1

I've read that on Windows Server 2008, raising the DFL can cause XP and Linux/rdesktop clients to not be able to connect, but only if Network Level Authentication is enabled. However, we're only on Windows Server 2003 SP2, which doesn't even have the option to enable NLA, IIRC. So I thought we'd be safe.

I went and upgraded our DFL to Windows Server 2003, and now I can't log in via remote desktop. The error message, which appears almost immediately after clicking, is:

---------------------------
Remote Desktop Connection
---------------------------
This computer can't connect to the remote computer.

Try connecting again. If the problem continues, contact the owner
of the remote computer or your network administrator.
---------------------------
OK   Help   
---------------------------

Is this a coincidence, or did the DFL raise break RDP? (I didn't see any warning about this in the documentation.)

Kev
  • 964
  • 4
  • 23
  • 46
  • I tried installing Terminal Services 7.0 client on XPSP3 and it still says it can't connect to the server. (This isn't a networking issue--I can connect to the same server on other ports for other services no problem, and I haven't changed any port-related settings lately.) – Kev Nov 30 '10 at 16:59

1 Answers1

1

I don't believe that action alone would cause this. Were there any domain controller changes to go along with it? I'm suspecting that a group policy was set to require NLA or something like that. Can you telnet to the RDC port (3389)? Firewall blocking it now? Do you have NLA enabled for your XP clients?

NLA for XP SP3

sinping
  • 2,055
  • 14
  • 12
  • 1
    I agree; I'm running Win2k3 AD in "native mode", and RDP works fine from XP clients. – Simon Catlin Nov 30 '10 at 18:35
  • I changed the policy a few days ago regarding NTLM v1 to limit it to NTLM v2, but that was several restarts ago, and RDP had been working since then. Telnet connects successfully, but then immediately says, `Escape character is '^]'. Connection closed by foreign host.` Firewall is not blocking it and hasn't been, and it can't be connected to from within the firewall by XPSP3 RDP clients either. I'll have to check up on your link, thanks for the lead! – Kev Nov 30 '10 at 19:22
  • Thanks for the idea. I tried the instructions from MS' site, but after the restart, it still didn't work (they do only mention Vista and 2k8, after all.) Also, I tried it from a Windows 7 client just now and got the same message, which I've added to the question. Hmm... – Kev Nov 30 '10 at 19:47
  • Any other ideas? – Kev Nov 30 '10 at 20:15
  • I guess Simon actually answered the question, more or less. I'll open a new question and accept that raising doesn't (at the very least) *necessarily* cause this to happen. – Kev Dec 01 '10 at 01:10
  • For anyone finding this page in the future, the solution was restarting the service. It must not have initialized properly. – sinping Dec 01 '10 at 04:45