Thursday, January 8, 2009

Solved: Cannot connect via RDP through RWW

The Problem:
When trying to connect to a remote Windows XP PC through Remote Web Workplace, you receive the error:
"The Microsoft Terminal Services Client ActiveX control (also known as Microsoft RDP Client Control) is either not available, or is not enabled. For more information about installing and enabling the ActiveX control, see the Microsoft TechNet Web site ("
The Solution:
Upgrade the XP PC to SP3 and then confirm that the Microsoft Terminal Services Client Control ActiveX control is enabled within IE's "Manage add-ons" window.

The Long Story:
After a user received this error, I dutifully read through the KB article that was referenced in the error. While reading the KB article a few things about this situation stood out to me:
  • The user's computer was XP SP2 and not SP3 (the fact that it was Media Center Edition did not seem to be relevant to me).
  • The drop-down panel in Internet Explorer which usually prompts the user to download the ActiveX client did not appear
  • The version of Remote Desktop that was on the user's PC was 5.1

In reality, I had several XP SP2 machines that had this same issue. It was only one user that reported it, however I used those multiple XP SP2 machines to test on throughout this whole ordeal.

For Terminal Services Web Access to work, the Terminal Services ActiveX client must be installed (mdrdp.ocx). It is installed, but disabled by default in XP SP3. I was under the impression that this very thing was what was offered to clients when they attempted to connect to the RWW so I shouldn't have to download it manually from the Microsoft website.

I wondered if maybe they safety of Internet Explorer was causing it to block the download. A Google search of the error revealed that there is a TechNet page that describes the various errors that can happen when attempting to use Remote Web Workplace. My very error is listed and the solution is as I suspected. Remote Desktop Protocol Client 6.0 or later is required.

I thought it strange that SP3 was not installed since I assumed that the computer would have the standard Windows Update settings that download and install updates automatically. I was a little worried that this users Windows installation might not be fully patched. The automatic updates settings were set to download and install recommended updates every day... at 3AM. I don't think this user's computer has ever been on at 3AM. But aren't automatic updates set to attempt to check and install after every missed opportunity? Hmmm... I checked the local policy on the computer and the "Reschedule Automatic Updates scheduled installations" policy was set to the default of "not configured" which means that missed update schedules are re-run one minute after the computer is next started. All other Windows Updates policies were default.

I went to Microsoft Updates website, and had to install the "New and updated client!" so that means no one had ever been to that site before. Of course, users should never, ever have to do that manually. It should update on its own

SP3 was offered to me, but I decided to forgo that major installation and simply install the latest RDP client to see if that solved things. Of course, after installation it still didn't work. Huh? Ah, that's probably because the new RDP client is 6.0 and I need 6.1. Back to the Windows update site. Unfortunately, it didn't seem to think I needed RDP 6.1 and this didn't offer it to me. I then used the manual download page (which I should have done all along). After installing 6.1, things still wouldn't work so I did what all Windows admins do: I rebooted. RWW's "Connect to a Computer" feature still wouldn't work or offer me the IE Information Bar drop down to install the ActiveX control.

Strangely I noticed that the mstsc.exe app still showed version 6.0.6001 and not 6.1. However, at the bottom of the about box it states "Remote Desktop Protocol 6.1 supported". I found this article which showed that I could bypass RWW and go straight to the terminal server using the RDP client. I decided to try that. If that didn't work, then it was definitely a RDP client problem. It worked like a charm. RDP itself didn't seem to be the issue. Maybe.

Finally, I simply installed SP3 on one of the affected PCs. It still didn't work! I tried it on my 7 laptop and even though the ActiveX control was not installed and I received the same error message, I saw the warning message "This website wants to run the following add-on". The information bar is what I was hoping to see this whole time. I began to be suspicious of the IE settings on the problem XP PCs.

I added remote.[mydomain].com to the trusted sites zone. No luck. I tried without add-ons, and still the "Information Bar" would not show up. I looked around for some information concerning a recalcitrant information bar. I open the advanced security settings (Tools >> options >> security tab>> advanced) and compared the ActiveX section of one of the problem PCs with the ActiveX section of a Windows 7 machine. They were both identical on the default medium-high settings. I decided to turn off the the Information bar for ActiveX controls (ActiveX controls and plug-ins >> Automatic prompting for ActiveX controls >> Enable). The exact same symptoms persisted.

I found someone on the net that had a similar problem. As a result, I reset all security zones to default and then finally reset IE 8 altogether. Still no change. I disabled the Kaspersky antivirus with no change. There was some registry hacking suggested in this Experts-Exchange thread, but I didn't pursue it:

I realized that these two XP SP2/3 machines were internal to the network. Maybe that had something to do with it. I tried an XP SP3 machine external to the network. It was not a member of the domain nor had it ever connected to the RWW before. It went right through without even asking me to install the activeX control. It was IE6 so I upgraded to IE8 and I got the error "The Microsoft Terminal Services Client ActiveXC control" etc., however I heard the familiar "ba-blip" noise and saw the Information Bar drop down and ask for the ActiveX control to be installed.

I tried it on a Server 2003 SP2 machine that was a member of the domain. I received the same TS ActiveX control error, but saw the Information bar drop down in the newly opened remote access window.

I installed SP3 on a completely different XP SP2 machine and was able to flawlessly connect to the RWW terminal services feature. The first XP SP2 machine that I was working on had been upgraded to SP3 still had problems. After some more testing, I decided to deem that Windows installation as "troubled" and that the symptoms I had experience were not normal. SP3 should have fixed the issue for that one machine, but it didn't. It's always fun when you're test machine is unstable and returns unpredictable and nonstandard results. Note to self: always use multiple test machines.

No comments:

Post a Comment