Article ID: 112775, created on Nov 10, 2011, last review on Jun 17, 2016

  • Applies to:
  • Virtuozzo containers for Windows

Symptoms

You cannot establish a Remote Desktop (RDP) connection to a Parallels Virtuozzo Containers (PVC) container.

Resolution

Perform troubleshooting by following the steps below:

  1. Verify that the container can be accessed over the network by some other means. If the container cannot be accessed, perform general network connectivity troubleshooting (For example, troubleshooting and testing your network settings).

  2. Make sure a custom firewall/IPSec/routing configuration is not blocking the RDP connection to the container.

    Disable the firewall inside the container and check if the issue persists:

    • Windows 2003:

      net stop /y ipnat
      net stop /y sharedaccess
      net stop /y remoteaccess 
      net stop /y policyagent
      net stop /y umrdpservice
      
    • Windows 2008 and later:

      netsh advfirewall set allprofiles state off
      

    NOTE: Make sure the commands are executed from inside the container, not on the Hardware Node. In order to enter into the container from the Hardware Node, use the vzctl utility:

    vzctl enter 101
    

    In this example 101 is the container ID.

    If stopping the firewall restores RDP functionality, the firewall configuration needs to be revised.

    To enable the firewall in the container back, execute the following command:

    netsh advfirewall set allprofiles state on
    
  3. Check the container for broken links related to RDP files: zero-sized files inside system32/syswow64 directories inside the container. Use the following articles for those purposes:

    How to deal with broken links in Virtuozzo containers for Windows 4.x
    How to deal with broken links in Virtuozzo containers for Windows 6.0

  4. Third-party software rewrites system files inside the container during installation. Check the size of the relevant libraries and drivers:

    • Inside the %vzroot%\private\CTID\root\windows\system32\drivers\ directory:

      rdpwd.sys
      RDPCDD.sys
      tdtcp.sys
      termdd.sys
      
    • Inside the %vzroot%\private\CTID\root\windows\system32\ directory:

      termsrv.dll
      rdpcorekmts.dll
      rdpwsx.dll
      rdrmemptylst.exe
      cryptsvc.dll
      crypt32.dll
      

    If the above files are not zero-sized, restore links to the Hardware Node as shown below:

    vzfsctl lnkctl 101 --link %vz_root%\private\101\root\windows\system32\drivers\rdpwd.sys --dst \windows\system32\drivers\rdpwd.sys --system
    
  5. There are not enough system resources to establish an RDP connection. Possible causes are lack of memory or a limit on the number of num-sessions or number of processes. Verify this by running the following command on the Hardware Node:

    vzlist CTID -o vprvmem,vprvmem.b,numsessions,numsessions.b,numproc,numproc.b
    

    See RDP Connection doesn't work due to lack of resources article.

  6. Verify that the fDenyTSConnections value is set to "0" in the registry key HKEY_LOCAL_MACHINE\vzCTID\MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server.

  7. Verify that the fEnableWinStation value is set to "1" in the registry key HKEY_LOCAL_MACHINE\vzCTID\MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp and restart the Remote Desktop Configuration service:

    net stop /y sessionenv && net start sessionenv
    
  8. The default port for the RDP (3389) connection has been changed from within the container. Run the following registry query on the Hardware Node to confirm this:

    reg query "HKLM\vzCTID\MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber
        portnumber    REG_DWORD    0xd3d
    

    "0xd3d" is a Hex value for 3389.

  9. Verify that the RDP port is listened to in a container:

    C:\>vzctl enter CTID
    
    C:\WINDOWS\system32>netstat -an | findstr 3389
    

    The TCP port should in the "LISTENING" status.

  10. If Remote Desktop services are running but port 3389 is not being listened to, verify that the container registry has the correct video device settings:

    C:\>reg query  "HKLM\vzCTID\MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\VIDEO\disc"
    
    HKEY_LOCAL_MACHINE\vzCTID\MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\VIDEO\disc
        VgaCompatible    REG_SZ    \Device\Video0
        \Device\Video0    REG_SZ    \REGISTRY\Machine\System\CurrentControlSet\Services\TSDDD\Device0
    
    C:\>reg query  "HKLM\vzCTID\MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\VIDEO\rdpdd"
    
    HKEY_LOCAL_MACHINE\vzCTID\MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\VIDEO\rdpdd
        \Device\Video0    REG_SZ    \REGISTRY\Machine\System\CurrentControlSet\Services\RDPDD\Device0
        VgaCompatible    REG_SZ    \Device\Video0
    
  11. Third-party software is occupying port 3389, so Terminal services cannot bind to it. To verify this, change the RDP port from the default 3389 to a custom value in the registry (see above) and try to establish the connection.

    In this case, you may see the following error in the container's Event Viewer:

    Terminal Server session creation failed. The relevant status code was 0x2740.
    

    See the article You cannot establish a Remote Desktop session to a computer running one of the affected products.

    Note: Use the Export Event Log to a file article to export Event Viewer messages from the container without an RDP session.

  12. An IP conflict on the network may cause an unstable RDP connection. Perform troubleshooting as per the article Test IP-to-MAC Address Resolution with ARP.

  13. The following error is registered in the Event Log inside the container:

    Terminal Server session creation failed. The relevant status code was 0xC0000034
    

    See this article: You receive a "The client could not establish a connection to the remote computer" error message when you try to establish a remote desktop connection to a Windows XP-based computer

  14. The following error is registered in the Event Log inside the container:

    Terminal Service start failed. The relevant status code was Error: 0xc004f028
    

    Replace \Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat inside the container with the same file taken from the Hardware Node.

  15. Follow this article if you see the following error in the Event Viewer of the container:

    The RDP protocol component "DATA ENCRYPTION" detected an error in the protocol stream and has disconnected the client
    
  16. An RDP connection can be established to the container, but the desktop appears blank. It is possible that the \Windows\explorer.exe binary is missing or corrupted inside the container. Check this and replace it with the same file from the node. Other files that are important for RDP sessions are:

    \Windows\System32\csrss.exe
    \Windows\System32\smss.exe
    \Windows\System32\winlogon.exe
    
  17. Viruses can interfere with the Terminal Server and block the RDP connection. Use antivirus software to eliminate this possibility.

  18. Refer to this article, if you are only unable to log in by RDP under certain accounts.

  19. Refer to this article if you are unable to log in by RDP inside the virtual environment, even though the Terminal Server is running properly.

Search Words

unable to connect

aaa

rdp does not work

Remote Desktop not responding

cannot connect

Terminal Service start failed

error occurred while an initial user program was starting

RDP

Remote DEsktop cannot connect to the remote computer for on of these reasons:

detected an error in the protocol stream and has disconnected the client

Terminal Server session creation failed

port 3389

virtuozzo numsessions

rdp

rdp doesnt work

2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f 965b49118115a610e93635d21c5694a8

Email subscription for changes to this article
Save as PDF