Windows Target Machine Connection Issues

Important! The information provided in this section is for general Troubleshooting guidance only. The information is provided on "AS IS" basis, with no guarantee of completeness, accuracy or timeliness, and without warranty or representations of any kind, expressed or implied. In no event will CloudEndure and/or its subsidiaries and/or their employees or service providers be liable to you or anyone else for any decision made or action taken in reliance on the information provided above or for any direct, indirect, consequential, special or similar damages (including any kind of loss), even if advised of the possibility of such damages. CloudEndure is not responsible for the update, validation or support of troubleshooting information.

Note: These steps are specific to Windows Server 2008, but can be applied to all versions of Windows.

Important! These troubleshooting actions must be performed on the Source machineThe computer, physical or virtual machine that needs to be protected by replication (Disaster Recovery) or migrated (Migration) The CloudEndure Agent is installed on the Source machine.. After troubleshooting and fixing the problem, launch a new Target machineThe Machine created during Test, Cutover or Recovery..

This guide is meant to troubleshooting Target machineThe Machine created during Test, Cutover or Recovery. access after it has been successfully launched and booted. You may be unable to connect to your Windows Target machineThe Machine created during Test, Cutover or Recovery. remote computer or Remote Desktop server for various reasons. Here are the most common issues and their solutions. You can review the entire troubleshooting guide in this Microsoft Support article.

Simultaneous User Limits

You may experience connection issues due to simultaneous user limits caused by a misconfigured Group Policy or RDP-TCP properties. The following error message will appear upon login if the error is present:

Remote Desktop Disconnected.
This computer can't connect to the remote computer.
Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.

To solve this issue, first verify that Remote Desktop connection is enabled for all users:

1. Under Tasks, click Remote settings.

2. Click the Remote tab. Under Remote Desktop, Select either option depending on your security requirements:

   1. Allow connections from computers from computers running any version of Remote Desktop (less secure)

   2. Allow connections from computers only from computers running Remote Desktop with Network Level Authentication (more secure)
      

      Note: If you select Don’t allow connections to this computer on the Remote tab, no users will be able to connect remotely to this computer, even if they are members of the Remote Desktop Users group.

      
      

You can then enable and set the maximum number of connections by following these steps:

1. Start the Group Policy snap-in, open the Local Security Policy or the appropriate Group Policy

2. Navigate to the following location:
   Local Computer Policy > Computer Configuration>Administrative Templates > Windows Components > Terminal Services > Terminal Server > Connections "Limit number of connections"
   

3. Click Enabled. In the TS Maximum Connections allowed box, type the maximum number of connections you want to allow, and then click OK.

You should also ensure that the Terminal Services Configuration settings do not limit the number of connections by following these steps:

1. Click Start, click Control Panel, double-click Administrative Tools, and then double-click Terminal Services Configuration.

2. In the console tree, click Connections.

3. In the details pane, right-click the connection for which you want to specify a maximum number of sessions, and then click Properties.

4. On the Network Adapter tab, click Maximum connections, type the maximum number of sessions that can connect to the server, and then click Apply.

You can also set individual and group login permissions by configuring the Remove Desktop Users Group as described in the full Microsoft Support article.

Port Assignment Conflict

You may experience connection issues due to a port assignment conflict, as another application on the terminal server may be using the same TCP port as the Remote Desktop Protocol (RDP). The default port assigned to RDP is 3389.

To resolve this issue, determine which application is using the same port as RDP. If the port assignment for that application cannot be changed, change the port assigned to RDP by editing the registry. After editing the registry, you must restart the Terminal Services service. After you restart the Terminal Services service, you should confirm that the RDP port has been correctly changed.

You can configure Terminal Services connections through the Terminal Services Configuration tool. Determine which application is using the same port as RDP by following these steps:

Run the netstat tool to determine if the RDP port is being used by another application:

1. On the terminal server, click Start, click Run, type cmd, and then click OK.

2. At the command prompt, type netstat -a -o and then press ENTER.

3. Look for an entry for TCP port 3389 (or the assigned RDP port) with a status of Listening. This indicates another application is using this port. Copy the PID of the process or service that is running from under the PID column.

Use the PID code to determine which application is using the port through the tasklist command-line tool:

1. On the terminal server, click Start, click Run, type cmd, and then click OK.

2. Type tasklist /svc and then press ENTER.

3. Look for an entry for the PID number that is associated with the port (from the netstat output). The services or processes associated with that PID will appear on the right.

Change the port assigned to the application. If you cannot change the application’s port, you will have to change the port assigned to RDP. You can do so by following the instructions in the full Microsoft Support article.

Incorrectly Configured Authentication and Encryption Settings

You may be experiencing connection issues due to incorrectly configured settings. Use the following procedure to configure authentication and encryption for a connection:

1. On the Terminal Server, open Terminal Services Configuration. To open Terminal Services Configuration, click Start, point to Administrative Tools, point to Terminal Services, and then click Terminal Services Configuration.

2. Under Connections, right-click the name of the connection, and then click Properties.

3. In the Properties dialog box for the connection, on the General tab, in Security layer, select a security method.

4. In Encryption level, click the level that you want. You can select Low, Client Compatible, High, or FIPS Compliant.

Ensure that you review the accompanying notes in the full Microsoft Support article.

Certificate Corruption

You may be experiencing connection issues due to certificate corruptions. You will receive one of the following error messages if certificate corruption is the cause of your connection issues:

1.

Because of a security error, the client could not connect to the Terminal server. After making sure that you are logged on to the network, try connecting to the server again.

2.

Remote desktop disconnected. Because of a security error, the client could not connect to the remote computer. Verify that you are logged onto the network and then try connecting again.

You will additionally receive various event messages that you can review in the full Microsoft Support article.

To resolve this issue, back up and then remove the X509 Certificate registry keys, restart the computer, and then reactivate the Terminal Services Licensing server. To do this, follow these steps:

1. Make sure that the terminal server registry has been successfully backed up.

2. Start Registry Editor.

3. Locate and then click the following registry subkey:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM

4. On the Registry menu, click Export Registry File.

5. Type exported- Certificate in the File name box, and then click Save.
   NOTE: If you have to restore this registry subkey in the future, double-click the Exported-parameters.reg file that you saved in this step.

6. Right-click each of the following values, click Delete, and then click Yes to confirm the deletion:
   
   Certificate

   X509 Certificate

   X509 Certificate ID

   X509 Certificate2

7. Quit the Registry Editor, and then restart the server.

8. Reactivate the Terminal Services Licensing server by using the Telephone connection method in the Licensing Wizard.