It seems out of the blue, I can no longer RDP into any server. The setup is AD 2008 R2, one physical host, with 3 VM's. RDP has been fine for a couple of years, then just stopped.
No updates were done as I run WSUS and haven't had tmie to log in to approve anything in maybe 3 weeks. This issue occurs regardless of what system I am coming from (all Win7 systems). Also i I am at the server and RDP to one of the VM's, no go tghere either. However I can use Hyper-V manager to open standard console sessions to the VM's no problem, for what that's worth. All clients are Win7 systems and also haven't been updated in 3 weeks.
Interestingly, I also cannot pcAnywhere to the Hyper-V host. I have this in place as a backup in case RDP has issues.
So one would think something 3rd party is blocking this stuff. I have SEP 11 running with a nearly default firewall, allowing all traffic from server to server. Just the same I turned off this firewall, no change. Oddly, Windows Firewall was started. I generally disable the WFW service itself as that seems to be the only way to truely tuen if off, since having that plus a 3rd party firewall product is generally not recommended (two FW's on one system). I've followed this practice for years and in various environments without problem. I know you need WFW running to enable RDS, so I do that, then disable WFW.
So I am lost as to how to troubleshoot this since it apepars Symantec isn't the issue, and WFW shoulnd't be since I switch off the service itself, and yet I am getting nowhere. Event logs didn't log any errors at all during the times when I was testing this.
From the client end, in the mstsc window when I click Connect, within 2 secons I get the standard "remote machine isn't RDP enabled, machine is turned off, or machine isn't on the netowrk" kind of error. This happens the same if i use hostname or IP.
Event Logs on both the client and the server(s) contain no entries in Systme or Application hat are timestamped around when I do my logging in attempts.
I'm not sure if I can get anything from the Security event logs, it just has constant Succcess Audits for mydomain admin doing something or NULL SID doing something.