Troubleshooting Silent RDP Connection Failures After Server Reboot: Credentials Accepted but No Session Established


3 views

This particular RDP failure mode is especially frustrating because it provides zero feedback - the client appears to authenticate successfully (wrong credentials are properly rejected), shows connection progress messages, then silently returns to the connection window. Here's what's happening under the hood:


// Typical RDP connection sequence when working:
1. Credential validation (NLA)
2. Session allocation (TermService)
3. Display driver initialization
4. Session establishment

// Failed sequence in our case:
1. Credential validation √
2. Session allocation ?
3. Display driver ?
4. Session establishment X

Since this occurs after a reboot, we need to check services that initialize late in the boot process:


# PowerShell check for critical services
Get-Service -Name TermService, SessionEnv, UmRdpService | 
Select Name, Status, StartType | Format-Table -AutoSize

Common findings in this scenario:

  • TermService starts but fails to create sessions
  • UmRdpService (Remote Desktop USB Redirector) stuck in "Starting"
  • SessionEnv (Remote Desktop Configuration) set to Manual but not triggered

Even though basic connectivity exists, we should verify RDP-specific ports:


# Test-NetConnection equivalent for RDP ports
Test-NetConnection -ComputerName [SERVER] -Port 3389
Test-NetConnection -ComputerName [SERVER] -Port 3390  # Possible secondary port

When standard troubleshooting fails, these registry tweaks often resolve silent connection issues:


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
"fDenyTSConnections"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
"UserAuthentication"=dword:00000001
"SecurityLayer"=dword:00000002

For persistent cases, enable RDP logging and analyze the events:


# Enable enhanced RDP logging
wevtutil set-log Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational /enabled:true
wevtutil set-log Microsoft-Windows-TerminalServices-RdpClient/Operational /enabled:true

# After repro attempt, export logs
Get-WinEvent -LogName "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational" | 
Where-Object {$_.Id -in (21,22,23,24,25,1149)} | Format-List

Try these rapid solutions in order:

  1. Restart the Remote Desktop Services service cluster: 
    
Restart-Service -Name TermService -Force
Restart-Service -Name SessionEnv -Force
  2. Reset the RDP listener: 
    
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Value 1
  3. Recreate the RDP certificate: 
    
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\" -Name "SSLCertificateSHA1Hash" -Value ""

This particular RDP failure mode is especially frustrating because it provides zero feedback about what's going wrong. Here's what we know:

  • Connection was working prior to server reboot
  • Credentials are being accepted (invalid credentials get rejected)
  • Session appears to initiate but silently terminates
  • Other remote machines remain accessible

Before diving deep, let's check some basic network connectivity:

# Test basic TCP connectivity
Test-NetConnection -ComputerName [SERVER] -Port 3389

# Check RDP service status remotely (requires WinRM enabled)
Invoke-Command -ComputerName [SERVER] -ScriptBlock { Get-Service TermService }

From my experience, these are the most likely causes when RDP fails silently post-reboot:

1. Licensing Service Issues

Windows servers require RDP licensing components. Check with:

Get-WmiObject -Class Win32_TSLicenseKeyPack -Namespace "root\cimv2\TerminalServices"

2. User Profile Service Glitches

A corrupted user profile can cause silent failures. Try creating a test local admin account:

net user tempadmin "P@ssw0rd!" /add
net localgroup administrators tempadmin /add

Event Log Analysis

Check these critical event logs remotely using PowerShell:

$session = New-PSSession -ComputerName [SERVER]
Invoke-Command -Session $session -ScriptBlock {
    Get-EventLog -LogName Application -Source "TerminalServices*" -Newest 20
    Get-EventLog -LogName System -Source "TermService" -Newest 10
}

Network Level Tracing

Capture network traffic during connection attempt:

netsh trace start scenario=NetConnection capture=yes tracefile=C:\temp\rdptrace.etl
netsh trace stop

These registry values often cause silent RDP failures:

reg query "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication

When RDP fails, try these workarounds while troubleshooting:

  • Windows Admin Center (WAC) if configured
  • SSH (Windows 2019+) with remote PowerShell
  • Emergency Management Services (EMS) console

If all else fails, boot the server in Safe Mode with Networking and test RDP:

bcdedit /set {default} safeboot network
shutdown /r /t 0