Howto: Enable Remote Desktop on a Windows 2008 Server Core System


Windows 2008 Server Core uses the SCregEdit.wsf script found in C:\Windows\System32 to configure Terminal Services (TS) behavior. TS is the method of remote controlling your Server Core system through Remote Desktop (RDP).

To view the current Terminal Server settings for Vista/Windows 2008 clients, at the server command prompt type:

c:\windows\system32\scregedit.wsf /AR /v

The following values correspond to the response generated by the scregedit.wsf script.

1 = Terminal Services Disabled (remote access disabled)

0 = Terminal Services Enabled (remote access enabled)

To enable Terminal Services access from Vista/Windows 2008, at the server command prompt type:

c:\windows\system32\scregedit.wsf /AR 0

To disable Terminal Services access from Vista/Windows 2008, at the server command prompt type:

c:\windows\system32\scregedit.wsf /AR 1

Note:

The /AR setting applies to Windows Vista/2008 machines. If you want to allow Terminal Services connections to the Windows 2008 server from Windows XP machines, you have to use the /CS switch.

To view the current Terminal Server settings for Windows XP clients, at the server command prompt type:

c:\windows\system32\scregedit.wsf /AR /v

To enable Terminal Services access from Windows XP, at the server command prompt type:

c:\windows\system32\scregedit.wsf /CS 0

To disable Terminal Services access from Windows XP, at the server command prompt type:

c:\windows\system32\scregedit.wsf /CS 1

You could also edit the registry directly to enable Terminal Services using the same registry entry I wrote about when describing how to enable remote access for Windows XP machines remotely.

Finally you will need to create a hole in your server’s Windows Firewall for inbound RDP traffic on port 3389. KB 947709 details how to use the netsh advfirewall firewall command to configure the firewall in several different ways. I suggest running the following at the server command prompt:

netsh advfirewall firewall set rule group=”remote desktop” new enable=yes

Howto: Log Connections to Specific Ports and Processes on Windows Machines


A client asked me for a report that showed who connected to his server on port 3389 via RDP, Microsoft’s Remote Desktop Protocol . Apparently some of his techs had been connecting to his servers through the Microsoft Remote Desktop Connection (RDC) to perform maintenance, and he wanted to know when they connected to the server and where they connected from.

I figured I could enable RDC logging through a registry hack, but couldn’t find a documented solution anywhere. Finally I found a few tools available from Microsoft that I could use to do the job.

The first tool I used was the Microsoft Port Reporter utility. This program installs as a service on Windows XP and Server 2003. It does generate a large amount of log files, so make sure to configure the log file location on a drive with plenty of free disk space per KB 837243, which has detailed installation and usage instructions.

The Port Reporter service is initially set to manual startup, so you’ll have to start it yourself in services.msc. Once the service is running, three detailed log files are created. These files can generate an overwhelming amount of information, so to help you decipher all the data Microsoft released the Port Reporter Parser Tool.

The Port Reporter Parser Tool turns the log file data into a sortable spreadsheet. You can sort and filter the sheet based upon factors such as date, time, local and remote IP and port, Process ID, account name, etc. See KB 884289 for specifics on analyzing logs and tracking suspicious data. You can do so many things with Port Reporter that Microsoft even created a support webcast for the utility. See KB 840832 for more information.

Once I had my Port Reporter log file loaded into Port Reporter Parser, I filtered my data to show only rows where the connection to the local port was made on TCP port 3389. Port Reporter Parser made me a nice report showing all data regarding RDP connections to the server.

My only complaint with Port Reporter Parser is I couldn’t save my filtered queries or export them to a .csv or similar format.

Microsoft also has some related tools to Port Reporter -PortQry and PortQuery UI. See KB 832919 for instructions on using PortQry. Other applicable KB articles include:

KB 310456 – How to Use Portqry to Troubleshoot Active Directory Connectivity Issues

KB 310298 – How to Use Portqry.exe to Troubleshoot Microsoft Exchange Server Connectivity Issues

KB 325494 – Support WebCast: Port Scanning Using PortQry

KB 890381 – TechNet Support WebCast: TCP/IP port and process auditing

Solved: “The connection has been lost. Attempting to reconnect to your session…” when attempting to access a Windows 2003 server from a Windows Vista Remote Desktop Session


“The connection has been lost. Attempting to reconnect to your session…” had almost made me scrap Vista on my home PC. Ever since my hard drive died and I committed to Vista, I’ve received this error message when attempting to access my Windows 2003 SBS Server. I’ve had no problems accessing Windows XP based machines, but I experienced the exact same issue using Terminals from this machine.

I was sick of having to break out my XP laptop to administer my work network from home, so I decided today was the day to fix this problem. I searched and Googled and read the entire Vista Remote Desktop Connection Authentication FAQ, but did not find the answer.

I hoped setting the AuthenticationLevelOverride registry key would do it, but that didn’t make a difference.

Finally, when I thought all hope was lost (and dinner was on the table), I came across this post, which said to run the following from an elevated command prompt:

netsh interface tcp set global autotuninglevel=disabled

This disabled Vista’s TCP/IP autotuning feature. I didn’t even have to reboot, Remote Desktop has worked great ever since I made this change. No more problems, not even once.

If for some reason you want to re-enable TCP/IP auto tuning, the command is:

netsh interface tcp set global autotuninglevel=normal

Check out my other post concerning problems with Vista’s auto tuning and Microsoft Outlook 2007′s cached mode.

Follow

Get every new post delivered to your Inbox.

Join 32 other followers