Re: RDP challenge after changing "main" profile's password, can't access any longer with RDP in XP SP2

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

This is a wild guess: erase the cached password in your instance of Windows.
If you added the Administrative submenu to the Start menu (an option of the
taskbar), or by running "control.exe userpasswords2", Advanced tab, Manage
Passwords, and remove all of them. Then start the RDP client on your host
and see it it works (without using an .rdp file).

Since all the users of the remote (school) hosts are admin users, you sure
that they didn't change the password to blank (null)? RDP can't establish a
connection to an account on the remote host that has a null password.

Under the Advanced tab in the RDP client, I think the default action is
"Connect and don't warn me". Tried changing it to "Warn me"? This will
indicate if the client cannot verify the identity of the remote host. One
such cause is due to the hostname resolution specified in your TCP setup.

Has the remote (school) host ever been rebooted since you changed the login
password for the Main account? Do you know that there isn't a hung RDP
session on the remote host? Disconnecting from RDP is not the same as
terminating a session. The old RDP session might still be running on those
remote hosts.

RDP is a reduced version of Terminal Services. The TS service in Windows XP
allows a max of 2 concurrent RDP sessions on that host. These can quickly
and easily get consumed if users merely disconnect from a session (which
leaves it active) rather than end their session (logoff). Because users
often disconnect rather than logoff from their remote session, the maximum
count of 2 sessions gets consumed so you can no longer get onto that host.
That's when you use the console mode of RDP.

Run "mstsc /?" to see help on using the /admin or /console parameter. See
http://support.microsoft.com/kb/278845. Some help refers to /console and
others to /admin. Same thing but the parameter name changed (it changed in
Windows Vista and, I think, in SP-3 for Windows XP). The /console parameter
can be added after the hostname field in the RDP client, or by editing an
..rdp file to add "connect to console:i:1", or by using a shortcut that runs
"<path>\mstsc.exe <rdpfile> /console". "mstsc.exe /console" will load all
your sessions started through the RDP client's GUI as console sessions. Use
/admin if the "mstsc /?" lists that parameter instead of /console.

I know when connecting to a server version of Windows that there is a TS
utility that lets you monitor, configure, and kill sessions. I don't recall
there is an equivalent utility for Windows XP to list the current RDP
sessions running on it, if any. I've read about a query command but that
runs query.vbs on my host that is part of the Windows 2000 Resource Kit.
The only query.exe on my host is under %windir%\system32\dllcache (where SFC
finds the original files to replace when it finds a corrupted copy) and that
does list the current RDP sessions on my host. I don't know why a copy of
query.exe is only under my dllcache folder. It's the same way for a fresh
install Windows XP (with SP-3 and updates) in a virtual machine (so it isn't
because of the ResKit that query.exe is no longer under the system32
folder).

Terminal Services on a server let you configure an idle timeout on RDP
session to kill them if abandoned to long. Exiting the RDP client only
disconnects from the remote host. It doesn't perform a logoff on that
remote host. A reboot of the remote host would obviously kill any pending
RDP sessions. On the remote host (to which you are connecting), you can run
the group policy editor (gpedit.msc) and go to Computer Configuration ->
Adminstrative Templates -> Windows Components -> Terminal Services but it
looks like some settings are not valid or will be ignored. I know there is
a limit of 2 concurrent RDP sessions yet you can spin up the max connect
count for the "Limit number of connections" policy to much higher than 2.
Under the Sessions subnode, there is a "Set time limit for disconnected
sessions" (default = 1 minute) but I don't know that these settings are
honored on a non-server version of Windows
(http://support.microsoft.com/kb/890864). That I don't know merely means
that I would have to test to see if the settings are enforced on a
non-domained XP host.

What version of the RDP client are you running? 6.1 is the latest for XP
(although the version will look something like 6.0.xxxx). With the RDP
client loaded, hit Alt+Spacebar to see the Control menu and select About to
see its version. 6.1 is available at:

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=6e1ec93d-bdbd-4983-92f7-479e088570ad

Only needed if you haven't yet applied service pack 3 for Windows XP (the
download won't install otherwise).
.

Relevant Pages