Home/Toolchest

RDP Connectivity Checklist

A structured check for RDP failures before changing firewall rules, user rights, or server policy.

Good For

  • Windows Server RDP
  • VPN access
  • remote admin
  • firewall path checks

How to Use It

  1. Confirm the target hostname resolves to the expected internal address.
  2. Test TCP 3389 from the same network path as the affected user.
  3. Confirm the user is allowed to sign in through Remote Desktop Services.
  4. Check recent TerminalServices and System logs for disconnect or listener errors.
  5. Review session limits, NLA requirements, VPN split tunnel behavior, and firewall scope.

Execution Modes

  • local
  • remote-single-host

Inputs and Outputs

Inputs

  • target hostname
  • user account
  • network path
  • expected firewall scope

Outputs

  • verbose-console
  • operator-notes

Command Starter

Safe to run: read-only

Test-NetConnection server.example.com -Port 3389
qwinsta /server:server.example.com
Get-EventLog -LogName System -Newest 50

Validation

  • TCP 3389 is reachable from the client path.
  • The expected user can complete sign-in without policy or session-limit errors.
  • Event logs stop recording the original connection failure.

Reporting

  • record TCP reachability, session state, and event log findings

Safety Notes

  • Check reachability and policy first.
  • Avoid widening firewall scope until the current path is documented.