Can't RDP to Pc at work through VPN

I have an employee that connects via VPN. The employee then needs to RDP to their work PC. But gets an error. "Can't connect to remote computer"  However, internally we can connect to the PC.  Can't figure out what is preventing connection through the VPN.  Any help would be appreciated.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


Please do this on the remote PC via command prompt.

telnet ip-of-target-pc 3389

You should get a blank command prompt. But if not, please check your VPNconfig/firewall/router to allow port 3389 traffic to pass.

I hope this help.
Depends alot on what kind of VPN, what equipment, etc....  

For example, if this was a cisco VPN client, I would probably suggest looking at the Access-lists for the VPN ip range.  

If this is MS server PPTP, you should have a look at the Windows firewall on the server... test with it shut down, etc....
Try to telnet to destination computer IP using port 3389,if not open the port

Check the RDP is enabled on remote Host computer.
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).


He said he can RDP internally to the PC.
How are you trying to connect? IP or computer name? We need to know what VPN solution you are using to better help you.
rcolvingAuthor Commented:
We are using MS VPN and have tried both PC Name and IP Addresss.
Can you ping the PC, or is it completely invisible to the VPN-connecting employee?
rcolvingAuthor Commented:
Remote employee is able to ping 4 packets sent 4 packets received.  
It's a port permission issue, I'd wager. Check your ACLs.
Hi, Is the remote user using a Linksys or some type of broadband router?  If so then they will need to configure their static address from their computer to allow port TCP 3389 out.  This is basically the same for the internal firewall (if he has one or it is enabled in Windows XP).  By default, the XP firewall will allow TCP 3389 so I don't think that is the issue.  However, the user may have another version of firewall on his home PC that is not allowing egress over 3389 / RDP.

Please have these checked out.


rcolvingAuthor Commented:
Not quite sure what ACLs is.
It stands for Access Control List - commonly used on Cisco and many other types of routers.
It will enumerate the permitted and denied source/destination/port combinations for your location. It will reside on your router and/or firewall.
rcolvingAuthor Commented:
Everything is working now.  It appears that after attempting the telnet things somehow opened up.  The employee is able to RDP using IP but not with PC Name.  Any ideas why name doesn't work?
This would be more than likely the fault of the DNS cache on the client computer or the VPN is not set to hand out the local DNS server \ WINS server to the clients.  It also should give out the default domain suffix ( to the client.  

Also, if there is a client firewall, and they are blocking LOCAL DNS then it will not resolve.  

A few things you can try from the client while connected to the VPN

ipconfig /flushdns
ipconfig /all
(ensure that your remote network settings (DNS, WINS) are correctly displayed and being issued)

ping name of another server or device that is sure to not have a firewall enabled on the remote end
ping the name of that computer from THAT machine.  It should reply immediately.  Next, do a tracert to the ip address of the computer on the remote network from the VPN'd machine.  If it sends you off in some other direction then you need to serve the DNS settings over the VPN correctly.

It does depend on what type of device you are using to VPN into, but lets just say it is a firewall of some sort.  

Make sure that within the pool that the device is giving out to VPN clients is the IP address of the DNS server, and the WINS server (if you have one).  Also ensure you have the default domain suffix / domain name entered correctly.  You should be able to see this with the ipconfig on the VPN client while connected.  

Go into ADUC and remove all forward and reverse entries for the connecting client and (while connected) issue the ipconfig /registerdns

Do this AFTER you have done the flushdna.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Browsers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.