NeuroAgent

RDP Connection Issues: Works from One PC, Not Another

Fixing RDP connection issues: works from old PC but not new. Analysis of SSL/TLS errors and practical solutions for Windows Server 2019 and Windows 11.

#rdp-client-problems#rdp-troubleshooting#remote-desktop-connection#ssl-tls-issues#windows-server-rdp

Why can’t I connect to RDP from one computer, but it works successfully from another?

I have a Windows Server 2019 server that is not domain-joined (as required) with Terminal Services enabled. I have two Windows 11 computers, both domain-joined. From the old computer (PC1), I can successfully connect to the server using both IP address and name. From the new computer (PC2), the connection doesn’t work, and when attempting to connect via mstsc, I get a “logon attempt failed” message. The username and password are exactly the same as on PC1 and are definitely correct.

In the logs on PC2 (Microsoft-Windows-TerminalServices-RDPClient), I see the following errors:

  • RDP ClientActiveX disconnection (Reason= 2055)
  • Server supports SSL = supported
  • Base64(SHA256(username)) = ***
  • RDPClient_SSL: An error occurred while transitioning from TsSslStateHandshakeInProgress to TsSslStateDisconnecting in response to TsSslEventHandshakeContinueFailed. (Error code: 0x80004005).
  • Multitransport connection disconnected.

What could be the possible causes of this problem and how can I fix it?

NeuroAgent

The main reason for the RDP connection problem from a new computer (PC2) when the connection works successfully from an old computer (PC1) is related to SSL/TLS handshake, as indicated in the error messages. This usually occurs due to incompatibility of security protocol versions, server certificate issues, outdated network drivers, or firewall port blocking on PC2.

Contents

Main causes of RDP connection failure

RDP connection failure from one computer while working from another can be caused by several factors, but in your case, the errors specifically indicate SSL/TLS connection issues:

TLS/SSL incompatibility

  • PC2 may have a newer or different set of security protocols installed
  • The server may only support certain TLS versions, while the client is trying to use an unsupported one

Example error: RDPClient_SSL: error transitioning from TsSslStateHandshakeInProgress to TsSslStateDisconnecting in response to TsSslEventHandshakeContinueFailed

Certificate issues

  • Invalid or expired certificates on the server
  • Trusted root certificate issues on PC2
  • Certificate name mismatch

Security blocks

  • Firewalls on PC2 block traffic on port 3389
  • Windows Defender or antivirus programs block RDP connections
  • Windows security policies on PC2 restrict remote connection

SSL/TLS troubleshooting

Since the logs explicitly indicate an SSL/TLS problem, start by diagnosing these components:

Checking supported protocols

  1. Open PowerShell as administrator on PC2
  2. Run the command to check current TLS protocols:
powershell
[System.Net.ServicePointManager]::SecurityProtocol
  1. Ensure that not only TLS 1.2 but also TLS 1.3 are enabled:
powershell
# To enable supported versions
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12 -bor [System.Net.SecurityProtocolType]::Tls13

Server certificate verification

  1. On PC1 (where connection works), check the certificate:

    powershell
    Invoke-WebRequest -Uri "rdp://your_server:3389" -UseBasicParsing

  2. Compare settings with PC2:

    powershell
    # Check current certificates
Get-ChildItem -Path Cert:\LocalMachine\RemoteDesktop

Network settings verification

Basic network diagnostics

  1. Server availability check:

    cmd
    ping your_server
telnet your_server 3389

  2. DNS resolution check:

    cmd
    nslookup your_server

  3. Routing check:

    cmd
    tracert your_server

Firewall configuration

  1. Temporarily disable Windows Defender on PC2

  2. Check firewall settings:

    powershell
    Get-NetFirewallRule -DisplayName "*Remote Desktop*"

  3. Allow port 3389:

    powershell
    New-NetFirewallRule -DisplayName "Allow RDP" -Direction Inbound -LocalPort 3389 -Protocol TCP -Action Allow

Server security configuration

RDP security policy configuration

  1. Open Local Group Policy Editor on the server:

    • gpedit.msc
    • Computer Configuration → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → Security

  2. Configure security settings:

    • Allow only secure connection (Level 3)
    • Disable network level authentication requirement

Server certificate management

  1. Check current certificates:

    powershell
    Get-ChildItem -Path Cert:\LocalMachine\RemoteDesktop

  2. Create a new self-signed certificate if needed:

    powershell
    New-SelfSignedCertificate -DnsName "your_server" -CertStoreLocation "Cert:\LocalMachine\RemoteDesktop"

  3. Assign certificate for Remote Desktop Services:

    powershell
    Set-Item -Path "WSMan:\localhost\Client\TrustedHosts" -Value "your_server" -Force

Client-side fixes

Network driver updates

  1. Update network card drivers on PC2:

    • Through Device Manager
    • Through Windows Update
    • Through hardware manufacturer’s website

  2. Check network services status:

    powershell
    Get-Service -Name "*network*"
Restart-Service -Name "Dnscache", "Winmgmt", "TermService"

RDP cache cleanup

  1. Delete old RDP connections:

    cmd
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers" /f

  2. Clear temporary files:

    cmd
    del /s /q "%USERPROFILE%\AppData\Local\Temp\*"

  3. Restart Remote Desktop Service:

    powershell
    Restart-Service -Name "TermService" -Force

RDP client components reinstallation

  1. Temporarily disable Remote Desktop Services:

    powershell
    Set-Service -Name "TermService" -StartupType Disabled
Set-Service -Name "UmRdpService" -StartupType Disabled

  2. Remove RDP components:

    cmd
    dism /online /norestart /uninstall-feature /featurename:Remote-Desktop-Services
dism /online /norestart /uninstall-feature /featurename:TerminalServices

  3. Restart PC2

  4. Install components back:

    cmd
    dism /online /enable-feature /featurename:Remote-Desktop-Services /norestart
dism /online /enable-feature /featurename:TerminalServices /norestart

Additional troubleshooting methods

Using other RDP clients

  1. Try alternative clients:

    • Microsoft Remote Desktop Connection Manager
    • Remote Desktop Plus
    • Remmina (for Linux)

  2. Check connection with other parameters:

    cmd
    mstsc /v:your_server /admin
mstsc /v:your_server /multimon

Windows Registry check

  1. Export registry section on PC1 (working):

    cmd
    reg export "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client" c:\rdp_settings.reg

  2. Import on PC2:

    cmd
    reg import c:\rdp_settings.reg

PC2 security policy configuration

  1. Open gpedit.msc on PC2
  2. Computer Configuration → Administrative Templates → Network → Network Connection
  3. Disable remote connection blocking parameters

Sources

  1. Official Microsoft Documentation - Troubleshooting RDP
  2. Microsoft TechNet - Configuring SSL/TLS for RDP
  3. Microsoft Support - Error 0x80004005 with RDP connection
  4. Stack Overflow - RDP SSL handshake failed

Conclusion

Key takeaways:

  • The issue is related to SSL/TLS handshake, not authentication
  • PC2 may have incompatible security settings or drivers
  • Server and PC1 work correctly, indicating a client-side issue

Recommended actions:

  1. Start by checking and configuring TLS protocols on PC2
  2. Update network drivers and restart services
  3. Temporarily disable firewall and antivirus for testing
  4. If nothing helps, reinstall Remote Desktop components

Additional notes:

  • Always test changes in a test environment before applying in production
  • Keep backups of important registry settings
  • Monitor events after making changes for quick identification of new issues

If the problem persists, you may need to contact Microsoft Technical Support for deep diagnosis of the specific case.

How to check TLS/SSL version compatibility for RDP connection?What to do if RDP connection is blocked by antivirus or Windows Defender?How to create a new certificate for Remote Desktop on Windows Server?Why does error 0x80004005 occur when connecting to RDP?How to configure security policy for RDP connection in a domain environment?What alternative RDP clients can be used instead of the standard mstsc?
Ask NeuroAgent