?
Solved

cannot rdp or ping new windows 2003 rras

Posted on 2011-02-11
9
Medium Priority
?
1,086 Views
Last Modified: 2012-05-11
I just installed Windows 2003 R2 with Routing and Remote Access.  This server accepts PPTP VPN connections from staff we have in the field.   We had a Win2000 server doing this for years but needed to replace the hardware and just went with W2003.   All works well but for administrative reasons we need to RDP to this server.  Neither ping nor RDP work.   I have read the MS articles on this with regard to Inbound and Outbound filters, but their KB article doesn't fit what I'm seeing in the RRAS mmc.   The server just has one NIC that is enabled.  There is a firewall that is set up to do port forwarding to forward port 1723 from the Internet so we have never used separate external and internal NICS.   Anyone know how I can get RDP (and ping) to work on this server without disrupting its successful role as our RRAS server?
0
Comment
Question by:Dgreenbaum
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 14

Expert Comment

by:amichaell
ID: 34875611
1. The VPN successfully connects to this server, correct?
2. Is there a firewall running on the server?
3. Is Remote Desktop enabled on the server?
4. Can you RDP to the server from the LAN?
5. Can you ping the server from the LAN?
0
 

Author Comment

by:Dgreenbaum
ID: 34875736
Thanks for responding
1. Yes vpn clients connect successfully
2. No the Window Firewall is not running
3. Yes RDP is enabled
4. No we can't RDP from the LAN
5. No we can't ping from the LAN

This is a known "feature" with RRAS on Win2003.  ICMP is blocked and MS has KB article 258030 about fixing it.  The issue is the article describes items on property pages that I don't see and the Inbound Outbound filter has options on it that aren't mentioned in the article.  Unfortunately most of the time I have users connected so its hard to mess with stuff.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 34894552
When RRAS is enabled, windows firewall is also automatically enabled. You can make exceptions to ICMP echo "ping" and RDP "terminal services" in WF.

http://support.microsoft.com/kb/555381
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:Dgreenbaum
ID: 34902122
I found the solution.  I uninstalled/reinstalled RRAS and, in Windows 2003 R2,  there is an option to apply "Enhanced" security on the NIC it considers to be "Outside".  When I unchecked this, it then proceeded and left me with a RRAS server that could be pinged.
0
 
LVL 39

Accepted Solution

by:
ChiefIT earned 1500 total points
ID: 34902944
Excellent, but don't leave yourself naked with your tunneling adapter. RRAS incorporates those security measures to hide you from port scanners to the outside world. You might want to read up on that security feature and find out what you can enable and need to disable to have some sort of security on the VPN connection. If you can't figure it out, It might be a good idea to have a hardware firewall in front of you. .
0
 

Author Comment

by:Dgreenbaum
ID: 34907637
Good advice.  Yes, the RRAS server is behind a hardware firewall.  One last curiosity.   The RRAS installation wizard required me to use two NICs; in effect an Outside and Inside.  My previous server only had one NIC and was Windows 2000 and worked fine.  Will having two NICS on the same subnet present a problem?  I set the Inside NIC to not register with DNS.  Should I set up some static routes to keep things from getting confused or does RRAS 2003 take care of keeping track of routing between NICs?
0
 

Author Closing Comment

by:Dgreenbaum
ID: 34971224
I ended up finding the answer for myself, but the Experts responses helped me focus my energy
0
 
LVL 6

Expert Comment

by:tncode
ID: 35345264
I may have a similar problem. How do you "apply "Enhanced" security on the NIC it considers to be "Outside"  as you describe?
0
 

Author Comment

by:Dgreenbaum
ID: 35346400
What I did was uninstall RRAS completely and then reinstall it.  During the installation (and because my Outside NIC is actually a private address behind a firewall) when it went through the screens as it identifies the NICs, it came up with a check for Enhanced security.  I unchecked that.  So in answer to your question, I did not apply Enhance security.  In effect, I unapplied it.
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question