?
Solved

Unable to connect over RDP and IPSEC-VPN to a specific host

Posted on 2010-01-12
10
Medium Priority
?
1,593 Views
Last Modified: 2013-11-21
Hi all,
Strange problem:

Client laptop "A" connects to the Internet over a cellular modem.
It then opens an IPSEC-VPN tunnel to the office network, over which he can now RDP to computer "X" and to computer "Y".

Client laptop "B" connects to the Internet over a cellular modem.
It then opens an IPSEC-VPN tunnel to the office network, over which he can now RDP to computer "X" BUT NOT to computer "Y".

When laptop "B" tries to RDP to computer "Y" over the VPN, the RDP client opens (with a black screen) and after about 30 seconds pops the message "Your Remote Desktop session has ended. The connection to the remote computer was lost, possibly due to network connectivity problems. Try connecting to the remote computer again..." - no username/password login screen is displayed.

Both laptos are Thinkpads with fully patched WinXP Pro SP3.
Computer "X" they are connecting to is a Windows 2003 Server and computer "Y" is a WinXP Pro SP3 desktop.
The Firewall is Fortigate and the IPSec client is FortiClient.

Any ideas?

Assaf
0
Comment
Question by:Hacktics
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
10 Comments
 
LVL 21

Expert Comment

by:Rick_O_Shay
ID: 26295463
Is there anything in the PC or main firewall rules that is different for those addresses?
0
 

Author Comment

by:Hacktics
ID: 26296013
No difference in FW/VPN rules.
Both laptops connect using the same cellular ISP, and using the same VPN user/pass (for the test that is :-).

I checked the WinXP firewall on the LAN computer to which I am having problems connecting, and it has an exception for Remote Desktop.

BTW, If I remove the Windows FW exception, I can't connect from both laptops (completely - timedout, no black screen).
0
 
LVL 21

Expert Comment

by:Rick_O_Shay
ID: 26296070
Can you do a test with the Windows firewall temporarily disabled to try to isolate which side has the issue?
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:Hacktics
ID: 26296400
Tried disabling the Windows FW completely - same results (i.e. - one laptop connects without a problem, and the other can't - same symptoms).
0
 
LVL 21

Expert Comment

by:Rick_O_Shay
ID: 26296635
Can the suspect laptop RDP to anything else?
What is the event log showing on "Y"?
You could try a packet capture on "Y" and see if there is any clue there as to what is happening differently.
0
 

Author Comment

by:Hacktics
ID: 26300527
As mentioned before, the "problematic" laptop can RDP to another machine - on the same LAN (same network) as the machine he is unable to connect to. So this doesn't look like a routing/firewall problem.

BTW, when the IPSec VPN is up, I can ping the host on the LAN but not RDP to it.
And other VPN users/laptops can connect to that host on the LAN without a problem.

I will try to capture some packets and report back... :-)

0
 

Author Comment

by:Hacktics
ID: 26301820
I did a bit of sniffing on the desktop machine in the LAN (the "Y" computer) - capturing 2 sessions - one from the laptop "A" that works, and one from laptop "B" that doesn't.

Attached are the two sessions.

Notice the working connection actually opens 2 separate connection - I don't know if that is the expected behavior.
Good-Connection.png
not-Good-Connection.png
0
 
LVL 2

Expert Comment

by:Jordie77
ID: 26349628
On Windows XP you need to add users or group to the remote desktop group. Can you check these settings (system properties, remote connections tab)?
0
 

Author Comment

by:Hacktics
ID: 26350864
thanks Jordie77, but as you can see in the original post - from another laptop over the same VPN configuration I CAN connect to that machine - so there are no permission problems.

0
 

Accepted Solution

by:
Hacktics earned 0 total points
ID: 26506894
The problem was solved by reinstalling the problematic laptop (full Windows install).

Sadly - I still have no idea what caused the problem.

Thank you all
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question