Thứ Năm, 31 tháng 10, 2024

Fix lỗi remote desktop

 

https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/rdp-error-general-troubleshooting#check-whether-a-group-policy-object-gpo-is-blocking-rdp-on-a-local-computer




Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections
Allow users to connect remotely by using Remote Desktop Services      Enabled

Check the status of the RDP protocol on a local computer

Check the status of the RDP protocol on a remote computer

To check and change the status of the RDP protocol on a remote computer, use a network registry connection:

  1. First, go to the Start menu, then select Run. In the text box that appears, enter regedt32.

  2. In the Registry Editor, select File, then select Connect Network Registry.

  3. In the Select Computer dialog box, enter the name of the remote computer, select Check Names, and then select OK.

  4. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server and to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services.

    Screenshot of the Registry Editor showing the fDenyTSConnections entry.

    • If the value of the fDenyTSConnections key is 0, then RDP is enabled.
    • If the value of the fDenyTSConnections key is 1, then RDP is disabled.

  5. To enable RDP, change the value of fDenyTSConnections from 1 to 0

Check whether a Group Policy Object (GPO) is blocking RDP on a local computer

gpresult /H c:\gpresult.html
Check whether a GPO is blocking RDP on a remote computer
gpresult /S <computer name> /H c:\gpresult-<computer name>.html
Modifying a blocking GPO
To modify the blocking policy, use one of the following methods:


    

  • In GPE, access the appropriate level of GPO (such as local or domain), and navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections > Allow users to connect remotely by using Remote Desktop Services.

      

    1. Set the policy to either Enabled or Not configured.
      2. 

    2. On the affected computers, open a command prompt window as an administrator, and run the gpupdate /force command.
      3. 

    

    • 

  • In GPM, navigate to the organizational unit (OU) in which the 
blocking policy is applied to the affected computers and delete the 
policy from the OU.
Check the status of the RDP services
On both the local (client) computer and the remote (target) computer, the following services should be running:


    

  • Remote Desktop Services (TermService)
    • 

  • Remote Desktop Services UserMode Port Redirector (UmRdpService)

Check that the RDP listener is functioning
To connect to a remote computer, run the following cmdlet:


PowerShell
		
  • Enter-PSSession -ComputerName <computer name>

    

    • 

  • Enter qwinsta.
    

    
Screenshot of the qwinsta command that lists the processes listening on the computer's ports.


    

    • 

  • If the list includes rdp-tcp with a status of Listen, the RDP listener is working. Proceed to Check the RDP listener port. Otherwise, continue at step 4.
    

    • 

  • Export the RDP listener configuration from a working computer.
    

      

    1. Sign in to a computer that has the same operating system version 
as the affected computer has, and access that computer's registry (for 
example, by using Registry Editor).
      

      2. 

    2. Navigate to the following registry entry:
      

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
      

      3. 

    3. Export the entry to a .reg file. For example, in Registry Editor, right-click the entry, select Export, and then enter a filename for the exported settings.
      

      4. 

    4. Copy the exported .reg file to the affected computer.
      

      5. 

    

    • 

  • To import the RDP listener configuration, open a PowerShell 
window that has administrative permissions on the affected computer (or 
open the PowerShell window and connect to the affected computer 
remotely).
    

      

    1. To back up the existing registry entry, enter the following cmdlet:
      

      PowerShell
		
  • cmd /c 'reg export "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-tcp" C:\Rdp-tcp-backup.reg'

    

    • 

  • To remove the existing registry entry, enter the following cmdlets:
    

    PowerShell
		
  • Remove-Item -path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-tcp' -Recurse -Force

    

    • 

  • To import the new registry entry and then restart the service, enter the following cmdlets:
    

    PowerShell
		
    1. cmd /c 'regedit /s c:\<filename>.reg'
Restart-Service TermService -Force

      

      Replace <filename> with the name of the exported .reg file.
    2. Test the configuration by trying the remote desktop connection again. If you still can't connect, restart the affected computer.
  • 

    • 

  • If you still can't connect, check the status of the RDP self-signed certificate.



    • Người đăng: vào lúc

    Không có nhận xét nào:

    Đăng nhận xét

    Đăng ký: Đăng Nhận xét (Atom)