windows server 2003 remote desktop

By xcabal12 ·
we are have this strange problem with our windows server 2003 and remote desktoping in to it from the outside, it work fine for 3,4 days and then starts taking for forever to load the dell background without even show the login options before is kicks the connection out later it just starts locking up and then finally just never connects to the server, to solve it requires a server restart. i cant find anything wrong in the logs in the server and our router/firewall is just reporting dropped connections and i cant figure out whats going on or causing the problem, the router is set to allow the rdp so that not the issue,

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Monitor ports

by gdeangelis In reply to windows server 2003 remot ...

Have you tried netstat or to show ports in use? Also not sure what firewall you have or if you have access to it, but if your firewall has software to monitor like Cisco asdm, you could use that with both inside and outside addresses for the server and see if there is a DOS or something else going on. Maybe it's a virus or malware going out. I know you mentioned logs before, so if you were referring to the firewall, I apologize for the repetition. The real time GUI can be a big help. If nothing else you can rule out traffic from the outside, and you can let it run for a while to capture what's going on before the crash, so to speak.

Collapse -

Reponse To Answer

by xcabal12 In reply to Monitor ports

i will try that Monday and i will run a virus scan on all the computers as well, i have already started the routers monitoring as well as packet capture so hopefully i will be able to resolve this issue

Collapse -

Good suggestions...

by Rob Kuhn In reply to windows server 2003 remot ...

Everyone who has replied have left some good basic suggestions to check out.

Since it sounds as if you have the RDP port open in your firewall, I would close that port immediately and put up some sort of VPN. As mentioned, the Microsoft RAS/PPTP is easy and can be setup fairly quickly.

Even if this doesn't clear up the problem, you would have at least secured, IMHO, a major security hole! :)

What is this server's role? In other words why do people RDP to it? Knowing the role of the server may help us isolate the problem even more.

Collapse -

Reponse To Answer

by robo_dev In reply to Good suggestions...

Indeed, there are brute force hacking tools like Tsgrinder and tscrack that can cause exactly the symptoms you describe.

Since it does not log more than three failed connection attempts, tsgrinder attempts two connections, then resets, two again, then resets.

Tsgrinder brute forces the administrator account, since it cannot be locked out for local logons. The TS logon process uses an encrypted channel so it cannot typically be spotted by an IDS system.

I would bet if you logged the IPs of inbound connection attempts you will see LOTS of attempts per second.

If nothing else, use some port other than 3389. Security through obscurity is better than no security

Collapse -


by xcabal12 In reply to windows server 2003 remot ...

i have set up an external monitor setup to find out where the issue is. i have changed the ports for rdp, hopefully i will find out where the problem is.
i will post update once i have enough information.

Related Discussions

Related Forums