?
Solved

Can't RDP to Pc at work through VPN

Posted on 2010-01-11
13
Medium Priority
?
364 Views
Last Modified: 2013-12-08
I have an employee that connects via VPN. The employee then needs to RDP to their work PC. But gets an error. "Can't connect to remote computer"  However, internally we can connect to the PC.  Can't figure out what is preventing connection through the VPN.  Any help would be appreciated.
0
Comment
Question by:rcolving
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +4
13 Comments
 
LVL 7

Expert Comment

by:powereds
ID: 26286555
Hi,

Please do this on the remote PC via command prompt.

telnet ip-of-target-pc 3389

You should get a blank command prompt. But if not, please check your VPNconfig/firewall/router to allow port 3389 traffic to pass.

I hope this help.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 26286562
Depends alot on what kind of VPN, what equipment, etc....  

For example, if this was a cisco VPN client, I would probably suggest looking at the Access-lists for the VPN ip range.  

If this is MS server PPTP, you should have a look at the Windows firewall on the server... test with it shut down, etc....
0
 
LVL 8

Expert Comment

by:dkumar82
ID: 26286583
Try to telnet to destination computer IP using port 3389,if not open the port

Check the RDP is enabled on remote Host computer.
0
On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

 
LVL 6

Expert Comment

by:kennyhenao
ID: 26286607
Guys,

He said he can RDP internally to the PC.
How are you trying to connect? IP or computer name? We need to know what VPN solution you are using to better help you.
0
 

Author Comment

by:rcolving
ID: 26286826
We are using MS VPN and have tried both PC Name and IP Addresss.
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 26286962
Can you ping the PC, or is it completely invisible to the VPN-connecting employee?
0
 

Author Comment

by:rcolving
ID: 26286984
Remote employee is able to ping 4 packets sent 4 packets received.  
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 26287010
It's a port permission issue, I'd wager. Check your ACLs.
0
 
LVL 20

Expert Comment

by:MightySW
ID: 26287122
Hi, Is the remote user using a Linksys or some type of broadband router?  If so then they will need to configure their static address from their computer to allow port TCP 3389 out.  This is basically the same for the internal firewall (if he has one or it is enabled in Windows XP).  By default, the XP firewall will allow TCP 3389 so I don't think that is the issue.  However, the user may have another version of firewall on his home PC that is not allowing egress over 3389 / RDP.

Please have these checked out.

HTH

0
 

Author Comment

by:rcolving
ID: 26287240
Not quite sure what ACLs is.
0
 
LVL 11

Expert Comment

by:rharland2009
ID: 26287446
It stands for Access Control List - commonly used on Cisco and many other types of routers.
It will enumerate the permitted and denied source/destination/port combinations for your location. It will reside on your router and/or firewall.
0
 

Author Comment

by:rcolving
ID: 26287472
Everything is working now.  It appears that after attempting the telnet things somehow opened up.  The employee is able to RDP using IP but not with PC Name.  Any ideas why name doesn't work?
0
 
LVL 20

Accepted Solution

by:
MightySW earned 1000 total points
ID: 26289070
This would be more than likely the fault of the DNS cache on the client computer or the VPN is not set to hand out the local DNS server \ WINS server to the clients.  It also should give out the default domain suffix (msft.com) to the client.  

Also, if there is a client firewall, and they are blocking LOCAL DNS then it will not resolve.  

A few things you can try from the client while connected to the VPN

ipconfig /flushdns
ipconfig /all
(ensure that your remote network settings (DNS, WINS) are correctly displayed and being issued)

ping name of another server or device that is sure to not have a firewall enabled on the remote end
ping the name of that computer from THAT machine.  It should reply immediately.  Next, do a tracert to the ip address of the computer on the remote network from the VPN'd machine.  If it sends you off in some other direction then you need to serve the DNS settings over the VPN correctly.

It does depend on what type of device you are using to VPN into, but lets just say it is a firewall of some sort.  

Make sure that within the pool that the device is giving out to VPN clients is the IP address of the DNS server, and the WINS server (if you have one).  Also ensure you have the default domain suffix / domain name entered correctly.  You should be able to see this with the ipconfig on the VPN client while connected.  

Go into ADUC and remove all forward and reverse entries for the connecting client and (while connected) issue the ipconfig /registerdns

Do this AFTER you have done the flushdna.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction If you're like most people, you have occasionally made a typographical error when you're entering information into an online form.  And to your consternation, the browser remembers the error, and offers to autocomplete your future entr…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question