After rebooting my work PC (windows XP sp3) this Wednesday (thank to Microsoft Tuesday), I found that I can't remote desktop to my work PC from home (with VPN to company). I have been remote-desktop to work for years and I am really surprised since connectivity is not the problem, so I brought up wireshark to sniff the packets.
I can see after TCP handshake,
client sent X.224 Connection Request
03 00 00 13 0e e0 00 00 00 00 00 01 00 08 00 03 00 00 00
server sent X.224 Connection Confirm.
03 00 00 0b 06 d0 00 00 12 34 00
According to "MS-RDPBCGR", the official spec on RDP, the server should include Negotiation Response in the "Connection Confirm" message but it didn't. It's empty.
I googled a lot but didn't find any clue on why server did that.
By the way, I used the same remote desktop client and can connect to other windows XP PC.
Here are a couple of pieces of information that may help to give a clue:
Since TCP handshake (server port being 3389), I believe the svchost service is actually running.
going to control panel -- system window, --- "Remote" tab, the remote desktop is indeeded checked and it states that my username is allowed.
according to the packet capture, client didn't even get a chance to tell server what user was trying to logon.
Yes, the progress bar showed up a few seconds and then it went back to the "Remote desktop Connection" window again.
Searched "windowsupdate.log", didn't find any appearance of the word "remote".
