Server 2003 RDP works from WAN but not LAN

I have 8 Domain Controllers set up on 8 sites. I can log in to any one of them from any site on the network except the site it is on. If I try to RDC onto a server on the same site (and therefore the same subnet) as the PC I am connecting from it won't work. This seems counter-intuitive and has me confused, can anyone suggtest what could be causing this?
silent_watersAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SysExpertCommented:
Are you using DNS or IP ?

What message do you get ?


I hope this helps !
0
Sci-Fi-SiCommented:
Wise words there by SysExpert. If the address of the computer you are trying to access resolves to an external IP address you will get a 'loop-back' your router won't allow this as it's a form of attack.

If you 'ping' the DNS or NetBIOS name of the computer you are trying to access and you get a reply that isn't

10.x.x.x or 192.168.x.x and you get a public IP instead that's the route of your problem.

Your answer lies with DNS and I can talk you through that if you need.

To get immediate results just use the local IP address of the computer you are trying to access.

All the best
Sci-Fi Si

:)
0
silent_watersAuthor Commented:
Actually I can't ping the servers by IP or by name. The name resolves to a local address, but still doesn't respond either way.
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

Sci-Fi-SiCommented:
This sounds like a firewall issue, do you know the topology of your network? Or what security is in place?
0
silent_watersAuthor Commented:
I've disabled the firewalls completely to see if that was the problem, and I still can't ping the servers. Anyway, if it was a firewall issue why would it not affect pings from other sites? I certainly haven't created any rules that would cause this behaviour.

The topology is simple. Each site has a single subnet, with an address of 10.x.x.0/24. on .1 is the domain controller, on .252 is an internet router, and on .253 is a WAN router. The WAN is an MPLS network, so I have any-to-any conectivity. The wierd thing is that the connections all work between sites, it is only when I am pinging the server from its own site that it doesn't work.
0
Sci-Fi-SiCommented:
Okey Dokey

Looks like were getting somewhere. To cross the subnets locally the 10.x.x.0/24 will mask out any machine that's not in the same 1-254 range. The address you're pinging would need to go out through the router and then back in on itself to get resolved which would be considered a loop-back and so regarded as an attack on your network by your router.

A subnet of 255.0.0.0 would allow you to access all your machines in the 10.x.x.x range without needing to be routed.

If one server had an IP of (for example) 10.0.1.1 and a subnet of 255.255.0.0 you would be able to contact any other machine in the range of 10.0.x.x without any problem.

You could try manually assigning IP's with a subnet of 255.255.0.0 on a couple of machines to test this out, you should be able to contact them without any problem.

Let me know how it goes.

All the best
Sci-Fi Si
0
silent_watersAuthor Commented:
This is not a problem for any of the other machines though. For example: If I connect my laptop to the network I get a DHCP assigned address of 10.144.154.64. The local server is on 10.144.154.1, the local router is on 10.144..154.253 and there are a bunch of other PCs on the local network, one of which is on 10.144.154.63. All of these have subnet masks of 255.255.255.0.
Exactly the same set of addresses are present on another site, except with the middle octets 169.91. Same mask, same addresses everything identical. From my Laptop I can ping 10.169.91.1 but not 10.144.154.1. I can also ping 10.144.154.253 and 10.144.154.63, just not .1. This maks me think it must be server related.
Essentially we are using Class C networks, but with addresses that are officially in the class A range. It works because it is private. It is only the new server that doesn't want to play.
0
Sci-Fi-SiCommented:
Morning silent waters

I'm with you.

Laptop IP > 10.144.154.64 and pings to 10.169.91.x are also fine, packets are crossing subnets and routing seems to be fine.

Laptop IP > 10.144.154.64 and pings to 10.144.x.x are fine, those packets don't cross subnets and do not need to be routed. However from what I understand you just can't ping 10.144.154.1

So it's just a problem with one server on one subnet that won't respond to a ping either locally or accross your WAN/MAN.

> This makes me think it must be server related.

I agree with you. Your routing is fine and everything looks to be set up properly.

So it's basically just one server in the group 10.144.154.x with the IP of 10.144.154.1 that won't talk.

It's time to give that server a jolly good talking to and let it know who's boss - Don't stand for it.

I take it as it not contactable or of any use at the moment so it wouldn't matter taking it off the main network for some diagnostics? The brute force approach (which I'm particularly fond of) would be to take a crossover cable from your laptop manually assign your IP of 10.144.154.64 and connect it directly to your server, this would remove all other possible issues and get straight to the point. If the server still won't respond you probably have a faulty network card either on the mobo' or a card thats plugged in. Faulty network cards are quite rare but it does happen. However at this stage we just want to eliminate anything that could be causing a problem. It's a new server and therefore anything goes.

It's possible the server firewall is blocking ping packets, but I honestly doubt it.

There's an extreamily handy USB to Ethernet adaptor I have which is great for situations like this and a handy bit of kit to have in ones arsenal.

I suspect your software setup is completely fine and the problem it most likely hardware related and your server just needs a kick in the pants.

All the best
Sci-Fi Si

:)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sci-Fi-SiCommented:
N.B.

>The wierd thing is that the connections all work between sites, it is only when I am pinging the server from its own site that it doesn't work.

This really doesn't make a lot of sence its as though local ICMP packets have been disabled or TCP port 445 has been disabled.

Did you install this server as only the person who configured this server would know.

Does looking at the shares of \\10.144.154.1 work from the same subnet?

Just a thought.
0
silent_watersAuthor Commented:
It was a DNS problem aparantly. I removed and reinstalled the DNS role and it started working. Why it should affect anything when I was pinging by IP address I don't know.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.