Problems with RDC while VPN'd into Work
One of our employees takes his laptop home to VPN in and work (via Microsoft means). He can access email via outlook, shared drives, etc...but he cannot RDC to one of our machines. RDC is enabled on that machine, and yes he is a part of Remote Desktop Users. Right when he connects, he gets the remote desktop disconnected error...and I have no idea why. It works fine in the office. He can confirm he's VPN'd in over the phone with me by pulling up VPN status and showing bytes sent and received...
any ideas or suggestions?
any ideas or suggestions?
Some idea for you to look further:
Does the machine he try to RDC to have firewall or group policy that limit only a certain subnet can connect?
Check his IP address while VPN in. There are certain VPN setting that can make him on a different subnet.
Does the machine he try to RDC to have firewall or group policy that limit only a certain subnet can connect?
Check his IP address while VPN in. There are certain VPN setting that can make him on a different subnet.
ASKER
rdp version is same; like i said he can at work there is no reason why he shouldn't be able to from home (that is version related, i mean)
no firewall, no gp limit on subnet (i verified that when he is vpn'd in he is on the same subnet
no firewall, no gp limit on subnet (i verified that when he is vpn'd in he is on the same subnet
Has he tried to connect via IP? If that works from home then you need to either ensure that he is receiving DNS and WINS information from the VPN (IPconfig /all) OR that you edit his hosts file to point to the computer he is trying to access with the name.
HTH
HTH
ASKER
why edit host file? it looks the same as mine.
I will have him check WINS and DNS using ip config...but that means that even if we tried by ip it should have worked...right?
I will have him check WINS and DNS using ip config...but that means that even if we tried by ip it should have worked...right?
Not necessarily. Locally your DNS is getting adapted appropriately, while over a VPN it isn't. This is very common and you will see many instances of this all over these forums and the internet. What happens is that the VPN client will VPN into yourdomain.local and try to resolve machine.yourdomain.local and ACTUALLY try to go off of the VPN to resolve the name. Of course it will be using your VPN and internet access to do this (unless you are not tunneling DNS queries) and it will just bypass the machine name altogether. Again, this is very common between ISPs. The hosts file can be changed as a serious bandaid to help resolution while they are on the VPN. DNS resolution will look to the local hosts file on the machine before looking to its own DNS server.
A few things you can look at: Check to see if the DNS server is only accepting secure dynamic updates. If so then only AD machines will register their names within AD. If a VPN user needs to resolve names then that machine either needs to be a member of the domain or you need to turn off secure and go to unsecure dynamic updates. You may not want to do this if you have a very large domain (over 1000 nodes) due to DNS poisoning and UDP attacks on the DNS server. As long as this DNS server is local then you should be fine (not in the DMZ).
HTH
A few things you can look at: Check to see if the DNS server is only accepting secure dynamic updates. If so then only AD machines will register their names within AD. If a VPN user needs to resolve names then that machine either needs to be a member of the domain or you need to turn off secure and go to unsecure dynamic updates. You may not want to do this if you have a very large domain (over 1000 nodes) due to DNS poisoning and UDP attacks on the DNS server. As long as this DNS server is local then you should be fine (not in the DMZ).
HTH
ASKER
so what should i add to the host file? The ip address of our DNS server?
ASKER
the user also uses Charter Internet Services, which I have read has problems with DNS...is it just possible that his ISP is the fault?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Which RDP version yours and his?
Does he or the computer trying to connect to has a firewall enabled?