This content is part of the Essential Guide: Troubleshooting tips for VDI deployments
Get started Bring yourself up to speed with our introductory content.

How to fix 8 common remote desktop connection problems

When the connection between a desktop and its host fails, it's time to do some remote desktop troubleshooting. Check firewalls, security certificates and more if a remote desktop is not working.

Remote desktop connectivity is usually reliable, but things can -- and sometimes do -- go wrong.

There are many remote desktop connection problems that administrators may encounter, including network failure, Secure Sockets Layer certificate issues, authentication troubles and capacity limitations. As a virtual desktop admin, you can prevent and solve these problems using the following pointers on remote desktop troubleshooting.

Network failure

A lack of a valid communications path can prevent a client from connecting to a remote desktop session. The easiest way to diagnose this issue is through the process of elimination.

First, try to establish a session from a client that has been able to successfully connect in the past. The goal is to find out if the problem is specific to an individual client or to the network.

If you suspect the network might be to blame, try to narrow down the scope of the issue to find the root cause. In doing so, you might discover that the problem affects wireless connections but not wired ones. Likewise, you may discover the problem is unique to VPN traffic or a particular subnet.

Firewall problems

It's easy to dismiss the notion that a firewall could contribute to a remote desktop not working, but it's quite common. To avoid firewall problems, ensure the port your remote desktop software uses is open on any firewalls residing between client computers and the server they connect to. Remote Desktop Protocol (RDP)-based tools use port 3389 by default.

You can prevent and solve these problems easily using the following pointers on remote desktop troubleshooting.

You may need to configure multiple firewalls. For example, the client and the server may both run Windows Firewall, and there will probably be one or more hardware firewalls between the two systems.

Some public networks block RDP traffic. This is especially true of the Wi-Fi networks found on cruise ships and in some hotels, airports and coffee shops.

Firewall issues also sometimes come into play when using RDP to access a home computer while at work. Some organizations configure their corporate firewall to block outbound RDP traffic, thereby preventing connectivity to remote systems.

SSL certificate issues

Security certificates can also cause remote desktop connection problems. Many VDI products use Secure Sockets Layer (SSL) encryption for users that access VDI sessions outside the network perimeter. But SSL encryption requires the use of certificates, which creates two problems that can cause a remote desktop to not work.

First, if remote desktops are going to connect properly, client computers must trust the certificate authority that issued the certificate. This isn't usually a problem for organizations that purchase certificates from large, well-known authorities, but clients won't always trust the certificates an organization generates in-house. Use a reliable certificate authority to ensure that clients establish remote desktop connectivity.

If you're using a certificate provided by an enterprise certificate authority, it is important to note that network clients do not automatically trust the certificate. You will need to download a copy of the certificate authority's root certificate and add it to the client's certificate store in a way that allows it to trust the certificate authority associated with the certificate.

The client must also be able to verify the certificate the server uses. The verification process can break down if the certificate has expired or if the name on the certificate doesn't match the name of the server using it.

DNS problems

Many remote desktop connectivity problems can be traced to DNS issues. If an admin changed a host's IP address, then clients might not be able to connect to the host until the client's DNS resolver cache expires. Enter the following command on the client computer to clear the cache and force DNS names to be freshly resolved: IPConfig /FlushDNS

Clients may also have trouble connecting to a host if they use an external DNS server that is unable to resolve hosts on the organization's private network. The fix for this problem is to modify the client's IP address settings so it uses one of the organization's DNS servers rather than an external DNS. As an alternative, you may be able to connect to a remote system by specifying its IP address rather than a host name.

Authentication errors

Authentication issues can also arise when accessing a remote system via RDP. Most of the time, such errors occur because the user account does not have the required permissions.

Even if a user can log on locally to a system, it does not mean they will be able to log on remotely. Windows maintains separate permissions for logging on locally and remotely. You should ensure users have the proper credentials associated with their remote desktop and not just with their local desktop.

Capacity exceeded

You could also experience remote desktop connectivity issues if you exceed infrastructure capacity. In an organization with virtual desktop or VDI, for example, clients may be unable to connect if the available licenses have been depleted. Some VDI implementations also refuse client connections if the server is too busy or if launching another virtual desktop session would weaken the performance of existing sessions.

Dropped connections

Sometimes, the client can establish an RDP session but the available bandwidth is inadequate to support the session's requirements. Depending on the RDP client used, this problem can manifest itself in a variety of ways.

The session may appear to freeze or you might see a black screen. In some cases, the client may drop the connection and display a message that says "Reconnecting." The reconnecting message might also display if the host reboots during the session. This could occur if you have recently installed a Windows update.

If you suspect there might not be enough bandwidth to support the RDP session, try closing any applications that may be consuming bandwidth. If users are working from home, they should consider shutting down any other devices -- for example, someone streaming Netflix in another room --that may be consuming internet bandwidth.

You can adjust the RDP client to use a lower display resolution or color depth, and disable visual features such as font smoothing or the Windows background.

CredSSP problems

RDP connectivity can sometimes fail due to issues with the Credential Security Support Provider Protocol. The CredSSP provides a means of sending user credentials from a client computer to a host computer when an RDP session is in use.

In 2018, Microsoft updated the CredSSP to fix a security vulnerability. Now, the RDP works only if both the client and the RDP host use an updated CredSSP provider. If a system does not include an up-to-date CredSSP provider, the client will typically display an authentication error. Depending on which RDP client you use, this error may even indicate that the issue was caused by CredSSP.

The best way to fix this is to ensure that both the client and the host are running supported Windows versions and both systems have been fully updated.

You can prevent most of these connection problems with some preplanning, and good remote desktop troubleshooting skills help when other issues come up. Ensure your SSL certificates are updated, configure firewalls correctly and keep an eye on your VDI capacity.

Next Steps

Evaluating remote desktop connection brokers

Remote Desktop Connection tool resolves Vista and XP snafu

The basics of Remote Desktop Services: The connection broker

Enterprises of all sizes experiencing challenges in remote working

Dig Deeper on Terminal Services and Remote Desktop Services

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What other problems have you noticed cause remote desktop connections to break? Do you have any remote desktop troubleshooting tips?
If a person is facing problem to take remote telling "no log on server to login" then how to resolve this problem. please share the tips and knowledge to solve the above problem.
To resolve this problem:

  • Allow WINS dynamic registration.

    This ensures that Domain Controllers register their DOMAIN<1C> NetBIOS names with the WINS Server.
  • Make certain that WINS database replication is successful between WINS Servers. Missing database entries for domain names may indicate Problems with the WINS Servers and replication.
To work around this problem:

NOTE: Microsoft does not recommend using static mappings in the WINS database for WINS enabled computers.

  1. Run the WINS Administration Utility to add static mappings for the Domain<1C> registrations (of the trusted domain) that are not listed in the WINS database:

    Name: Master DOMAIN Name
    IP Address: Address of the Primary Domain Controller (PDC) of the
    Type: Domain Name

If you are logged on as an administrator at a Domain Controller, remote administration works now successfully. If you are attempting to remotely administer the domain while logged on to a Server (not a domain controller) or Windows NT Workstation, you must add DOMAIN<1C> entries for both the trusted and trusting domains.
Could use a lot more detail than this article provides.

my computer says "the referenced account is currently locked out and may not be logged on to".  why does this happen

Change your password and try! Go to credential manager and delete the generic credentials, you will be good to go!
I've verified that none of the five problems you've brought up are an issue.  The closest one was about a week ago I started getting Certificate Not Verified notices.  But I was able to log on anyhow until last Friday, when it just shut me out.  My boss can get in so it's not 2 or 3 on the Remote Desktop Connection dialog.  So it's something on my client.  I took the registry back to the default and erased the rdp's.  But it's still locking me out.
When I access the remote desktop from my windows 10 surface book, the desktop is so tiny I can hardly read it.  I tried changing the resolution, and that helps a little.  Are there any other solutions?
I have laptop installed Remote desktop at home. It works fine over there but when I connect from my office to home it doesn't work from there (Just installed VPN and its working). How do I connect without VPN to my house?
I RDP into my computer at work from home. It connects fine. I do whatever I need to do at home. I disconnect from RDP. Next day I go into the office. My Windows 7 machine is stuck (no W7 login box). Only thing I can do is cold reboot. It happens 10 out of 10 times. Help please.
In windows server 2008r2, our company using static IP and created users for rdp, since they are working from last  two years ,  now the server is facing some problem with rdp connecting from client to server, if i connect via rdp server is freezing and client computer showing blank screen, please suggest me for resolving this problem.

This is the showing on screen please solve the issue: An authentication error has occurred the function request is not supported. This could be due to CredSSP.
so im using monect pc remote but its not allowing me to connect not even letting me choose it from devices and when i try to scan qr code it doesnt do anything nothing at all and i cant try to connect using ip address. i see all of these videos but im not getting any of the options that they say try. the app doesnt even present itself in the same way the website shows
one of my user can login, but the remote desktop window suddenly disappears
i have a client that can connect using remote desktop but then the connection will drop after a couple minutes and says reconnecting . it will reconnect and go thru the same process over and over . the server he is connecting to has 2008 version and he has a new laptop with 2010 . could that be the problem.
  • Allow WINS dynamic registration. This ensures that Domain Controllers register their DOMAIN<1C> NetBIOS names with the WINS Server. Make certain that WINS database replication is successful between WINS Servers. Missing database entries for domain names may indicate Problems with the WINS Servers and replication. RSAT is a great app for Windows 10.