This content is part of the Essential Guide: Troubleshooting tips for VDI deployments
Get started Bring yourself up to speed with our introductory content.

Top five remote desktop connection problems and how to prevent them

When the connection between a desktop and its host fails, it's time to do some remote desktop troubleshooting. Check firewalls, security certificates and more if a remote desktop is not working.

Remote desktop connectivity is usually reliable, but things can -- and sometimes do -- go wrong.

There are five common remote desktop connection problems that come up: network failure, firewall problems, Secure Sockets Layer (SSL) certificate issues, authentication and capacity limitations. You can prevent and solve these problems easily with a few pointers on remote desktop troubleshooting.

Network failure

One of the most common remote desktop issues is a failure of the underlying network. To check for connectivity, try plugging a laptop into the network port from which the user is trying to connect, and then use the Ping or Tracert command to see if it's connected to the host server or connection broker. Keep in mind that testing remote desktop connectivity this way will only work if you allow ICMP packets through your network firewalls.

If the problematic user is connecting remotely through a virtual private network (VPN) or Terminal Services Gateway, the remote desktop might not be working because of a problem with the user's machine, the VPN or gateway, or your remote desktop infrastructure. With these types of remote desktop issues, you'll have to use process of elimination to diagnose the problem. For example, try connecting to the VPN using a properly configured client computer and a reliable user account to see if you can establish remote desktop connectivity.

Firewall problems

It's easy to dismiss the notion that a firewall could contribute to a remote desktop not working, but it's actually quite common. To avoid problems with the firewall, ensure that the port your remote desktop software uses is open on all firewalls between the client computers and the server they connect to.

You may need to configure multiple firewalls. For example, the client and the server may both run the Windows Firewall, or there may be multiple hardware firewalls between the two systems. Plus, the port number that should be open on the firewalls differs from one virtual desktop infrastructure (VDI) product to the next. Remote Desktop Protocol-based tools use port 3389 by default.

SSL certificate issues

You can prevent and solve these problems easily with a few pointers on remote desktop troubleshooting.

Security certificates can also cause remote desktop connectivity problems. Many VDI products use SSL encryption for users who access VDI sessions outside the network perimeter. But SSL encryption requires the use of certificates, which creates two problems that can cause a remote desktop to not work.

First, if the remote desktops are going to connect properly, client computers must trust the certificate authority that issued the certificate. This isn't usually a problem for organizations that purchase certificates from large, well-known authorities, but clients won't always trust certificates that an organization generates in-house. Use a reliable certificate authority to ensure that clients establish remote desktop connectivity.

The client must also be able to verify the certificate that the server is using. The verification process can break down if the certificate has expired, or if the name on the certificate doesn't match the name of the server that's using it, so make sure your certificates are up to date.

Network-level authentication

In Windows Server 2008 R2, Microsoft's Remote Desktop Services is designed to use a security feature called Network Level Authentication. The basic idea is that the session host must authenticate the user before it can create a session. Not only does network-level authentication improve security, but it also helps decrease the number of VDI resources the session uses.

Network-level authentication can prevent remote desktop connection problems later in the session, but not all remote desktop clients support it. If you use Microsoft clients, you can determine whether they support network-level authentication by clicking the feature's icon in the upper left corner of the Remote Desktop Connection menu and choosing About from the resulting menu. The client will explicitly state if it supports Microsoft's Network Level Authentication.

If you don't see the message that your client supports it, you can either upgrade the client component or disable the requirement for network-level authentication on your VDI servers. Keep in mind that Network Level Authentication is also sometimes enabled through Group Policy settings.

Capacity exceeded

Finally, you could experience remote desktop connectivity issues if you exceed the infrastructure's capacity. One thing that might cause remote desktops to not be working properly is if you've run out of virtual desktops or VDI licenses. Some VDI implementations also refuse client connections if the server is too busy or if launching another virtual desktop session would weaken the performance of existing sessions.

You can prevent most of these connection problems with just a little preplanning, and good remote desktop troubleshooting skills help when other issues come up. Make sure your SSL certificates are updated, configure firewalls correctly and keep an eye on your VDI capacity.

Next Steps

Evaluating remote desktop connection brokers

Remote Desktop Connection tool resolves Vista and XP snafu

The basics of Remote Desktop Services: The connection broker

Enterprises of all sizes experiencing challenges in remote working

This was last published in February 2012

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What other problems have you noticed cause remote desktop connections to break? Do you have any remote desktop troubleshooting tips?
If a person is facing problem to take remote telling "no log on server to login" then how to resolve this problem. please share the tips and knowledge to solve the above problem.
To resolve this problem:

  • Allow WINS dynamic registration.

    This ensures that Domain Controllers register their DOMAIN<1C> NetBIOS names with the WINS Server.
  • Make certain that WINS database replication is successful between WINS Servers. Missing database entries for domain names may indicate Problems with the WINS Servers and replication.
To work around this problem:

NOTE: Microsoft does not recommend using static mappings in the WINS database for WINS enabled computers.

  1. Run the WINS Administration Utility to add static mappings for the Domain<1C> registrations (of the trusted domain) that are not listed in the WINS database:

    Name: Master DOMAIN Name
    IP Address: Address of the Primary Domain Controller (PDC) of the
    Type: Domain Name

If you are logged on as an administrator at a Domain Controller, remote administration works now successfully. If you are attempting to remotely administer the domain while logged on to a Server (not a domain controller) or Windows NT Workstation, you must add DOMAIN<1C> entries for both the trusted and trusting domains.
Could use a lot more detail than this article provides.

my computer says "the referenced account is currently locked out and may not be logged on to".  why does this happen

Change your password and try! Go to credential manager and delete the generic credentials, you will be good to go!
I've verified that none of the five problems you've brought up are an issue.  The closest one was about a week ago I started getting Certificate Not Verified notices.  But I was able to log on anyhow until last Friday, when it just shut me out.  My boss can get in so it's not 2 or 3 on the Remote Desktop Connection dialog.  So it's something on my client.  I took the registry back to the default and erased the rdp's.  But it's still locking me out.
When I access the remote desktop from my windows 10 surface book, the desktop is so tiny I can hardly read it.  I tried changing the resolution, and that helps a little.  Are there any other solutions?
I have laptop installed Remote desktop at home. It works fine over there but when I connect from my office to home it doesn't work from there (Just installed VPN and its working). How do I connect without VPN to my house?
I RDP into my computer at work from home. It connects fine. I do whatever I need to do at home. I disconnect from RDP. Next day I go into the office. My Windows 7 machine is stuck (no W7 login box). Only thing I can do is cold reboot. It happens 10 out of 10 times. Help please.
In windows server 2008r2, our company using static IP and created users for rdp, since they are working from last  two years ,  now the server is facing some problem with rdp connecting from client to server, if i connect via rdp server is freezing and client computer showing blank screen, please suggest me for resolving this problem.

This is the showing on screen please solve the issue: An authentication error has occurred the function request is not supported. This could be due to CredSSP.