RDP connection from Win 10 to Win 7 drops immediately after connection, but not when connecting the other way around


I have a machine with Win 10 build 18362 and one with Win 7 Ultimate SP1. I can connect with Remote Desktop from the Win 7 to the Win 10 machine just fine, but when I attempt to go from Win 10 to Win 7, it prompts with the standard login credentials, and on the first attempt from a new user account I see the remote computer identity verification prompt that asks to verify the connection is trusted. As soon as I accept though, I see a very brief flash of "Please wait..." (or something similar) that you'd expect when logging on, but then the connection drops.

In examining the traffic with Wireshark, I see that a TLS 1.2 connection is established, but then a TCP reset is sent. Per various fixes online, I have also tried:

  • changing the port from 3389 to something else
  • made sure the account on the Win 7 machine was an Administrator
  • verified a password is set on the Win 7 machine
  • set network profile on Win 10 machine to private
  • setup a new Windows account with a different user name on the Win 10 machine and tried logging on to the Win 7 machine with that
  • made sure TLS 1.1 and 1.2 were enabled on the Win 7 machine
  • verified remote connections were enabled on the Win 7 computer
  • in the Remote Desktop login window, on the Local Resources tab, in the Local Devices and Resources group, (clicking More...), unchecked "Smart cards or Windows Hello for Business"
  • in the Remote Desktop login window, on the Advanced tab, changed "If server authentication fails:" to "Connect and don't warn me"
  • verified there were Remote Desktop TCP-in and Remote Desktop entries in Windows Firewall incoming connections
  • set the TCP-in firewall rule scope to Public only (removing Private and Domain)
  • enabled the UDP transport protocol both in the registry and using the group policy editor (in the registry changed SelectTransport key to '2' from '1' at HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services, and in the GPO, at Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections, enabled option "Select RDP transport protocols" and set to "Use either UDP or TCP".

I have tried the options presented by Microsoft here (steps 3 & 4), where the following commands are issued in PowerShell to see what applications are listening on port 3389:

cmd /c 'netstat -ano | find "3389"'
cmd /c 'tasklist /svc | find "<pid listening on 3389>"' 

At first I thought I was on to something with this, as the report given as to what applications were using the port was "CryptSvc, Dnscache, LanmanWorkstation". I thought these were not RDP related, but upon changing the port to 3390 and repeating the same commands, the same 3 application names now showed up on 3390, leading me to believe these are in fact related to RDP, although according to step 6 of that article, only TermServe.exe should be using the port, so I'm a little unsure about the results of this one. That article was written in 2019 though, and I'm dealing with Win 7, so it could be that Win 7 just lists the 3, not just TermServe.exe.

After examining Event Viewer, I see a warning entry under the branch TerminalServices-ClientActiveXCore -> Microsoft-Windows-TerminalServices-RDPClient/Operational that says:

RDPClient_SSL:An error was encountered when transitioning from TsSslStateDisconnected to TsSslStateDisconnected in response to TsSslEventInvalidState (error code 0x8000FFFF).

Also, under TerminalServices-LocalSessionManager -> Operational, I see an information event that says:

Session 1 has been disconnected, reason code 5

When I look at a list of RDS Session Host Server Disconnect Codes here, reason code 5 is "Another user connected to the server, forcing the disconnection of the current connection."...which is odd, since I am the only user.

It appears that I am getting through my local network and contacting the Win 7 machine just fine. It's right after the identity verification that the connection is dropped. Can anyone see any hints in these symptoms that point to anything I can try to fix?

Thank you!

asked on Super User Jul 19, 2020 by Dewey

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0