Last Friday, we could not Remote Desktop into one of our in-house production servers. The server was running fine (I was able to connect through the SSMS, and verify the desired services were running by connecting to the server using Computer Management and connecting to remote computer), and so was the SQL Server/Agent jobs, etc, etc. However, still no RDP. On Fridays, I check if there is disk space available for weekly full backups, move the delete the old verified backups (I use Idera SQLSafe to verify if the backups will restore), and make sure that there is enough space for both backups and logs. Granted, I am a sysadmin on the box, and I can create shares to folders of my choice by going to computer management, and connecting to the remote computer. However, not being able to remote into it was freaking me out.

Our company had deployed Microsoft’s System Center Operations Manager recently, and few people had problems with remote desktop. I also learned that the server was re-started previous night after applying some updates. As far as I have been told, System Center Operations Manager uses the RPC service to get information about individual computer/workstations/servers, in order to make the IT deployments easier. This was causing issues where we constantly had to kill port 3389 locally in our computers in order to RDP into other computers. My first thought was that System Center Operation Manager was causing the issue. However, after exploring a few computers, I realized that it was actually installed a few months ago, and it could not have been the cause as the same application was installed in all of our in-house servers.

The curiosity was really killing the cat there. I checked if the RPC/Remote Desktop Configuration Service was running on the computer. Going further, I decided to see if the RDP port was open and was in listening mode. So I downloaded Sysinternals suite. If you haven’t checked out this tool, please do so. It is a very handy tool.

So, I can a command like this:

psexec \\SERVER netstat -a

I was able to verify that the RDP port was open. That means I must be able to RDP. But, not yet!!

Going further, I wanted to check if anyone else is connected via RDP. A basic command looks something like this:

query user /SERVER:ServerName

This also showed that there was no session. I still had no clue on what might have happened. After reading through some posts on serverfault.com, I found that Win 2003 servers tend to show this kind of behavior when the restart command is not properly issued. So, I went through the event logs for the computer trying to locate whether the computer was actually re-started or not. I was told that the computer was re-started at around midnight, and there was nothing in the even log except a few service errors past 12.03 a.m. That did not help much. So, running the following command helped find out when the computer was last successfully re-started:

systeminfo /s ServerName | find “System Boot Time”

Turns out, the server never successfully restarted and the RDP port stopped responding. It likely happened because whoever restarted the computer was not using the admin connection to RDP.

Hope this post helps solve the mystery if anyone else has similar situation. Thanks.