Troubleshooting RDP Failures by Sam C. Chan

June 23, 2014

In order for a PC/device to successfully connect to a remote PC via Remote Desktop Connection (aka RDP), all layers of prerequisites must be met on both sides.


  • RDP Host: The target PC* being connected into & controlled
  • RDP Client: The source PC/device used to initiate the connection into the host
* non-PC device as RDP host is currently not supported

Legend: Items in grey below are considered advanced. SOHO users with consumer-style setup can safely skip over them, presuming that they're either not applicable, or still at factory defaults: untouched and uncorrupted.

RDP Host prerequisites:

  • OS-level issues
    • running Pro/Enterprise/Ultimate editions OS
    • TS/RDP service installed, enabled & started
    • "allow" remote desktop connections
  • TCP/IP plumbing issues
    • Perimeter Firewall
      • in-bound custom port fwd in effect?
      • MAC address filters
      • IP address filters
      • schedule-based blocking
    • host-based firewalls <<<<< multiple! cascaded!
      • network zone (domain/private/public/home, which determines "scope")
      • WF exception TCP 3389 IN: allowed & enabled?
      • SEP application rules & firewall rules?
    • WAN-based socket establishment
      • current public IP address
      • Dynamic DNS name & associated "updating client"
      • NAT/PAT port fwd/trigger issues
      • private IP address (static/reserved/random)
    • LAN-based name services
      • NETBIOS name & resolution
        • SMB computer browser
      • your local DNS Server records & policies
      • DNS caching & TTL issues (all layers)
  • RDP program-specific settings
    • authentication & profile issues
      • Windows account with non-blank password
        • domain controller reachability (if applicable)
      • "remote desktop users" localgroup membership
      • Network-Level Authentication (NLA) requirements
      • account/password expiration (forcing console session to change)
      • Saved Credentials:
        • NAT/PAT is flawed
        • insurmountable conflict for multiple entries
        • no provision for multiple identities at any given host
        • must resort to "edit" / "remove from vault"
      • local Group Policy (gpedit.msc)
      • domain Group Policy
    • RDP protocol version end-to-end compatibility
    • custom RDP port setting?
    • advanced concurrent RDP issues (some are app-specific)
  • power-related issues
    • in sleep mode? 
      • adjust power saving settings when on AC power
      • wake-up hanging issues? update NIC drivers
      • implement WOL
    • user turned off?
    • had power outage,  BIOS power-resume default?

RDP Client Prerequisites:

  • TCP/IP plumbing issues
    • perimeter firewall issues
      • might not be within your jurisdiction (e.g. at a hotel)
      • outbound port filters (e.g. restricted to only 80 & 443)
    • client host WF in default out-bound blacklist mode?
    • SEP (or other 3rd-party AV program) in default out-bound blacklist mode?
      • if whitelist, then add rule for exact outbound custom port, for mstsc.exe
    • DNS caching issues (at all layers)
  • RDP program-specific issues
    • RDP client version compatibility
    • RDP client device app implementation compatibility (Android only)
    • Network-Level Authentication suite installed & running?
    • cached credential issues (clear/edit via Credential Manager)
    • exact correct credentials used?   (use XXX\yyy & avoid numeric keypad)




Copyright @2005-2006   Bravo Technology Center  *  Bravo:GO  *  Contact Us