Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 375
  • Last Modified:

Can't RDP to Pc at work through VPN

I have an employee that connects via VPN. The employee then needs to RDP to their work PC. But gets an error. "Can't connect to remote computer"  However, internally we can connect to the PC.  Can't figure out what is preventing connection through the VPN.  Any help would be appreciated.
0
rcolving
Asked:
rcolving
  • 4
  • 3
  • 2
  • +4
1 Solution
 
poweredsCommented:
Hi,

Please do this on the remote PC via command prompt.

telnet ip-of-target-pc 3389

You should get a blank command prompt. But if not, please check your VPNconfig/firewall/router to allow port 3389 traffic to pass.

I hope this help.
0
 
MikeKaneCommented:
Depends alot on what kind of VPN, what equipment, etc....  

For example, if this was a cisco VPN client, I would probably suggest looking at the Access-lists for the VPN ip range.  

If this is MS server PPTP, you should have a look at the Windows firewall on the server... test with it shut down, etc....
0
 
dkumar82Commented:
Try to telnet to destination computer IP using port 3389,if not open the port

Check the RDP is enabled on remote Host computer.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
kennyhenaoCommented:
Guys,

He said he can RDP internally to the PC.
How are you trying to connect? IP or computer name? We need to know what VPN solution you are using to better help you.
0
 
rcolvingAuthor Commented:
We are using MS VPN and have tried both PC Name and IP Addresss.
0
 
rharland2009Commented:
Can you ping the PC, or is it completely invisible to the VPN-connecting employee?
0
 
rcolvingAuthor Commented:
Remote employee is able to ping 4 packets sent 4 packets received.  
0
 
rharland2009Commented:
It's a port permission issue, I'd wager. Check your ACLs.
0
 
MightySWCommented:
Hi, Is the remote user using a Linksys or some type of broadband router?  If so then they will need to configure their static address from their computer to allow port TCP 3389 out.  This is basically the same for the internal firewall (if he has one or it is enabled in Windows XP).  By default, the XP firewall will allow TCP 3389 so I don't think that is the issue.  However, the user may have another version of firewall on his home PC that is not allowing egress over 3389 / RDP.

Please have these checked out.

HTH

0
 
rcolvingAuthor Commented:
Not quite sure what ACLs is.
0
 
rharland2009Commented:
It stands for Access Control List - commonly used on Cisco and many other types of routers.
It will enumerate the permitted and denied source/destination/port combinations for your location. It will reside on your router and/or firewall.
0
 
rcolvingAuthor Commented:
Everything is working now.  It appears that after attempting the telnet things somehow opened up.  The employee is able to RDP using IP but not with PC Name.  Any ideas why name doesn't work?
0
 
MightySWCommented:
This would be more than likely the fault of the DNS cache on the client computer or the VPN is not set to hand out the local DNS server \ WINS server to the clients.  It also should give out the default domain suffix (msft.com) to the client.  

Also, if there is a client firewall, and they are blocking LOCAL DNS then it will not resolve.  

A few things you can try from the client while connected to the VPN

ipconfig /flushdns
ipconfig /all
(ensure that your remote network settings (DNS, WINS) are correctly displayed and being issued)

ping name of another server or device that is sure to not have a firewall enabled on the remote end
ping the name of that computer from THAT machine.  It should reply immediately.  Next, do a tracert to the ip address of the computer on the remote network from the VPN'd machine.  If it sends you off in some other direction then you need to serve the DNS settings over the VPN correctly.

It does depend on what type of device you are using to VPN into, but lets just say it is a firewall of some sort.  

Make sure that within the pool that the device is giving out to VPN clients is the IP address of the DNS server, and the WINS server (if you have one).  Also ensure you have the default domain suffix / domain name entered correctly.  You should be able to see this with the ipconfig on the VPN client while connected.  

Go into ADUC and remove all forward and reverse entries for the connecting client and (while connected) issue the ipconfig /registerdns

Do this AFTER you have done the flushdna.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 4
  • 3
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now