Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, September 15, 2017 7:23 AM
Hi there,
We have multiple systems running Windows 10 Enterprise LTSB 2016 to which we connect using RDP. So far as I know the listener on Port 3389 gets closed randomly, so after a few days not connecting to a machine the port is sometimes closed. Unfortunately I can not reproduce this issue but it occured by my colleagues too, only on Windows 10 Enterprise LTSB 2016 machines.
I did some research and can provide these information:
- I found entries in the windows system eventlog. It's a bunch of errors which all are related to the same svchost instance which hosts CryptSvc DNSCache and TermService (<--this is for RDP). The entries say that these services "terminated unexpectedly".
- The entries mentioned above occured almost all at the same time on the same day on all machines with a variation of about 20-40 seconds (Scheduled Windows Patch? Exact time and date was 24 of August 7:52 AM CET)
- The affected machines are long-term-test machines which are up for weeks without a restart and also busy with opening HTTP/HTTPS-Sessions in Chrome and IE (Which seems related to DNSCache or CryptSvc so the TermService could just be an victim of these two).
Any suggestions how to debug this or if this behaviour is known by anybody?
Thanks in advance,
mango
All replies (6)
Tuesday, September 19, 2017 9:17 AM ✅Answered | 1 vote
Hi mango,
we can try following method:
1. Isolate the RDP service with following command and monitor the machine for some time to see if our issue would happen again.
Sc config <service name> type= own
2. If the above method does not work, please try to change a port for RDP. We can follow next steps for changing the port for RDP:
1.Start Registry Editor.
2.Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber
3.On the Edit menu, click Modify, and then click Decimal.
4.Type the new port number, and then click OK.
5.Quit Registry Editor.
6.Restart the computer.
Hope it will be helpful to you
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, September 18, 2017 10:00 AM | 1 vote
Hi,
As I understand it.
1. Our problematic Windows 10 LTSB machine is used for others to RDP to it or using the windows 10 to RDP to other machine?
2. When customer found that the listener on Port 3389 got closed, can he RDP to this machine normally? As the listener would only open when someone is trying to contact this port. It may be a normal phenomenon if the RDP is OK.
Best regards,
Carl
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, September 19, 2017 6:12 AM
Hallo Carl,
1. We use RDP to connect to the Windows 10 machines.
2. No, it was not possible to connect to these machines through RDP. I have to connect physically to the machines and restart the RDP-Service.
Regarding port 3389: In the past I could always check if RDP was availiable on a machine with doing a port scan (nmap for example) and seeing that 3389 was opened. And when I connectd physically to the affected Windows 10 machine I could see with 'netstat -a | find "3389"' that there was no listener for this port active. After Restarting the service, the listener was active and the port was open.
If needed I could provide the event logs with the mentioned windows systemlog entries.
Thanks in advance for your help,
Mangosniper
Wednesday, September 20, 2017 6:59 AM
Thanks Carl,
I managed to isolate my TermService and it runs now in its own svchost.exe. Since the issue occured only rarely in periods of some weeks I assume I have to wait now.
Greetings,
Mangosniper
Thursday, September 21, 2017 12:36 PM
Hi Mangosniper,
It's OK. I am proposing previous helpful replies as "Answered". Please feel free to try it and let me know the result. If the reply is helpful, please remember to mark it as answer which can help other community members who have same questions and find the helpful reply quickly.
Best regards,
Carl
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, October 4, 2017 2:04 PM
Hi Carl,
it happend again today.
Good News: It actually worked. All other Windows 10 machines are not availiable anymore through RDP, whereas the one where I used your workaround is still availiable.
Bad News: I probably know the origin of the problem. Our machines are configured to install windows updates but to never reboot since it is required that they run 24/7 (It´s achieved with this https://winaero.com/blog/how-to-permanently-stop-windows-10-reboots-after-installing-updates/). If the problem occurs and we restart the machine it starts to install windows updates. So we assume that some actions of the windows update process in the background affect the behaviour of the services and without the restart the services crashes after a while.
It seems now we have to find a solution to achive windows security updates without restart or to somehow add a possibility to restart our machines without loosing the 24/7 availiability aspect, maybe with redundancy.
So far, thanks for your help, if you have and idea for me to solve the now resulting problem, as always, I would be very glad ;)