Remote Desktop Services – Connection Errors

KB ID 0001132

 

Below is not an exhaustive list of connection errors, it’s just a some things that have tripped me up. If you have a nasty error that you have fixed, feel free to drop me a line, send me some screenshots and the fix, and I’ll add them as well.

General Errors

Remote Desktop can’t connect to the remote computer for one of the following reasons;

1) Remote access to the server is not enabled
2)The remote computer is turned off
3)The remote computer is not available on the network

Make sure the remote computer is turned on and connected to the network, and that remote access sis enabled.

Probably the most common (and easiest to troubleshoot) of RDP errors, firstly ensure that the server is actually ‘listening’ for RDP connections, on the SERVER issue the following command;

[box]

netstat -an | find /i ":3389"

[/box]

You should see it LISTENING (Note: Below its listed twice because its listening on IPv4 and IPv6)

If its not, the the service might not even be running, Look in Services, and ensure the following services are running;

  • Remote Desktop Services
  • Remote Desktop Services UserMode Port Redirector

Make sure that RDP has been allowed on the local firewall of the RDP server, In the past I’ve seen a bug on some versions of Windows when even with the firewall disabled, things didn’t work unless RDP was allowed on the firewall settings. (I know that makes no sense, but I’ve seen it, particularly for remote VPN traffic).

Test RDP Connectivity

From a machine ON THE SAME NETWORK as the target RDP Server, firs see if you can ping the server by both IP address and hostname. (This is more for peace of mind remember the server might ot respond to pings but might be responding to RDP Traffic.

Then test that the machine you are on can get to the the RDP server on the correct port, (TCP 3389*)

[box]

Test-NetConnection {IP-Address-or-Hostname} -Port 3389
OR
Test-NetConnection {IP-Address-or-Hostname} RDP

[/box]

Providing this works, now try the SAME tests form outside you network, i.e. outside the firewall, or on a remote VPN  connection etc.

*RDP Port Note: Normally RDP is on TCP 3389, check on the server just in case someones changed the RDP listening port number. Or the firewall is expecting you to connect on another RDP Port.

Your computer can’t connect to the remote computer because an error occurred on the remote computer that you want to connect to. Contact your network administrator for assistance.

Solution for Windows 10: I struggled with this for a while, all forum posts refer to windows 7/8 and the problem was caused by a windows update (KB2592687), that needed to be removed. But I was connecting with Windows 10? This  was the resolution;

Create/Edit a 32 bit DWORD value called RDGClientTransport in your registry at;

[box]

HKCU > SOFTWARE  >Microsoft > Terminal Services Client

[/box]

Set its value to ‘1’ (one).

Also See Remote Desktop Web Access – Connection Error


Your computer can’t connect to the remote computer because your computer or device did not pass the Network Access Protection requirements set by your network administrator.Contact your network administrator for assistance.

You normally see this error if one (or more), of your Remote Desktop Role servers does not have the correct certificate installed on it, (or the certificate it does has has expired).

Server Manager > Remote Desktop Services > Collection > Task > Select your collection > Task > Edit Deployment Settings > Certificates > Check and reinstall each one as required.

Remote Desktop Gateway Errors

Your computer can’t connect to the remote computer because the Remote Desktop Gateway server address is unreachable or incorrect. Type a valid Remote Desktop Gateway server address.

Your computer can’t connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable. Try reconnecting later or contact your network administrator for assistance.

The machine trying to connect needs to be able to resolve the ‘public name’ of the Remote Desktop Gateway server. And this may not be the hostname of the server! As you can see in the image above the Gateway server name is set to rdg.smoggyninja.com. The important thing is when I ping this name, it resolves to the correct IP address, (mine responds to pings, yours probably wont if you’re connecting though a firewall.)

In some cases you need to set the public name of the the Remote Desktop Gateway server, in the servers IIS Settings. On the Gateway server > Start > Administrative Tools > Internet Information Services (IIS) Manager > {Server-name} > Sites > Default Website > RDWeb > Pages  > Application Settings > Set ‘DefaultTSGateway’ to the public name of the gateway server. Then from command line run ‘iisreset‘ to restart the web services.

Your computer can’t connect to the remote computer because the Remote Desktop Gateway server’s certificate has expired or has been revoked. Contact your network administrator for assistance.

In most cases this should be easy to fix, if you use self signed certificates make sure your CRL settings and/or OCSP settings are correct. If you use a publicly signed cert make sure your client can contact the publishers CRL (look on the properties of the certificate).

Check the Obvious: It saying the RDG cert has expired, make sure it’s in date! In the Gateway Server Launch Server Manager > Remote Desktop Services > Collections > {Collection-name} > Tasks > Edit Deployment Properties.

Certificates > RD Gateway > View Details > Is it in date?

Everything is OK? But I’m Still Getting This Error? Are you publishing the Gateway with something else like Web Application Gateway? Threat Management Gateway? Load Balancer? Look in that direction.

Also See Remote Desktop Web Access – Connection Error

Related Articles, References, Credits, or External Links

NA

28 thoughts on “Remote Desktop Services – Connection Errors

  1. Hello Pete,

    Thanks for this article.
    This registery entry fixed my error.
    I was wondering tho what this entry actually does in the background for troubleshooting reasons and because this kinda is a work arround and not fixing the cause of the issue.
    I am looking forward to your reply.

    Kind regards,

    Ralph

    • If I had to guess, I would say it allows RDP session to be sent via a gateway server (by default). In some cases you only have one RDP server, with all the roles on so, that would appear not to make sense.

  2. Thank you so much for this article!! I’ve been trying to fix this issue for weeks since I upgraded to Windows 10.

  3. Hi Peter,

    We have had the “Your computer can’t connect to the remote computer because an error occurred on the remote computer that you want to connect to. Contact your network administrator for assistance.” since windows 10 anniversary update.

    First we found solution to replace c:\windows\system32\ mstsc.exe and mstscax.dll with original non anniversary update files, witch worked fine, for a while. Until recently a new update.

    Your reg tips completly solved our problem!

    Thank your for the solution!

    I would realy like to know if there could be a soluton on the server side.

    Regards Johan

  4. Your registry solution fixed the issue. thanks.

    Can you suggest any permanent solution that can be done at server side as we need to fix this for many users? thanks in advance

  5. I am getting error while I try to connect my server by mstsc “The server name on the certificate is incorrect” in windows 10 after the feature update of 1803.

    Before the updating its working fine. Can you help me please.

  6. I have renewed by Https wildcard certificate used to access an application using Microsoft RDP. The certificate shows the renewal date correctly inside the network, but it still shows the old renewal date while accessing the RDP outside of the office. Can anyone point me in the right direction as to what I’m doing wrong. Thank you.

  7. Hi Pete, I had the same issue with a Windows 7 machine not connecting to a newly built Server 2019 gateway, I removed the KB as per your article but then was given an error to say the cert had expired (which it hadn’t)

    I then did some research what pointed towards it being an issue with TLS, I found the following fix that works a treat:

    1.apply this KB ->http://support.microsoft.com/kb/2574819

    2. apply the fix in this link -> https://support.microsoft.com/en-ca/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

    Once applied all issues were fixed.

    Thought id mention it in case any others were having the same issue.

  8. This occurred for me. I had installed a certificate on the RDG server.

    Once I browsed to the certification authority’s web site on the RDG server, then rebooted the RDG server, it started working.

    I’ve seen this before; while I had the certificate, the RDG server didn’t have all the certificate authority certificates in the hierarchy. So, when the RDP client was negotiating TLS, it was being aborted because the server wasn’t presenting it’s certification authority certificates. This TLS negotiation happens very early, before Windows does anything else. So, nothing is ever logged on the server. You’ll only see things if you enable SCHANNEL logging.

    By browsing to the certification authority’s web site, Windows add the right certificates to the local computer certificate store; the right certificates go in the right location. Then, on a reboot, RDG can gather the right certificates and present them to connecting client computers. Client computers can now connect successfully.

    • Hi Anwar, thanks for the feedback, you can probably get round this by ’embedding’ the intermediate CA cert (NOT the root CA Cert) in the RDG certificate. I have to do this for my cert on this website so you can see it in action! You can literally do that with Notepad.

  9. Hiya Pete,

    One remote user is getting the “Your computer can’t connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable.” Its a third party supplier who connects through F5, he can get in the first part via the F5 weblink to the RDP session but he receives the error when trying the second part, RDP. I can test this from various machines and it connects fine. We suspect the problem is on his machine.

    Any Ideas?

    Cheers

    L

    • If it’s one user I would agree with you, If you use his creds on one of your machines, does it work, If so Remote him onto one of ‘your’ Laptops outside the LAN and get him to try it from there. (At this point I would have tried from the laptop with his creds to ensure it works). Then you have proven the fault is either his LAN or his Laptop.

  10. Hi,

    Unable to access RD when on a private or public network, but fine when on the domain.
    I have turned the firewall off but no difference. Appears to be a registry issue but can’t see what it is.

    ‘Your computer can’t connect to the remote computer because a security package error occured in the transport layer’

    • Make sure the remote user has NO Cachhed credentials on their machine! Also I’m assuming you have TCP port 443 (HTTPS,) open to the Gateway server?

  11. Nice article. Didn’t help with my issue but still nicely done. For me I have RD Gateway and have been using it forever. Pre pandemic it was fine. Haven’t needed it for months. Now remote for a period and not working. Only change would have been Windows updates. That said, Doesn’t work Windows 7 or 10 anymore. What I have come up with:

    1. I can get to the RD Gateway server and website.
    2. I can use remote desktop apps and put the gateway in that way also and it asks for credentials and gets past them.
    3. I can get to what I assume is the server or workstation I’m trying to RDP into as it’s asking for the computer’s login and if I type it in wrong it says so and when I type it in right it “goes thru”.
    4. Then I get a message “The remote resource can’t be reached. Check your connection and try again or ask your network administrator for help”.

    Thinking the fact the credentials are validated at least seem so it’s reaching the workstation to some extent.

    • I have exactly the same behavior as JR.

      Worked perfectly for a couple of months in evaluation mode.
      Now the servers are licensed (Microsoft Server 2016) and added User CALs, it only works from inside the network.
      From internet I can connect to the RD Gateway (who offers me the RemoteApps), but when I click one, I get the message:

      RemoteApp Disconnected

      Your computer can’t connect to the remote computer because Remote Desktop gateway server is temporarily unavailable. Try connecting later or contact your network administrator for assistance.

    • I also had same symptoms as JR. Can access RD gateway and webaccess portal/website.

      In our case, we are prepping for a production cutover from RDGW1 to RDGW2. As such, we had already updated the RDGW URL in Server Manager to point to the new RDGW even though we are initially accessing the webapp portal via the old RDGW.

      The problem for us is that the DNS entry for RDGW2 was not configured in the internal zone for mycompany.com. So, when testing externally – it accesses the external/public zone and gets the IP for RDGW2. However, when testing internally, it was not able to resolve the record for RDGW2.mycompany.com and was failing with message “The remote resource can’t be reached. Check your connection and try again or ask your network administrator for help.”

    • Did you ever get this resolved? We are trying to setup a new Windows 2019 server for the sole purpose of running Quickbooks for a customer and they have a few accounting people who will need to use it remotely. But, we don’t want to give them full access to the server. We just want to publish Quickbooks as a webapp. We are testing this by publishing LibreOffice as a web app. We can get to the RDWeb page and then open the app just fine from the server itself. But, if we try to access the page from another computer on the same network or from a computer outside coming in through a dynamic DNS connection, either way we can get to the RDWeb page. But when we try to open the program, after signing in, we get “The remote resource can’t be reached. Check your connection and try again or ask your network administrator for help.”

  12. Pete you’re an f’n lifesaver. Been at this for a few days and finally stumbled on your article. Regedit fixed my end-users inability to connect!

  13. Thanks for posting it as solved my problem . the way you explained in this article is great follow the procedure.

Leave a Reply

Your email address will not be published. Required fields are marked *