Problems with RDC while VPN'd into Work

bmanwill
bmanwill used Ask the Experts™
on
One of our employees takes his laptop home to VPN in and work (via Microsoft means). He can access email via outlook, shared drives, etc...but he cannot RDC to one of our machines. RDC is enabled on that machine, and yes he is a part of Remote Desktop Users. Right when he connects, he gets the remote desktop disconnected error...and I have no idea why. It works fine in the office. He can confirm he's VPN'd in over the phone with me by pulling up VPN status and showing bytes sent and received...

any ideas or suggestions?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Which version his VPN client? What OS?
Which RDP version yours and his?
Does he or the computer trying to connect to has a firewall enabled?

Commented:
Some idea for you to look further:

Does the machine he try to RDC to have firewall or group policy that limit only a certain subnet can connect?

Check his IP address while VPN in. There are certain VPN setting that can make him on a different subnet.

Author

Commented:
rdp version is same; like i said he can at work there is no reason why he shouldn't be able to from home (that is version related, i mean)

no firewall, no gp limit on subnet (i verified that when he is vpn'd in he is on the same subnet
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Commented:
Has he tried to connect via IP?  If that works from home then you need to either ensure that he is receiving DNS and WINS information from the VPN (IPconfig /all) OR that you edit his hosts file to point to the computer he is trying to access with the name.

HTH

Author

Commented:
why edit host file? it looks the same as mine.

I will have him check WINS and DNS using ip config...but that means that even if we tried by ip it should have worked...right?

Commented:
Not necessarily.  Locally your DNS is getting adapted appropriately, while over a VPN it isn't.  This is very common and you will see many instances of this all over these forums and the internet.  What happens is that the VPN client will VPN into yourdomain.local and try to resolve machine.yourdomain.local and ACTUALLY try to go off of the VPN to resolve the name.  Of course it will be using your VPN and internet access to do this (unless  you are not tunneling DNS queries) and it will just bypass the machine name altogether.  Again, this is very common between ISPs.  The hosts file can be changed as a serious bandaid to help resolution while they are on the VPN.  DNS resolution will look to the local hosts file on the machine before looking to its own DNS server.

A few things you can look at: Check to see if the DNS server is only accepting secure dynamic updates. If so then only AD machines will register their names within AD.  If a VPN user needs to resolve names then that machine either needs to be a member of the domain or you need to turn off secure and go to unsecure dynamic updates.  You may not want to do this if you have a very large domain (over 1000 nodes) due to DNS poisoning and UDP attacks on the DNS server.  As long as this DNS server is local then you should be fine (not in the DMZ).

HTH

Author

Commented:
so what should i add to the host file? The ip address of our DNS server?

Author

Commented:
the user also uses Charter Internet Services, which I have read has problems with DNS...is it just possible that his ISP is the fault?
Commented:
ohhhhhh, absolutely.  In fact I would say that this IS the issue.  

Charter is notorious for all kinds of issues outside of their network.  In fact I also have a client that has Charter and she can't do most of the things that some of my other home clients do.

Yes on the hosts file.  This is the ONLY way that I could get it to work on her laptop through charter.  

I really don't know what is up with them.  If you call them they are absolutely helpless and they will deny everything as being their fault.  I have zero idea why they are still in business... Perhaps for their corporate clients, I don't know.

Give that a try

So it will be just like it is in the hosts file:

IP address <tab> Hostname

Be sure to try to ping the hostname that you entered once you are connected to VPN over charter.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial