Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > uk.comp.misc > #2637

Re: Remote desktop Protocol issue.

From David <wibble@btinternet.com>
Newsgroups uk.comp.homebuilt, comp.misc, uk.comp.misc
Subject Re: Remote desktop Protocol issue.
Date 2023-03-05 15:28 +0000
Message-ID <k6jqoiFkbs4U24@mid.individual.net> (permalink)
References (4 earlier) <k6a7tsFe3snU1@mid.individual.net> <slrnu01ih8.9it.fos@ma.sdf.org> <ttseko$1hk7$1@news.cyber23.de> <ttsfih$1hk7$2@news.cyber23.de> <ttsfpj$1hk6$1@news.cyber23.de>

Cross-posted to 3 groups.

Show all headers | View raw

On Fri, 03 Mar 2023 09:48:36 +0000, SH wrote:

> On 03/03/2023 09:44, SH wrote:
>> On 03/03/2023 09:28, SH wrote:
>>>
>>>> before using ssh or telnt to connect to the RDP port, use the netstat
>>>> command from a command prompt to determine if RDP is actually
>>>> listening on the port.
>>>>
>>>> netstat /?
>>>>
>>>>
>>>
>>> Well I used Netstat -anb on PC's A, B and C and looking for the port
>>> 3389 which is used by RDP.
>>>
>>> RDP is provided by the process TermService hence why I added the b
>>> option as that will show the process name.
>>>
>>> I then copied the results into Notepad and used ctrl F to look for
>>> 3389 and for TermService
>>>
>>> I confirm that ALL 3 PCs have RDP enabled with NO NLA and also Remote
>>> Assistant is enabled.
>>>
>>>
>>> My main PC gives:
>>>
>>> C:\Windows\system32>netstat -anb
>>>
>>> Active Connections
>>>
>>>    Proto  Local Address          Foreign Address        State TCP   
>>>    0.0.0.0:3389           0.0.0.0:0              LISTENING
>>>    TermService TCP    [::]:3389              [::]:0                
>>>    LISTENING TermService UDP    0.0.0.0:3389           *:*
>>>    TermService
>>>
>>>    UDP    [::]:3389              *:*
>>>    TermService
>>>
>>> I can RDP into or out of this PC except to the win 7 box:
>>>
>>>
>>>
>>> PC B gives:
>>>
>>> C:\WINDOWS\system32>netstat -anb
>>>
>>> Active Connections
>>>
>>> Proto Local Address Foreign Address State
>>>
>>> TCP 192.168.0.233:3389 192.168.0.133:61743 ESTABLISHED TermService
>>>
>>> TCP [::]:3389 [::]:0 LISTENING TermService
>>>
>>> UDP 0.0.0.0:3389 *:*
>>> TermService
>>>
>>> UDP [::]:3389 *:*
>>> TermService
>>>
>>> This one I can RDP into our out of except to the Win 7 box.
>>>
>>>
>>>
>>>
>>> Now to the problematic Win7 box:
>>>
>>> C:\Windows\system32>netstat -anb
>>>
>>> Active Connections
>>>
>>>    Proto  Local Address          Foreign Address        State
>>>
>>>    TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING
>>>    CryptSvc
>>>
>>>    TCP    [::]:3389              [::]:0                 LISTENING
>>>    CryptSvc
>>>
>>>
>>> Now this PC can RDP into any of the Win 10 boxes but none of the other
>>> PCs can RDP into this specific win7 machine.
>>>
>>> I then went into task manager on the Win7 box to see if TermService is
>>> actually running:
>>>
>>> It is NOT listed so I assume its been unable to start due to port 3389
>>> not being available or that CryptSvc is the win7 service that provides
>>> RDP (assumimng TermService was not available for Win7?)
>>>
>>> So this machine has only two 3389 ports open whereas the other PC's
>>> have 4 off 3389 ports listed
>>>
>>> AND
>>>
>>> CryptSvc is using port 3389 and no TermService is actually running
>>>
>>> So what is CryptSvc?
>>>
>>> I then looked for CryptSvc on the other 2 win10 boxes in the netstat
>>> -anb results and there is no CryptSvc listed.
>>>
>>> I assume my next step is to disable cryptSvc and then hopefully
>>> TermService can take over Port 3389?
>>>
>>>
>> 
>> 
>> P.S. on a hunch, I rdp'ed into a win10 box from the Win7 box and did a
>> netstat -anb as I knew the IP address and port no of teh win10 box...
>> 
>> 
>> The result is
>> 
>> TCP   192.168.0.110:49213    192.168.0.233:3389   ESTABLISHED mstsc.exe
>> 
>> so it seems the win7 box is using port 49213 and the process mstsc.exe
>> for RDP?
>> 
>> 
>> 
>> 
> 
> and mstsc.exe only starts up when launching a RDP session FROM the Win7
> box....
> 
> As soon as I close the RDP connection, mstsc.exe closes dwon so that
> implies I still would not be able to RDP into the win7 box unless that
> mstsc.exe is actually running on the Win7 box as a background service?

Quick note on standard ports:

A standard port is normally a known fixed port a process can call into to 
start a session.
A listener is always watching that port.
As far as I recall there is then a negotiation between caller and receiver 
which can result in a new port being opened and used for the length of the 
session.
This port number for the session (and potentially the process attached to 
it) does not necessarily reflect the ID of the initial listener.

This also allows a single port to accept incoming calls for a number of 
different protocols, instead of needing one port for each.

It is a while since I actively looked at this though.

HTH


Dave R


-- 
AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 7 Pro x64

Back to uk.comp.misc | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Remote desktop Protocol issue. SH <i.love@spam.com> - 2023-02-27 23:18 +0000
  Re: Remote desktop Protocol issue. "Jeff Gaines" <jgnewsid@outlook.com> - 2023-02-28 08:39 +0000
  Re: Remote desktop Protocol issue. Adrian Caspersz <email@here.invalid> - 2023-02-28 10:24 +0000
    Re: Remote desktop Protocol issue. SH <i.love@spam.me> - 2023-02-28 18:55 +0000
      Re: Remote desktop Protocol issue. SH <i.love@spam.com> - 2023-03-01 18:22 +0000
        Re: Remote desktop Protocol issue. Sylvia Else <sylvia@email.invalid> - 2023-03-02 11:11 +1100
          Re: Remote desktop Protocol issue. fos@sdf.org - 2023-03-02 16:09 +0000
            Re: Remote desktop Protocol issue. Sylvia Else <sylvia@email.invalid> - 2023-03-03 11:57 +1100
            Re: Remote desktop Protocol issue. SH <i.love@spam.me> - 2023-03-03 09:28 +0000
              Re: Remote desktop Protocol issue. SH <i.love@spam.me> - 2023-03-03 09:44 +0000
                Re: Remote desktop Protocol issue. SH <i.love@spam.me> - 2023-03-03 09:48 +0000
                Re: Remote desktop Protocol issue. Sylvia Else <sylvia@email.invalid> - 2023-03-03 22:57 +1100
                Re: Remote desktop Protocol issue. David <wibble@btinternet.com> - 2023-03-05 15:28 +0000
                Re: Remote desktop Protocol issue. Dan Purgert <dan@djph.net> - 2023-03-03 10:24 +0000
              Re: Remote desktop Protocol issue. Bruce Horrocks <07.013@scorecrow.com> - 2023-03-04 12:39 +0000
      Re: Remote desktop Protocol issue. Adrian Caspersz <email@here.invalid> - 2023-03-02 07:55 +0000
  Re: Remote desktop Protocol issue. Raj Kundra <raj@kundracomputers.co.uk> - 2023-03-02 13:34 +0000
  Re: Remote desktop Protocol issue. scott@alfter.diespammersdie.us - 2023-03-03 18:00 +0000

csiph-web