Terminal Service

The attached is the error i am getting when i am trying to accessing remote server from a different site, i have many servers i am able to access but for some reason this one all of a sudden stop being accessed. I have changed public ip and still no avail. I am able to access via LAN but not WAN. I have tried another machine with the same setting in my firewall rules and able to access. Any ideas guys.

Windows 2003 Server with Terminal Server group Licence.

regards,

Error.docx
IBSITAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
AustinComputerLabsConnect With a Mentor Commented:
Excellent.
Glad I could help.

Rick
0
 
AustinComputerLabsCommented:
When you access via the LAN do you use the IP or name?
What port on your fiewall is forwarded to the server IP for RDP?
Have you double checked that the server is listening on the port you are forwarding?
0
 
IekosCommented:
Go to the Terminal Server,

On the server in IE go to:

http://www.canyouseeme.org/

Type 3389 which is the RDP port for that server.

If the page reports back saying 'failed' then there is a firewall issue either on the server or the router.  It can also mean the router isn't forwarding to the server ip seems you changed it?  Check the router settings and ensure the server firewall also allows 3389.

Go back to the link above to check if it passes.  if it does, you should be able to dial in providing the router is set.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
IBSITAuthor Commented:
i went to canyouseeme.org and it camed back successfully.
0
 
IBSITAuthor Commented:
@Austin...when i access via the LAN i am able to access via ip as well as name.

I am able to access another server remotely with the public ip. i even tried swapping public ips to see if that was the case but it still generates the attached error. The strange thing is that it was working fine until yesterday afternoon and nothing was installed. unless a microsoft update was done
0
 
IekosCommented:
Is this other server on the same Subnet / Router?  If so, does both servers have its own WAN IP or bother RDP servers on different ports?  Please explain.
0
 
AustinComputerLabsCommented:
I am able to access another server remotely with the public ip
It sounds like the like both servers are using the default port for RDP 3389.
If you want to setup another server to be accesable from the WAN you will need to redirect a port in your firewall to that server and then add a second port that RDP listens on to the port you forwarded in your router.

I can not explain why it worked before but I can tell you that this is how I have setup countless other servers.

Once done you will connect from the WAN by using the IP:port to connect.
0
 
AustinComputerLabsCommented:
ADD ON unless you have one public IP forwarding to one server and the other forwarding to the other.
0
 
IBSITAuthor Commented:
@ lekos, they are both on the same subnet / using the same router.
0
 
IBSITAuthor Commented:
i have done this many times with multiple server with different Public IPs using the same Routing medium.
0
 
AustinComputerLabsCommented:
You are correct as long as they each have a separate public IP, it should not be a problem.

as long as port 3389 for that IP is forwarded to the server and the server is listening on 3389.
0
 
IBSITAuthor Commented:
well i have isolated it down to the machine as my other server are configured on the router each with their individual public address. I have checked for viruses, uninstall and reinstall terminal server and terminal license. uninstall anti-virus, turn off firewall settings... STOMPED at the moment.
0
 
AustinComputerLabsCommented:
If you were or are able to connect via RDP when on the LAN, the issue has to be with the routing from the WAN.
0
 
IekosCommented:
Hi,

Its a Routing issue defo.

So, let me get this correct.

You have two or more public IP address?

Both to one Router?

on the Router it MUST be set so, from the outside IP or domain will be typed in to RDP Client, that then hits your router and your router forwards to the correct server depending on the port.

If the port is the same for both SERVERS then the router will get confused and only pass to one of the SERVERS if both servers are on the same router and subnet.

This is how we have it set on our server as an example.

Server A:  192.168.1.1
Server B:  192.168.1.2

Router Settings
Server A:   3389 Open and Forward to  =  192.168.1.1
Server B:   3390 Open and Port Redirection to 3389 @  192.168.1.2

on my RDP Client to access Server B I will type either IP eg:  121.121.121.121:3390 or domain: remote.example.com:3390

THERE ARE OTHER WAYS TO DO THIS BUT THIS IS AN EXAMPLE

On local LAN it will be as simple as typing 192.168.1.2

Please feel free to keep asking untill you fix this.

PS.  What Router do you have?  Can we have a screen shot of your settings and maybe we can guide the setup?
0
 
IBSITAuthor Commented:
OK let me put another wrench in the works. I directly assigned my box a public IP. I attached directly to my CISCO DSL Router eliminating the firewall and tried accessing via WAN, no dice. I installev VNC on the box and also on another box outside the network and voila ACCESS. Can it be something wit RDP on that specific box.
0
 
AustinComputerLabsCommented:
Could someone else have changed the port RDP is listening on, that would do it?
0
 
IBSITAuthor Commented:
but then if that was the case wouldn't the other boxes cease to function?
0
 
IBSITAuthor Commented:
I have a CISCO DSL Router, Sonicwall TZ170. I have a block of 8 Public IPS. the way i use it is NAT each private machine that i want available publicly and add a rule in the firewall to allow terminal Services.
So each Box has its independent Public Address.
0
 
AustinComputerLabsCommented:
To check follow this:
Start Registry Editor.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
On the Edit menu, click Modify, and then click Decimal.
port should be 3389

Also back to basics
have you verified that "allow remote connections" is still chacked under advanced system settings?
0
 
AustinComputerLabsCommented:
If the one box that does not work had the RDP port changed or the "allow remote connections" unchecked both of those would only effect that one box. The rest would operate fine.
0
 
IBSITAuthor Commented:
the port number was set to 4490
0
 
AustinComputerLabsCommented:
3389 is the default.
You can have more than one port listen at the same time if 4490 is needed.
0
 
IBSITAuthor Commented:
i changed it to 3389 and still not able to access
0
 
AustinComputerLabsCommented:
Is your firewall set to forward 3389 to 3389 on the server
or
3389 is forwarded to 4490 on the server?
0
 
IBSITAuthor Commented:
no forwarding, i looked at my other server and it has the 3389 as its port number
0
 
AustinComputerLabsCommented:
Once you changed the port from 4490 to 3389 you will need to restart.

It may work if you restart the:
Remote access
Terminal services

services.
0
 
IBSITAuthor Commented:
Still no success, now i am not able to access RDP via the LAN. VERY VERY CRAZY!!
0
 
IBSITAuthor Commented:
except VNC
0
 
AustinComputerLabsCommented:
With the port at 4490 you were able to connect Vithe LAN correct?

If you put the port back to 4490, try the public IP:4490 and see if that works.
0
 
IBSITAuthor Commented:
ok added back to 4490 was able to access via LAN but not WAN
0
 
AustinComputerLabsCommented:
Did you try putting "WANIP:4490"?

When you acces via the WAN will it work if you use "servername" or "servername:4490"?
0
 
IBSITAuthor Commented:
i went to the remote desktop of the WAN RDP

i typed the address e.g 200.200.200.200 i even tried 200.200.200.200:4490
0
 
AustinComputerLabsCommented:
I mis typed part of my earlier response

When you acces via the LAN will it work if you use "servername" or "servername:4490"?

The fact that you can connect via the LAN without adding :4490 is odd. Either your PC has been configured to use 4490 as the default port to use on connection with RDP (I do not know if that is even possible) or something in your network is re-directing your RDP requests to 4490 for thar server.
0
 
IekosCommented:
LOL..  I cant wait to see a fix on this :)

Going all the way back to what i wrote:

This is how we have it set on our server as an example.

Server A:  192.168.1.1
Server B:  192.168.1.2

Router Settings
Server A:   3389 Open and Forward to  =  192.168.1.1
Server B:   3390 Open and Port Redirection to 3389 @  192.168.1.2

on my RDP Client to access Server B I will type either IP eg:  121.121.121.121:3390 or domain: remote.example.com:3390

THERE ARE OTHER WAYS TO DO THIS BUT THIS IS AN EXAMPLE

On local LAN it will be as simple as typing 192.168.1.2
0
 
IBSITAuthor Commented:
if i type servername:4490 or servername via LAN i am able to access. only when accessing via WAN
0
 
IBSITAuthor Commented:
could they be some sort of port forwarding on the server?
0
 
IBSITAuthor Commented:
I have a quick question, how was the port changed from the default to 4490? Could i have been compromised?
0
 
IBSITAuthor Commented:
is there a way to restore the box to factory and keeping all the application in tact?
0
 
AustinComputerLabsCommented:
if i type servername:4490 or servername via LAN i am able to access. only when accessing via WAN
It sounds like RDP is listening on both 3389 and 4490.
Look for a second "RDP-TCP" entry in the registry, the name could not be exactly the same as the first.

could they be some sort of port forwarding on the server?
My guess is you are just listening on two ports, but I guess it could be forwarded.

I have a quick question, how was the port changed from the default to 4490? Could i have been compromised?
Possible but unlikely, it appears that 4490 has been the port you have been using because when you changed it you could not connect.

is there a way to restore the box to factory and keeping all the application in tact?
Whoa! slow down that would be a very risky move just to get WAN RDP to work.

You mentioned that the server has its' own WAN or Public IP address, does that mean it has two NICS or is their a router that forwards that public IP to the server?
0
 
IekosCommented:
I second Austin,

Check your Router settings.  If you are able to access RDP via LAN then there is NOTHING wrong with the server.  WAN is just the same but from the outside my friend.
0
 
IBSITAuthor Commented:
Austin:

when i went to the server that is giving me WAN problems the port info it had is 4490, i checked another box that i have that is functioning fine via WAn and it had 3389. in my firewall access rules it has Terminal Service "Terminal Services 3389 3389 TCP  Terminal Services 3389 3389 UDP  "
I have one to one NAT on the problem box.
0
 
AustinComputerLabsCommented:
So it appears that right now on the WAN side port 3389 is forwarded to the problem server, but the server is listening on 4490.

To not change any existing functionality I suggest adding a second port that RDP listens on to the problem server.

This is the process I use to add a second:

http://support.microsoft.com/kb/555031

set the second one to 3389, that way you maintain the 4490 and add 3389.
0
 
IBSITAuthor Commented:
I tried that and still no luck..
0
 
IekosCommented:
Have you fixed it?
0
 
IBSITAuthor Commented:
no, i have even reverted microsoft updates prior to the days it started happening and nothing.
0
 
AustinComputerLabsCommented:
from outside try to attach by using publicip:3389 and publicip:4490

If that does not work try changing the forward on the router from WAN 3389 to LAN 3389 to WAN 3389 to LAN 4490.
0
 
IBSITAuthor Commented:
it actually works with the publicip:4490
0
 
AustinComputerLabsCommented:
Did you make any of the changes in my last post to make it work?
0
 
IBSITAuthor Commented:
all i did was to remove the the updates from microsoft and create an entry in my firewall to allow 4490. Not sure what did it but it is still strange that i need to access via Publi IP : port number.

But hey if it works why not.

0
 
IBSITAuthor Commented:
The reason i liked it working the way it did is because i have a TSMMC snap in and in cannot add the pport number in the IP field.
0
 
AustinComputerLabsCommented:
That would suggest that the 3390 port forward is not working or is corrupt, which may have been the original issue.

Let me know if you need any more assistance.

Rick
0
 
AustinComputerLabsCommented:
If you have a large number of RDP connections you may want to look into visionapp Remote Desktop. I really like it, and it is very flexible.
0
 
IBSITAuthor Commented:
the 3389 port is functional as i have another server using it and i am able to access fine. Thanks for the tip on the visionapp remote desktop application.

0
 
IBSITAuthor Commented:
how can i use the rdp in tsmmc without inputting the port information. Or do i just need to input the entry in my firewall to allow port 4490?

0
 
AustinComputerLabsCommented:
I just use the RDP client and VisioApp.
In the IP address field you cannot add :4490 for the connection?
0
 
IBSITAuthor Commented:
in the old tsmmc i coould not but the upgraded one i am able to and it worked perfectly so i believe te problem is solved. I thank you all for you input in helping me with this issue

Luch
0
 
IBSITAuthor Commented:
actually i can only add the port with windows 7 snap in not XP.
0
 
AustinComputerLabsCommented:
Can you upgrade to the new ver in the XP box?
0
 
IBSITAuthor Commented:
what do i upgrade?
0
 
AustinComputerLabsCommented:
I am guessing the TS MMC snap in.
0
 
IBSITAuthor Commented:
i am looking for a snap in that will work as the visionapp is for LAN machines onluy as far as i notice.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.