Solved

Server 2003 RDP works from WAN but not LAN

Posted on 2008-10-23
10
295 Views
Last Modified: 2010-04-21
I have 8 Domain Controllers set up on 8 sites. I can log in to any one of them from any site on the network except the site it is on. If I try to RDC onto a server on the same site (and therefore the same subnet) as the PC I am connecting from it won't work. This seems counter-intuitive and has me confused, can anyone suggtest what could be causing this?
0
Comment
Question by:silent_waters
  • 5
  • 4
10 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 22789058
Are you using DNS or IP ?

What message do you get ?


I hope this helps !
0
 
LVL 9

Expert Comment

by:Sci-Fi-Si
ID: 22789980
Wise words there by SysExpert. If the address of the computer you are trying to access resolves to an external IP address you will get a 'loop-back' your router won't allow this as it's a form of attack.

If you 'ping' the DNS or NetBIOS name of the computer you are trying to access and you get a reply that isn't

10.x.x.x or 192.168.x.x and you get a public IP instead that's the route of your problem.

Your answer lies with DNS and I can talk you through that if you need.

To get immediate results just use the local IP address of the computer you are trying to access.

All the best
Sci-Fi Si

:)
0
 

Author Comment

by:silent_waters
ID: 22791712
Actually I can't ping the servers by IP or by name. The name resolves to a local address, but still doesn't respond either way.
0
 
LVL 9

Expert Comment

by:Sci-Fi-Si
ID: 22791865
This sounds like a firewall issue, do you know the topology of your network? Or what security is in place?
0
 

Author Comment

by:silent_waters
ID: 22791996
I've disabled the firewalls completely to see if that was the problem, and I still can't ping the servers. Anyway, if it was a firewall issue why would it not affect pings from other sites? I certainly haven't created any rules that would cause this behaviour.

The topology is simple. Each site has a single subnet, with an address of 10.x.x.0/24. on .1 is the domain controller, on .252 is an internet router, and on .253 is a WAN router. The WAN is an MPLS network, so I have any-to-any conectivity. The wierd thing is that the connections all work between sites, it is only when I am pinging the server from its own site that it doesn't work.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 9

Expert Comment

by:Sci-Fi-Si
ID: 22792256
Okey Dokey

Looks like were getting somewhere. To cross the subnets locally the 10.x.x.0/24 will mask out any machine that's not in the same 1-254 range. The address you're pinging would need to go out through the router and then back in on itself to get resolved which would be considered a loop-back and so regarded as an attack on your network by your router.

A subnet of 255.0.0.0 would allow you to access all your machines in the 10.x.x.x range without needing to be routed.

If one server had an IP of (for example) 10.0.1.1 and a subnet of 255.255.0.0 you would be able to contact any other machine in the range of 10.0.x.x without any problem.

You could try manually assigning IP's with a subnet of 255.255.0.0 on a couple of machines to test this out, you should be able to contact them without any problem.

Let me know how it goes.

All the best
Sci-Fi Si
0
 

Author Comment

by:silent_waters
ID: 22794768
This is not a problem for any of the other machines though. For example: If I connect my laptop to the network I get a DHCP assigned address of 10.144.154.64. The local server is on 10.144.154.1, the local router is on 10.144..154.253 and there are a bunch of other PCs on the local network, one of which is on 10.144.154.63. All of these have subnet masks of 255.255.255.0.
Exactly the same set of addresses are present on another site, except with the middle octets 169.91. Same mask, same addresses everything identical. From my Laptop I can ping 10.169.91.1 but not 10.144.154.1. I can also ping 10.144.154.253 and 10.144.154.63, just not .1. This maks me think it must be server related.
Essentially we are using Class C networks, but with addresses that are officially in the class A range. It works because it is private. It is only the new server that doesn't want to play.
0
 
LVL 9

Accepted Solution

by:
Sci-Fi-Si earned 500 total points
ID: 22795201
Morning silent waters

I'm with you.

Laptop IP > 10.144.154.64 and pings to 10.169.91.x are also fine, packets are crossing subnets and routing seems to be fine.

Laptop IP > 10.144.154.64 and pings to 10.144.x.x are fine, those packets don't cross subnets and do not need to be routed. However from what I understand you just can't ping 10.144.154.1

So it's just a problem with one server on one subnet that won't respond to a ping either locally or accross your WAN/MAN.

> This makes me think it must be server related.

I agree with you. Your routing is fine and everything looks to be set up properly.

So it's basically just one server in the group 10.144.154.x with the IP of 10.144.154.1 that won't talk.

It's time to give that server a jolly good talking to and let it know who's boss - Don't stand for it.

I take it as it not contactable or of any use at the moment so it wouldn't matter taking it off the main network for some diagnostics? The brute force approach (which I'm particularly fond of) would be to take a crossover cable from your laptop manually assign your IP of 10.144.154.64 and connect it directly to your server, this would remove all other possible issues and get straight to the point. If the server still won't respond you probably have a faulty network card either on the mobo' or a card thats plugged in. Faulty network cards are quite rare but it does happen. However at this stage we just want to eliminate anything that could be causing a problem. It's a new server and therefore anything goes.

It's possible the server firewall is blocking ping packets, but I honestly doubt it.

There's an extreamily handy USB to Ethernet adaptor I have which is great for situations like this and a handy bit of kit to have in ones arsenal.

I suspect your software setup is completely fine and the problem it most likely hardware related and your server just needs a kick in the pants.

All the best
Sci-Fi Si

:)
0
 
LVL 9

Expert Comment

by:Sci-Fi-Si
ID: 22795256
N.B.

>The wierd thing is that the connections all work between sites, it is only when I am pinging the server from its own site that it doesn't work.

This really doesn't make a lot of sence its as though local ICMP packets have been disabled or TCP port 445 has been disabled.

Did you install this server as only the person who configured this server would know.

Does looking at the shares of \\10.144.154.1 work from the same subnet?

Just a thought.
0
 

Author Closing Comment

by:silent_waters
ID: 31509278
It was a DNS problem aparantly. I removed and reinstalled the DNS role and it started working. Why it should affect anything when I was pinging by IP address I don't know.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now