Microsoft Remote Desktop Connection

Posted on by admin



  1. Microsoft Remote Desktop Connection App
  2. Microsoft Remote Desktop Connection File
  3. Microsoft Remote Desktop Connections

In March, Microsoft announced that it was discontinuing Remote Desktop Connection Manager (RDCMan) due to a major security flaw (CVE-2020-0765). Here is the bulletin: Here is the bulletin: An information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a. Microsoft's Remote Desktop Protocol has been saddled with security bugs and weaknesses, which means you need to take certain precautions when using RDP for remote connections.

-->

Use these steps when a Remote Desktop client can't connect to a remote desktop but doesn't provide messages or other symptoms that would help identify the cause.

Check the status of the RDP protocol

Check the status of the RDP protocol on a local computer

To check and change the status of the RDP protocol on a local computer, see How to enable Remote Desktop.

Note

If the remote desktop options are not available, see Check whether a Group Policy Object is blocking RDP.

Check the status of the RDP protocol on a remote computer

Important

Follow this section's instructions carefully. Serious problems can occur if the registry is modified incorrectly. Before you start modifying the registry, back up the registry so you can restore it in case something goes wrong.

To check and change the status of the RDP protocol on a remote computer, use a network registry connection:

  1. First, go to the Start menu, then select Run. In the text box that appears, enter regedt32.
  2. In the Registry Editor, select File, then select Connect Network Registry.
  3. In the Select Computer dialog box, enter the name of the remote computer, select Check Names, and then select OK.
  4. Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server.
    • If the value of the fDenyTSConnections key is 0, then RDP is enabled.
    • If the value of the fDenyTSConnections key is 1, then RDP is disabled.
  5. To enable RDP, change the value of fDenyTSConnections from 1 to 0.
Microsoft remote desktop connection windows 10

Check whether a Group Policy Object (GPO) is blocking RDP on a local computer

If you can't turn on RDP in the user interface or the value of fDenyTSConnections reverts to 1 after you've changed it, a GPO may be overriding the computer-level settings.

To check the group policy configuration on a local computer, open a Command Prompt window as an administrator, and enter the following command:

After this command finishes, open gpresult.html. In Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostConnections, find the Allow users to connect remotely by using Remote Desktop Services policy.

  • If the setting for this policy is Enabled, Group Policy is not blocking RDP connections.

  • If the setting for this policy is Disabled, check Winning GPO. This is the GPO that is blocking RDP connections.

Check whether a GPO is blocking RDP on a remote computer

To check the Group Policy configuration on a remote computer, the command is almost the same as for a local computer:

The file that this command produces (gpresult-<computer name>.html) uses the same information format as the local computer version (gpresult.html) uses.

Modifying a blocking GPO

You can modify these settings in the Group Policy Object Editor (GPE) and Group Policy Management Console (GPM). For more information about how to use Group Policy, see Advanced Group Policy Management.

To modify the blocking policy, use one of the following methods:

  • In GPE, access the appropriate level of GPO (such as local or domain), and navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections > Allow users to connect remotely by using Remote Desktop Services.
    1. Set the policy to either Enabled or Not configured.
    2. On the affected computers, open a command prompt window as an administrator, and run the gpupdate /force command.
  • In GPM, navigate to the organizational unit (OU) in which the blocking policy is applied to the affected computers and delete the policy from the OU.

Check the status of the RDP services

On both the local (client) computer and the remote (target) computer, the following services should be running:

  • Remote Desktop Services (TermService)
  • Remote Desktop Services UserMode Port Redirector (UmRdpService)

You can use the Services MMC snap-in to manage the services locally or remotely. You can also use PowerShell to manage the services locally or remotely (if the remote computer is configured to accept remote PowerShell cmdlets).

On either computer, if one or both services are not running, start them.

Note

If you start the Remote Desktop Services service, click Yes to automatically restart the Remote Desktop Services UserMode Port Redirector service.

Check that the RDP listener is functioning

Important

Follow this section's instructions carefully. Serious problems can occur if the registry is modified incorrectly. Before you starty modifying the registry, back up the registry so you can restore it in case something goes wrong.

Check the status of the RDP listener

For this procedure, use a PowerShell instance that has administrative permissions. For a local computer, you can also use a command prompt that has administrative permissions. However, this procedure uses PowerShell because the same cmdlets work both locally and remotely.

  1. To connect to a remote computer, run the following cmdlet:

  2. Enter qwinsta.

  3. If the list includes rdp-tcp with a status of Listen, the RDP listener is working. Proceed to Check the RDP listener port. Otherwise, continue at step 4.

  4. Export the RDP listener configuration from a working computer.

    1. Sign in to a computer that has the same operating system version as the affected computer has, and access that computer's registry (for example, by using Registry Editor).
    2. Navigate to the following registry entry:
      HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp
    3. Export the entry to a .reg file. For example, in Registry Editor, right-click the entry, select Export, and then enter a filename for the exported settings.
    4. Copy the exported .reg file to the affected computer.

  5. To import the RDP listener configuration, open a PowerShell window that has administrative permissions on the affected computer (or open the PowerShell window and connect to the affected computer remotely).

    1. To back up the existing registry entry, enter the following cmdlet:

    2. To remove the existing registry entry, enter the following cmdlets:

    3. To import the new registry entry and then restart the service, enter the following cmdlets:

      Replace <filename> with the name of the exported .reg file.

  6. Test the configuration by trying the remote desktop connection again. If you still can't connect, restart the affected computer.

  7. If you still can't connect, check the status of the RDP self-signed certificate.

Check the status of the RDP self-signed certificate

  1. If you still can't connect, open the Certificates MMC snap-in. When you are prompted to select the certificate store to manage, select Computer account, and then select the affected computer.
  2. In the Certificates folder under Remote Desktop, delete the RDP self-signed certificate.
  3. On the affected computer, restart the Remote Desktop Services service.
  4. Refresh the Certificates snap-in.
  5. If the RDP self-signed certificate has not been recreated, check the permissions of the MachineKeys folder.

Check the permissions of the MachineKeys folder

  1. On the affected computer, open Explorer, and then navigate to C:ProgramDataMicrosoftCryptoRSA.
  2. Right-click MachineKeys, select Properties, select Security, and then select Advanced.
  3. Make sure that the following permissions are configured:
    • BuiltinAdministrators: Full control
    • Everyone: Read, Write

Check the RDP listener port

On both the local (client) computer and the remote (target) computer, the RDP listener should be listening on port 3389. No other applications should be using this port.

Important

Follow this section's instructions carefully. Serious problems can occur if the registry is modified incorrectly. Before you starty modifying the registry, back up the registry so you can restore it in case something goes wrong.

To check or change the RDP port, use the Registry Editor:

  1. Go to the Start menu, select Run, then enter regedt32 into the text box that appears.
    • To connect to a remote computer, select File, and then select Connect Network Registry.
    • In the Select Computer dialog box, enter the name of the remote computer, select Check Names, and then select OK.
  2. Open the registry and navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStations<listener>.
  3. If PortNumber has a value other than 3389, change it to 3389.

    Important

    You can operate Remote Desktop services using another port. However, we don't recommend you do this. This article doesn't cover how to troubleshoot that type of configuration.

  4. After you change the port number, restart the Remote Desktop Services service.

Check that another application isn't trying to use the same port

For this procedure, use a PowerShell instance that has administrative permissions. For a local computer, you can also use a command prompt that has administrative permissions. However, this procedure uses PowerShell because the same cmdlets work locally and remotely.

  1. Open a PowerShell window. To connect to a remote computer, enter Enter-PSSession -ComputerName <computer name>.

  2. Enter the following command:

  3. Look for an entry for TCP port 3389 (or the assigned RDP port) with a status of Listening.

    Note

    The process identifier (PID) for the process or service using that port appears under the PID column.

  4. To determine which application is using port 3389 (or the assigned RDP port), enter the following command:

  5. Look for an entry for the PID number that is associated with the port (from the netstat output). The services or processes that are associated with that PID appear on the right column.

  6. If an application or service other than Remote Desktop Services (TermServ.exe) is using the port, you can resolve the conflict by using one of the following methods:

    • Configure the other application or service to use a different port (recommended).
    • Uninstall the other application or service.
    • Configure RDP to use a different port, and then restart the Remote Desktop Services service (not recommended).

Check whether a firewall is blocking the RDP port

Use the psping tool to test whether you can reach the affected computer by using port 3389.

  1. Go to a different computer that isn't affected and download psping from https://live.sysinternals.com/psping.exe.

  2. Open a command prompt window as an administrator, change to the directory in which you installed psping, and then enter the following command:

  3. Check the output of the psping command for results such as the following:

    • Connecting to <computer IP>: The remote computer is reachable.
    • (0% loss): All attempts to connect succeeded.
    • The remote computer refused the network connection: The remote computer is not reachable.
    • (100% loss): All attempts to connect failed.

  4. Run psping on multiple computers to test their ability to connect to the affected computer.

  5. Note whether the affected computer blocks connections from all other computers, some other computers, or only one other computer.

  6. Recommended next steps:

    • Engage your network administrators to verify that the network allows RDP traffic to the affected computer.
    • Investigate the configurations of any firewalls between the source computers and the affected computer (including Windows Firewall on the affected computer) to determine whether a firewall is blocking the RDP port.
-->

Applies to: Windows 10, Windows 10 IoT Enterprise, and Windows 7

You can use the Remote Desktop client for Windows Desktop to access Windows apps and desktops remotely from a different Windows device.

Note

  • This documentation is not for the Remote Desktop Connection (MSTSC) client that ships with Windows. It's for the new Remote Desktop (MSRDC) client.
  • This client currently only supports accessing remote apps and desktops from Windows Virtual Desktop.
  • Curious about the new releases for the Windows Desktop client? Check out What's new in the Windows Desktop client

Install the client

Choose the client that matches the version of Windows. The new Remote Desktop client (MSRDC) supports Windows 10, Windows 10 IoT Enterprise, and Windows 7 client devices.

You can install the client for the current user, which doesn't require admin rights, or your admin can install and configure the client so that all users on the device can access it.

Once you've installed the client, you can launch it from the Start menu by searching for Remote Desktop.

Update the client

You'll be notified whenever a new version of the client is available as long as your admin hasn't disabled notifications. The notification will appear in either the Connection Center or the Windows Action Center. To update your client, just select the notification.

You can also manually search for new updates for the client:

  1. From the Connection Center, tap the overflow menu (...) on the command bar at the top of the client.
  2. Select About from the drop-down menu.
  3. The client automatically searches for updates.
  4. If there's an update available, tap Install update to update the client.

Workspaces

Get the list of managed resources you can access, such as apps and desktops, by subscribing to the Workspace your admin provided you. When you subscribe, the resources become available on your local PC. The Windows Desktop client currently supports resources published from Windows Virtual Desktop.

Subscribe to a Workspace

There are two ways you can subscribe to a Workspace. The client can try to discover the resources available to you from your work or school account or you can directly specify the URL where your resources are for cases where the client is unable to find them. Once you've subscribed to a Workspace, you can launch resources with one of the following methods:

  • Go to the Connection Center and double-click a resource to launch it.
  • You can also go to the Start menu and look for a folder with the Workspace name or enter the resource name in the search bar.

Subscribe with a user account

  1. From the main page of the client, tap Subscribe.
  2. Sign in with your user account when prompted.
  3. The resources will appear in the Connection Center grouped by Workspace.

Subscribe with URL

  1. From the main page of the client, tap Subscribe with URL.
  2. Enter the Workspace URL or your email address:
    • If you use the Workspace URL, use the one your admin gave you. If accessing resources from Windows Virtual Desktop, you can use one of the following URLs:
      • Windows Virtual Desktop (classic): https://rdweb.wvd.microsoft.com/api/feeddiscovery/webfeeddiscovery.aspx
      • Windows Virtual Desktop: https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery
    • To use email, enter your email address. This tells the client to search for a URL associated with your email address if your admin has setup email discovery.
  3. Tap Next.
  4. Sign in with your user account when prompted.
  5. The resources will appear in the Connection Center grouped by Workspace.

Workspace details

After subscribing, you can view additional information about a Workspace on the Details panel:

  • The name of the Workspace
  • The URL and username used to subscribe
  • The number of apps and desktops
  • The date/time of the last refresh
  • The status of the last refresh
Microsoft

Microsoft Remote Desktop Connection App

Accessing the Details panel:

  1. From the Connection Center, tap the overflow menu (...) next to the Workspace.
  2. Select Details from the drop-down menu.
  3. The Details panel appears on the right side of the client.

After you've subscribed, the Workspace will refresh automatically on a regular basis. Resources may be added, changed, or removed based on changes made by your admin.

You can also manually look for updates to the resources when needed by selecting Refresh from the Details panel.

Refreshing a Workspace

You can manually refresh a Workspace by selecting Refresh from the overflow menu (...) next to the Workspace.

Unsubscribe from a Workspace

This section will teach you how to unsubscribe from a Workspace. You can unsubscribe to either subscribe again with a different account or remove your resources from the system.

  1. From the Connection Center, tap the overflow menu (...) next to the Workspace.
  2. Select Unsubscribe from the drop-down menu.
  3. Review the dialog box and select Continue.

Managed desktops

Workspaces can contain multiple managed resources, including desktops. When accessing a managed desktop, you have access to all the apps installed by your admin.

Desktop settings

You can configure some of the settings for desktop resources to ensure the experience meets your needs. To access the list of available settings right-click on the desktop resource and select Settings.

The client will use the settings configured by your admin unless you turn off the Use default settings option. Doing so allows you to configure the following options:

  • Display configuration selects which displays to use for the desktop session and impacts which additional settings are available.
    • All displays ensures the session always uses all your local displays even when some of them are added or removed later.
    • Single display ensures the session always uses a single display and allows you to configure its properties.
    • Select displays allows you to choose which displays to use for the session and provides an option to dynamically change the list of displays during the session.
  • Select the displays to use for the session specifies which local displays to use for the session. All selected displays must be adjacent to each other. This setting is only available in Select display mode.
  • Maximize to current displays determines which displays the sessions will use when going full screen. When enabled, the session goes full screen on the displays touched by the session window. This allows you to change displays during the session. When disabled, the session goes full screen on the same displays it was on the last time it was full screen. This setting is only available in Select display mode and is disabled otherwise.
  • Single display when windowed determines which displays are available in the session when exiting full screen. When enabled, the session switches to a single display in windowed mode. When disabled, the session retains the same displays in windowed mode as in full screen. This setting is only available in All displays and Select display modes and is disabled otherwise.
  • Start in full screen determines whether the session will launch in full-screen or windowed mode. This setting is only available in Single display mode and is enabled otherwise.
  • Fit session to window determines how the session is displayed when the resolution of the remote desktop differs from the size of the local window. When enabled, the session content will be resized to fit inside the window while preserving the aspect ratio of the session. When disabled, scrollbars or black areas will be shown when the resolution and window size don't match. This setting is available in all modes.
  • Update the resolution on resize makes the remote desktop resolution automatically update when you resize the session in windowed mode. When disabled, the session always remains at whichever resolution you specify in Resolution. This setting is only available in Single display mode and is enabled otherwise.
  • Resolution lets you specify the resolution of the remote desktop. The session will retain this resolution for its entire duration. This setting is only available in Single display mode and when Update the resolution on resize is disabled.
  • Change the size of the text and apps specifies the size of the content of the session. This setting only applies when connecting to Windows 8.1 and later or Windows Server 2012 R2 and later. This setting is only available in Single display mode and when Update the resolution on resize is disabled.

Give us feedback

Have a feature suggestion or want to report a problem? Tell us with the Feedback Hub.

You can also give us feedback by selecting the button that looks like a smiley face emoticon in the client app, as shown in the following image:

Microsoft Remote Desktop Connection File

Note

To best help you, we need you to give us as detailed information about the issue as possible. For example, you can include screenshots or a recording of the actions you took leading up to the issue. For more tips about how to provide helpful feedback, see Feedback.

Access client logs

You might need the client logs when investigating a problem.

To retrieve the client logs:

Microsoft Remote Desktop Connections

  1. Ensure no sessions are active and the client process isn't running in the background by right-clicking on the Remote Desktop icon in the system tray and selecting Disconnect all sessions.
  2. Open File Explorer.
  3. Navigate to the %temp%DiagOutputDirRdClientAutoTrace folder.