mikeybabes
asked on
Remote Desktop won't connect from one location
I wonder if you can help me with something that is driving me up the wall.
I am trying to connect to a Windows 2003 SBS server with remote desktop connection.
We have other people with laptops who can connect with wireless USB modems, and people who are connecting fine from home with broadband connections. RDC also works with machines on the local network.
However, from home everythime I try to connect I get "This computer can't connect to the remote computer. Try connecting again..."
At home, however, I can ping the server and get a reply, remote web workspace works, exchange works. I have two computers at home that I am using to try and connect. One is an iMac24 running both OSX and Windows Vista Business 32 bit SP1, and the other is an Intel MacBook Pro running OSX and Windows XP SP3. They are connected wirelessly to a Thomson TG585 v7 modem router and then to the internet.
When running any of the above operating systems I get this same error. I am now concentrating on getting it wokring from Windows Vista on the iMac. I have opened up the inbuilt Vista firewall to allow remote desktop connection. There is also the free version of Avast anti virus running on the machine.
I recently replaced the Netgear modem/router with a Thomson TG585 v7, which was sent to me by my service provider. When I had the Netgear I could connect via RDC withou any special configuration (though there was the odd occasion when I couldn't connect and then a few days later I could).
Looking though the forums I have set up a static IP address for my iMac. I have also set up port forwarding for port 3389. Though when I check this with open a port on the website http://www.yougetsignal.com/tools/open-ports/ it tells me that port 3389 is blocked. So I then disabled the firewall completely - and the website still tells me the port is closed. I would prefer to not use port forwarding at all and have dynamic IP's on my wireless router, so I could switch between laptop and desktop without having to keep changing the settings - but if I could get it to work at all I would be pleased.
Any advice you can give may save my sanity. (unfortunately I no longer have the netgear router/modem).
Mike.
I am trying to connect to a Windows 2003 SBS server with remote desktop connection.
We have other people with laptops who can connect with wireless USB modems, and people who are connecting fine from home with broadband connections. RDC also works with machines on the local network.
However, from home everythime I try to connect I get "This computer can't connect to the remote computer. Try connecting again..."
At home, however, I can ping the server and get a reply, remote web workspace works, exchange works. I have two computers at home that I am using to try and connect. One is an iMac24 running both OSX and Windows Vista Business 32 bit SP1, and the other is an Intel MacBook Pro running OSX and Windows XP SP3. They are connected wirelessly to a Thomson TG585 v7 modem router and then to the internet.
When running any of the above operating systems I get this same error. I am now concentrating on getting it wokring from Windows Vista on the iMac. I have opened up the inbuilt Vista firewall to allow remote desktop connection. There is also the free version of Avast anti virus running on the machine.
I recently replaced the Netgear modem/router with a Thomson TG585 v7, which was sent to me by my service provider. When I had the Netgear I could connect via RDC withou any special configuration (though there was the odd occasion when I couldn't connect and then a few days later I could).
Looking though the forums I have set up a static IP address for my iMac. I have also set up port forwarding for port 3389. Though when I check this with open a port on the website http://www.yougetsignal.com/tools/open-ports/ it tells me that port 3389 is blocked. So I then disabled the firewall completely - and the website still tells me the port is closed. I would prefer to not use port forwarding at all and have dynamic IP's on my wireless router, so I could switch between laptop and desktop without having to keep changing the settings - but if I could get it to work at all I would be pleased.
Any advice you can give may save my sanity. (unfortunately I no longer have the netgear router/modem).
Mike.
You do not have to port forward 3389 at your house (from the internet to whatever workstation you are using) to get an RDP connection to work.
Since you initiated the connection it is considered "stateful" and further communication should be passed by your firewall (in the same way you don't have to forwards port 80 to browse the web, etc).
If other computers on different connections don't have a problem accessing the work location via the same method AND you can bring your laptop (that doesn't work @ home) to a coffee shop or something and connect then it is clear your connection is to blame. Get on the horn with your ISP and demand that it be resolved.
Since you initiated the connection it is considered "stateful" and further communication should be passed by your firewall (in the same way you don't have to forwards port 80 to browse the web, etc).
If other computers on different connections don't have a problem accessing the work location via the same method AND you can bring your laptop (that doesn't work @ home) to a coffee shop or something and connect then it is clear your connection is to blame. Get on the horn with your ISP and demand that it be resolved.
ASKER
dfxdeimos: & thinkpads user:
Thank you for explaining I don't need port forwarding. I will take my laptop to the local Macdonalds tomorrow and see if that works.
However, I am not sure what you mean about connecting through a VPN. We have 2 servers, one is the SBS2003 server, and we have another 2003 server which is purely running for terminal services. Normally when we connect via remote desktop it goes straight to the terminal services 2003 server, and then have to RDP again from there if we want to access the SBS Server. We have a couple of Apps on the terminal server that some of our staff need to run remotely.
The reason I changed my router is that my ISP told me to do so as my line was being upgraded to ADSL2 and they recommended that I use their router. I wonder if this is something to do with the way they have set up the ADSL2 connection ? I'll be giving them a call tomorrow when they open and will report back.
Thank you sincerely for your input
Thank you for explaining I don't need port forwarding. I will take my laptop to the local Macdonalds tomorrow and see if that works.
However, I am not sure what you mean about connecting through a VPN. We have 2 servers, one is the SBS2003 server, and we have another 2003 server which is purely running for terminal services. Normally when we connect via remote desktop it goes straight to the terminal services 2003 server, and then have to RDP again from there if we want to access the SBS Server. We have a couple of Apps on the terminal server that some of our staff need to run remotely.
The reason I changed my router is that my ISP told me to do so as my line was being upgraded to ADSL2 and they recommended that I use their router. I wonder if this is something to do with the way they have set up the ADSL2 connection ? I'll be giving them a call tomorrow when they open and will report back.
Thank you sincerely for your input
Disregard the VPN talk. Some places have to establish a Virtual Private Network (VPN) connection with their workplace in order to use remote desktop. Your setup doesn't seem to require this.
If your SBS2003 is bare-assed to the Internet, you have a serious security issue. I would always put my servers behind a firewall, which then normally is further secured with a VPN connections. Clients activate (connect via) the VPN client and then RDP to the server or just connect to whatever internal resources. That is what I meant.
But first see if you can connect in your normal fashion with another ISP. MacDonalds should do fine, so also will a friend or a friendly neighbour. ... Thinkpads_User
But first see if you can connect in your normal fashion with another ISP. MacDonalds should do fine, so also will a friend or a friendly neighbour. ... Thinkpads_User
He didn't say that the SBS box was on the internet, he said that the Terminal Server is exposed to the internet. It isn't a security risk if you have an updated box and a decent password policy.
Also, even if SBS was directly connected to the internet it wouldn't be at risk as long as it is updated and running the integrated ISA server.
Also, even if SBS was directly connected to the internet it wouldn't be at risk as long as it is updated and running the integrated ISA server.
ASKER
Hi there,
There has been a bit of a development. I got one of the other guys laptops using a mobile connection and it still didn't work. Apparently, connecting via MSTSC stoped working a while ago, so everyone now goes into remote web workspace and then "connects to my company's application sharing server" from there. Of course no-one thought to mention this to me !
So going in via RWW works fine but via mstsc doesn't. Normally this would not be a major issue, but there a couple of people who need to connect with Macs and of course the remote desktop active X control doesn't work on a Mac, you have to use Microsoft's Remote Desktop application (the mac version of mstsc) or you can't get on.
Any ideas guys ?
Thank you in advance for your help.
Mike
There has been a bit of a development. I got one of the other guys laptops using a mobile connection and it still didn't work. Apparently, connecting via MSTSC stoped working a while ago, so everyone now goes into remote web workspace and then "connects to my company's application sharing server" from there. Of course no-one thought to mention this to me !
So going in via RWW works fine but via mstsc doesn't. Normally this would not be a major issue, but there a couple of people who need to connect with Macs and of course the remote desktop active X control doesn't work on a Mac, you have to use Microsoft's Remote Desktop application (the mac version of mstsc) or you can't get on.
Any ideas guys ?
Thank you in advance for your help.
Mike
Sounds like your router at the office isn't passing 3389 anymore. I would check that out.
Cheers
Cheers
ASKER
No, that ports open - one of the first things I checked.
I'm considering re-running the IECW to see if it sort it it out - but rather than just relying on a wizard I'd love to know what's causing it.
Mike
I'm considering re-running the IECW to see if it sort it it out - but rather than just relying on a wizard I'd love to know what's causing it.
Mike
ASKER
Any further ideas ? (Bump)
Mike
Mike
You said, "At home, however, I can ping the server and get a reply, remote web workspace works"
Are you pinging the public IP of your office? (Is that the IP you use for RDC?)
What type of router do you have at the office?
Are you pinging the public IP of your office? (Is that the IP you use for RDC?)
What type of router do you have at the office?
you say 3389 is open, but have you tested it?
from the cmd prompt try:
telnet ipaddyofsbsserver 3389
are you able establish a brief telnet session?
from the cmd prompt try:
telnet ipaddyofsbsserver 3389
are you able establish a brief telnet session?
ASKER
Yes, I am pinging the public IP at the office and it is the same as the IP address for the RDC.
Although the port appears open on the router (which is a netgear) - telnet can't connect to that port !
Does this mean it is a port forwarding issue ? I checked that before and it appears fine - but I'll check again.
Regards, Mike.
Although the port appears open on the router (which is a netgear) - telnet can't connect to that port !
Does this mean it is a port forwarding issue ? I checked that before and it appears fine - but I'll check again.
Regards, Mike.
ASKER
Right - I've checked a few things and got a little further:
We have 2 servers - one is a SBS2003 server which is connected to the router by IP address 10.0.0.2
The other is a windows 2003 server (Tserver) running terminal services which is connected to the router by IP address 10.0.0.3
When i configure the router to port forward to the SBServer on 10.0.0.2 everything works.
When I configure the router to port forward to the Tserver on 10.0.0.3 there is no connection.
I need to connect via the Tserver as the Apps required are installed on it.
There must be something on the TServer that is rejecting the connection.
Any Ideas ?
Thanks for your help so far guys.
Mike
We have 2 servers - one is a SBS2003 server which is connected to the router by IP address 10.0.0.2
The other is a windows 2003 server (Tserver) running terminal services which is connected to the router by IP address 10.0.0.3
When i configure the router to port forward to the SBServer on 10.0.0.2 everything works.
When I configure the router to port forward to the Tserver on 10.0.0.3 there is no connection.
I need to connect via the Tserver as the Apps required are installed on it.
There must be something on the TServer that is rejecting the connection.
Any Ideas ?
Thanks for your help so far guys.
Mike
Windows Server 2003 has some of the same remote access properties as XP and Vista. I know this is down at the trivial end of the scale, but have you checked in the Terminal Server -> My Computer -> Properties -> Remote -> Enable Remote Desktop on this computer? Is it checked?
... Thinkpads_User
... Thinkpads_User
ASKER
Yes, that is one of the first things I checked, and as you say, whilst it is at the trivial end of the scale, it is just the sort of stupid thing that I would have forgotten about!
Thanks for the suggestion.
Mike
Thanks for the suggestion.
Mike
ASKER
Oh it's worth mentioning that I can rdp to the Tserver from the internal network - it's only from outside its a problem.
Mike.
Mike.
a few more thoughts...
1. have you reviewed your firewall logs?
2. although port forwarding is enabled from the netgear to 10.0.0.3 for 3389, there may be protocol type and or access policies in addition to the port forwarding rule that may be necessary. if this is the case, please verify they are properly configured.
3. Is it possible your environment provides multiple gateways to the Internet? if so, make sure the 10.0.0.3 hosts' default gateway points to the netgear.
4. is it possible your 10.0.0.3 host has a local firewall policy that trusts only local subnets? It's possible your 10.0.0.3 host is actually seeing the source IP of your Internet client and the firewall is blocking access due to the client's ip addresss.
I am not familiar w/ netgear firewalls, their policies, or how they mask the source (incoming Internet IP) address when forwarding traffic to internal hosts. with that consideration, several of my questions may not be relevant.
My guess is your problem most likely resides near the netgear firewall, and/or (if applicable) the software firewall on the 10.0.0.3 host. I suggest you continue to test your connections from your client to your terminal server via telnet (start-run-cmd-telnet publicipfortermserver 3389
once your able to establish a brief session via telnet (black window, flashing cursor in top left corner when connected) your toubleshooting process should be close to done.
1. have you reviewed your firewall logs?
2. although port forwarding is enabled from the netgear to 10.0.0.3 for 3389, there may be protocol type and or access policies in addition to the port forwarding rule that may be necessary. if this is the case, please verify they are properly configured.
3. Is it possible your environment provides multiple gateways to the Internet? if so, make sure the 10.0.0.3 hosts' default gateway points to the netgear.
4. is it possible your 10.0.0.3 host has a local firewall policy that trusts only local subnets? It's possible your 10.0.0.3 host is actually seeing the source IP of your Internet client and the firewall is blocking access due to the client's ip addresss.
I am not familiar w/ netgear firewalls, their policies, or how they mask the source (incoming Internet IP) address when forwarding traffic to internal hosts. with that consideration, several of my questions may not be relevant.
My guess is your problem most likely resides near the netgear firewall, and/or (if applicable) the software firewall on the 10.0.0.3 host. I suggest you continue to test your connections from your client to your terminal server via telnet (start-run-cmd-telnet publicipfortermserver 3389
once your able to establish a brief session via telnet (black window, flashing cursor in top left corner when connected) your toubleshooting process should be close to done.
ASKER
First of all I'd like to apologise to all those helping for the delay in response - We have had a major fire on the site next to us and were evaccuated from the building for 2 weeks. We are now going through the re-decoration from all the smoke damage. I'll be getting back to the server after we have fully moved back into the offices. Thank you all for your help so far.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can you move you laptop to a different ISP/Connection temporarily? If that works, it would eliminate your laptop setup for the most part.
... Thinkpads_User