3389 not listening on 1 server 2019

Question

3389 not listening on 1 server 2019

Prezidentj33 121

Have 1 server 2019 that is not listening to port 3389 when doing netstat -ano I do not see UPD or TCP for 3389.
I do see Remote Desktop Services services running along with
Remote Desktop Configuration
Remote Desktop Services User Mode Port Redirector

I have 2 other 2019 servers that are working with this same Template with no issues so I know this isn't the image that was used. Nothing was different about the setup other than the IP's.

Remote desktop is allowed in FW inbound. Again, same as the other 2 machines.

The only odd thing I see is that in event viewer for this is in Microsoft->Windows->TerminalServices-LocalSessionManager is that informational events show
Event ID 34 "Remote Desktop Services is not accepting logons because setup is running"
Server has been rebooted but this doesn't seem to fix this issue.

I have scoured around on the web for this one and do not find much outside of redoing the system which, I don't understand why that would be the only solution here.
I don't see any missing drivers either in Device Manager "show hidden devices", everything looks the same as the other machines that work (2019 servers)

I can get to the VM by Vcenter so I have access to get into it but would like RDP working incase VMware someday won't come up and then I have no way of getting into it.

Anyone have this issue? And if so what was the solution?

Accepted answer

4 additional answers

Your answer

Answer 1

Anonymous

This is a DC

Then standing up a new one for replacement is by far the simplest / safest and cleanest method.

I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2019 or 2022, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

--please don't forget to upvote and Accept as answer if the reply is helpful--

Prezidentj33 121 Reputation points

2023-01-06T22:49:29.117+00:00

@Anonymous Yeah, I will want to reuse name and IP for it when I do it. While I'm here, I know there are those issues with security/kerberos sync with DC's if installing Nov/Dec patches. If I install patches on this before its a DC, will that affect it once I join it to the domain with other DC's not having those patches yet??
Randy Raitz 0 Reputation points

2023-03-01T19:37:55.0766667+00:00

So this was not so much a solution to the root problem, but more so a workaround, right? I'm having the exact same problem where Remote Desktop Services is up and running, but binding to a random upper unreserved port number even though it is configured for 3389. Should also not that it does not answer on the random port number that gets assigned to the process after each reboot.

Answer 2

Anonymous

I'm guessing you found the same search results that I did. Nothing really conclusive. These one-offs are not really worth spending much time with. I'd clean install it, patch fully, migrate roles over and move on.

--please don't forget to upvote and Accept as answer if the reply is helpful--

Answer 3

Prezidentj33 121

@Anonymous I may do that down the road as I can still access for now so may just do that after I get some of the other upgrades done. This is a DC so I'd prefer not to have to stand up a new one.

Answer 4

Anonymous

I will want to reuse name and IP for it

The only method here is to have at least two domain controllers which is always recommended to maintain high availability and for disaster mitigation. I'd also recommend trying to reduce the hard coding issues that are limiting names and addresses of your domain controllers.

I know there are those issues with security/kerberos sync with DC's

Patch them fully and you should have no problems. You can check here for both current and resolved windows health issues.
https://learn.microsoft.com/en-us/windows/release-health/

--please don't forget to upvote and Accept as answer if the reply is helpful--

Anonymous

2023-01-09T12:54:24.713+00:00

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--
Prezidentj33 121 Reputation points

2023-01-09T15:45:46.123+00:00

@Anonymous I have 2 DCs at the root level plus 4 more as sub domain DC's. I presume moving FSMO roles and then demoting and standing up new one should be no issue as I still have the 1 DC that is up in that root level.

Workstations and servers all point to the DC's we have online so if there is a more efficient way of doing this I'm curious what other method we would put in place so they just pick up domain controllers online vs being hard coded to specific names?

Also for patching, for the new servers to be new DC's they will be fully patched but if the ones that are DC's currently not at same patch lvl (say behind 1 or 2 patch cycles) will this affect functionality or is this just recommended to prevent issues?

Thanks

Answer 5

Anonymous

I have 2 DCs at the root level plus 4 more as sub domain DC's. I presume moving FSMO roles and then demoting and standing up new one should be no issue as I still have the 1 DC that is up in that root level.

Yes, that's the simplest solution following the steps I posted above.

or is this just recommended to prevent issues?

Yes to reduce / eliminate issues best to patch them all fully.

--please don't forget to upvote and Accept as answer if the reply is helpful--

Prezidentj33 121 Reputation points

2023-01-09T18:11:58.947+00:00

@Anonymous Understood. We may look at a MS ticket as well.
Anonymous

2023-01-09T18:13:24.093+00:00

Sounds good, you're welcome.

Share via

3389 not listening on 1 server 2019

4 additional answers

Your answer