Time Source Port Processing Time
Bytes Sent Bytes Received Result Code HTTP Status Code
Cache Information Error Information Log Record Type
Authentication Server Log Time Destination IP
Destination Port Protocol Action Rule Client
IP Client Username Source Network
Destination Network HTTP Method URL
10.20.5.18 GATEWAY
- TCP -
-
8/26/2009 12:34:03 PM 54112
0 0 0 0x0 ERROR_SUCCESS
0x0 0x0 Firewall - 8/26/2009
8:34:03 AM 10.20.1.1 3389 RDP (Terminal Services)
Initiated Connection [System] Allow remote management from selected
computers using Terminal Server 10.20.5.18
Internal Local Host - -
10.20.5.18 GATEWAY
- TCP -
-
8/26/2009 12:34:03 PM 54112
0 52 40 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN
0x0 0x0 Firewall -
8/26/2009 8:34:03 AM 10.20.1.1 3389 RDP
(Terminal Services) Closed Connection [System] Allow
remote management from selected computers using Terminal Server
10.20.5.18 Internal Local Host
- -
10.20.5.18 GATEWAY
- TCP -
-
8/26/2009 12:34:03 PM 54112
0 0 0 0x0 ERROR_SUCCESS
0x0 0x0 Firewall - 8/26/2009
8:34:03 AM 10.20.1.1 3389 RDP (Terminal Services)
Initiated Connection [System] Allow remote management from selected
computers using Terminal Server 10.20.5.18
Internal Local Host - -
10.20.5.18 GATEWAY
- TCP -
-
8/26/2009 12:34:03 PM 54112
0 52 40 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN
0x0 0x0 Firewall -
8/26/2009 8:34:03 AM 10.20.1.1 3389 RDP
(Terminal Services) Closed Connection [System] Allow
remote management from selected computers using Terminal Server
10.20.5.18 Internal Local Host
- -
10.20.5.18 GATEWAY
- TCP -
-
8/26/2009 12:34:05 PM 54046
899969 5416 2456 0x0 ERROR_SUCCESS 0x0
0x0 Firewall - 8/26/2009 8:34:05 AM
10.20.1.1 1745 Microsoft Firewall Client (TCP)
Connection Status 10.20.5.18
Internal Local Host - -
10.20.5.18 GATEWAY
- TCP -
-
8/26/2009 12:34:05 PM 54112
0 0 0 0x0 ERROR_SUCCESS
0x0 0x0 Firewall - 8/26/2009
8:34:05 AM 10.20.1.1 3389 RDP (Terminal Services)
Initiated Connection [System] Allow remote management from selected
computers using Terminal Server 10.20.5.18
Internal Local Host - -
10.20.5.18 GATEWAY
- TCP -
-
8/26/2009 12:34:05 PM 54112
0 48 40 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN
0x0 0x0 Firewall -
8/26/2009 8:34:05 AM 10.20.1.1 3389 RDP
(Terminal Services) Closed Connection [System] Allow
remote management from selected computers using Terminal Server
10.20.5.18 Internal Local Host
- -
A quick Google search shows several responses for "0x80074e21
FWX_E_ABORTIVE_SHUTDOWN", basically saying that one of the two computers has
dropped the connection (a relatively vague error). I tried a couple of the
mentioned fixes, but it is still not working.
Although I need the exercise, running back and forth between the server room
and my office makes it quite difficult to trouble-shoot problems with the ISA
server. So, I'd appreciate any help with this situation.
--------------------------------------------------
Dan Ball
Network and Systems Technician
Marquette Area Public Schools
1103 West College Avenue
Marquette, MI 49855
E-Mail: dball@xxxxxxxxxxx<UrlBlockedError.aspx>
Phone: (906)225-5779
Fax: (906)225-5377
--------------------------------------------------
Other related posts: