Solved

Terminal Service

Posted on 2011-03-09
61
651 Views
Last Modified: 2012-05-11
The attached is the error i am getting when i am trying to accessing remote server from a different site, i have many servers i am able to access but for some reason this one all of a sudden stop being accessed. I have changed public ip and still no avail. I am able to access via LAN but not WAN. I have tried another machine with the same setting in my firewall rules and able to access. Any ideas guys.

Windows 2003 Server with Terminal Server group Licence.

regards,

Error.docx
0
Comment
Question by:IBSIT
  • 31
  • 24
  • 6
61 Comments
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35088231
When you access via the LAN do you use the IP or name?
What port on your fiewall is forwarded to the server IP for RDP?
Have you double checked that the server is listening on the port you are forwarding?
0
 
LVL 5

Expert Comment

by:Iekos
ID: 35088557
Go to the Terminal Server,

On the server in IE go to:

http://www.canyouseeme.org/

Type 3389 which is the RDP port for that server.

If the page reports back saying 'failed' then there is a firewall issue either on the server or the router.  It can also mean the router isn't forwarding to the server ip seems you changed it?  Check the router settings and ensure the server firewall also allows 3389.

Go back to the link above to check if it passes.  if it does, you should be able to dial in providing the router is set.
0
 

Author Comment

by:IBSIT
ID: 35088660
i went to canyouseeme.org and it camed back successfully.
0
 

Author Comment

by:IBSIT
ID: 35088681
@Austin...when i access via the LAN i am able to access via ip as well as name.

I am able to access another server remotely with the public ip. i even tried swapping public ips to see if that was the case but it still generates the attached error. The strange thing is that it was working fine until yesterday afternoon and nothing was installed. unless a microsoft update was done
0
 
LVL 5

Expert Comment

by:Iekos
ID: 35088741
Is this other server on the same Subnet / Router?  If so, does both servers have its own WAN IP or bother RDP servers on different ports?  Please explain.
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35088791
I am able to access another server remotely with the public ip
It sounds like the like both servers are using the default port for RDP 3389.
If you want to setup another server to be accesable from the WAN you will need to redirect a port in your firewall to that server and then add a second port that RDP listens on to the port you forwarded in your router.

I can not explain why it worked before but I can tell you that this is how I have setup countless other servers.

Once done you will connect from the WAN by using the IP:port to connect.
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35088800
ADD ON unless you have one public IP forwarding to one server and the other forwarding to the other.
0
 

Author Comment

by:IBSIT
ID: 35088802
@ lekos, they are both on the same subnet / using the same router.
0
 

Author Comment

by:IBSIT
ID: 35088837
i have done this many times with multiple server with different Public IPs using the same Routing medium.
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35088887
You are correct as long as they each have a separate public IP, it should not be a problem.

as long as port 3389 for that IP is forwarded to the server and the server is listening on 3389.
0
 

Author Comment

by:IBSIT
ID: 35090108
well i have isolated it down to the machine as my other server are configured on the router each with their individual public address. I have checked for viruses, uninstall and reinstall terminal server and terminal license. uninstall anti-virus, turn off firewall settings... STOMPED at the moment.
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35090167
If you were or are able to connect via RDP when on the LAN, the issue has to be with the routing from the WAN.
0
 
LVL 5

Expert Comment

by:Iekos
ID: 35093510
Hi,

Its a Routing issue defo.

So, let me get this correct.

You have two or more public IP address?

Both to one Router?

on the Router it MUST be set so, from the outside IP or domain will be typed in to RDP Client, that then hits your router and your router forwards to the correct server depending on the port.

If the port is the same for both SERVERS then the router will get confused and only pass to one of the SERVERS if both servers are on the same router and subnet.

This is how we have it set on our server as an example.

Server A:  192.168.1.1
Server B:  192.168.1.2

Router Settings
Server A:   3389 Open and Forward to  =  192.168.1.1
Server B:   3390 Open and Port Redirection to 3389 @  192.168.1.2

on my RDP Client to access Server B I will type either IP eg:  121.121.121.121:3390 or domain: remote.example.com:3390

THERE ARE OTHER WAYS TO DO THIS BUT THIS IS AN EXAMPLE

On local LAN it will be as simple as typing 192.168.1.2

Please feel free to keep asking untill you fix this.

PS.  What Router do you have?  Can we have a screen shot of your settings and maybe we can guide the setup?
0
 

Author Comment

by:IBSIT
ID: 35095749
OK let me put another wrench in the works. I directly assigned my box a public IP. I attached directly to my CISCO DSL Router eliminating the firewall and tried accessing via WAN, no dice. I installev VNC on the box and also on another box outside the network and voila ACCESS. Can it be something wit RDP on that specific box.
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35095841
Could someone else have changed the port RDP is listening on, that would do it?
0
 

Author Comment

by:IBSIT
ID: 35095851
but then if that was the case wouldn't the other boxes cease to function?
0
 

Author Comment

by:IBSIT
ID: 35095881
I have a CISCO DSL Router, Sonicwall TZ170. I have a block of 8 Public IPS. the way i use it is NAT each private machine that i want available publicly and add a rule in the firewall to allow terminal Services.
So each Box has its independent Public Address.
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35095925
To check follow this:
Start Registry Editor.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
On the Edit menu, click Modify, and then click Decimal.
port should be 3389

Also back to basics
have you verified that "allow remote connections" is still chacked under advanced system settings?
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35095948
If the one box that does not work had the RDP port changed or the "allow remote connections" unchecked both of those would only effect that one box. The rest would operate fine.
0
 

Author Comment

by:IBSIT
ID: 35096105
the port number was set to 4490
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35096132
3389 is the default.
You can have more than one port listen at the same time if 4490 is needed.
0
 

Author Comment

by:IBSIT
ID: 35096139
i changed it to 3389 and still not able to access
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35096149
Is your firewall set to forward 3389 to 3389 on the server
or
3389 is forwarded to 4490 on the server?
0
 

Author Comment

by:IBSIT
ID: 35096198
no forwarding, i looked at my other server and it has the 3389 as its port number
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35097839
Once you changed the port from 4490 to 3389 you will need to restart.

It may work if you restart the:
Remote access
Terminal services

services.
0
 

Author Comment

by:IBSIT
ID: 35099250
Still no success, now i am not able to access RDP via the LAN. VERY VERY CRAZY!!
0
 

Author Comment

by:IBSIT
ID: 35099252
except VNC
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35099821
With the port at 4490 you were able to connect Vithe LAN correct?

If you put the port back to 4490, try the public IP:4490 and see if that works.
0
 

Author Comment

by:IBSIT
ID: 35100528
ok added back to 4490 was able to access via LAN but not WAN
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35100645
Did you try putting "WANIP:4490"?

When you acces via the WAN will it work if you use "servername" or "servername:4490"?
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:IBSIT
ID: 35100757
i went to the remote desktop of the WAN RDP

i typed the address e.g 200.200.200.200 i even tried 200.200.200.200:4490
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35100825
I mis typed part of my earlier response

When you acces via the LAN will it work if you use "servername" or "servername:4490"?

The fact that you can connect via the LAN without adding :4490 is odd. Either your PC has been configured to use 4490 as the default port to use on connection with RDP (I do not know if that is even possible) or something in your network is re-directing your RDP requests to 4490 for thar server.
0
 
LVL 5

Expert Comment

by:Iekos
ID: 35100971
LOL..  I cant wait to see a fix on this :)

Going all the way back to what i wrote:

This is how we have it set on our server as an example.

Server A:  192.168.1.1
Server B:  192.168.1.2

Router Settings
Server A:   3389 Open and Forward to  =  192.168.1.1
Server B:   3390 Open and Port Redirection to 3389 @  192.168.1.2

on my RDP Client to access Server B I will type either IP eg:  121.121.121.121:3390 or domain: remote.example.com:3390

THERE ARE OTHER WAYS TO DO THIS BUT THIS IS AN EXAMPLE

On local LAN it will be as simple as typing 192.168.1.2
0
 

Author Comment

by:IBSIT
ID: 35108811
if i type servername:4490 or servername via LAN i am able to access. only when accessing via WAN
0
 

Author Comment

by:IBSIT
ID: 35108815
could they be some sort of port forwarding on the server?
0
 

Author Comment

by:IBSIT
ID: 35109305
I have a quick question, how was the port changed from the default to 4490? Could i have been compromised?
0
 

Author Comment

by:IBSIT
ID: 35109336
is there a way to restore the box to factory and keeping all the application in tact?
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35109481
if i type servername:4490 or servername via LAN i am able to access. only when accessing via WAN
It sounds like RDP is listening on both 3389 and 4490.
Look for a second "RDP-TCP" entry in the registry, the name could not be exactly the same as the first.

could they be some sort of port forwarding on the server?
My guess is you are just listening on two ports, but I guess it could be forwarded.

I have a quick question, how was the port changed from the default to 4490? Could i have been compromised?
Possible but unlikely, it appears that 4490 has been the port you have been using because when you changed it you could not connect.

is there a way to restore the box to factory and keeping all the application in tact?
Whoa! slow down that would be a very risky move just to get WAN RDP to work.

You mentioned that the server has its' own WAN or Public IP address, does that mean it has two NICS or is their a router that forwards that public IP to the server?
0
 
LVL 5

Expert Comment

by:Iekos
ID: 35109744
I second Austin,

Check your Router settings.  If you are able to access RDP via LAN then there is NOTHING wrong with the server.  WAN is just the same but from the outside my friend.
0
 

Author Comment

by:IBSIT
ID: 35110508
Austin:

when i went to the server that is giving me WAN problems the port info it had is 4490, i checked another box that i have that is functioning fine via WAn and it had 3389. in my firewall access rules it has Terminal Service "Terminal Services 3389 3389 TCP  Terminal Services 3389 3389 UDP  "
I have one to one NAT on the problem box.
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35111345
So it appears that right now on the WAN side port 3389 is forwarded to the problem server, but the server is listening on 4490.

To not change any existing functionality I suggest adding a second port that RDP listens on to the problem server.

This is the process I use to add a second:

http://support.microsoft.com/kb/555031

set the second one to 3389, that way you maintain the 4490 and add 3389.
0
 

Author Comment

by:IBSIT
ID: 35129388
I tried that and still no luck..
0
 
LVL 5

Expert Comment

by:Iekos
ID: 35142161
Have you fixed it?
0
 

Author Comment

by:IBSIT
ID: 35142383
no, i have even reverted microsoft updates prior to the days it started happening and nothing.
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35144621
from outside try to attach by using publicip:3389 and publicip:4490

If that does not work try changing the forward on the router from WAN 3389 to LAN 3389 to WAN 3389 to LAN 4490.
0
 

Author Comment

by:IBSIT
ID: 35148260
it actually works with the publicip:4490
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35149435
Did you make any of the changes in my last post to make it work?
0
 

Author Comment

by:IBSIT
ID: 35149475
all i did was to remove the the updates from microsoft and create an entry in my firewall to allow 4490. Not sure what did it but it is still strange that i need to access via Publi IP : port number.

But hey if it works why not.

0
 

Author Comment

by:IBSIT
ID: 35149573
The reason i liked it working the way it did is because i have a TSMMC snap in and in cannot add the pport number in the IP field.
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35149583
That would suggest that the 3390 port forward is not working or is corrupt, which may have been the original issue.

Let me know if you need any more assistance.

Rick
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35149618
If you have a large number of RDP connections you may want to look into visionapp Remote Desktop. I really like it, and it is very flexible.
0
 

Author Comment

by:IBSIT
ID: 35149683
the 3389 port is functional as i have another server using it and i am able to access fine. Thanks for the tip on the visionapp remote desktop application.

0
 

Author Comment

by:IBSIT
ID: 35158111
how can i use the rdp in tsmmc without inputting the port information. Or do i just need to input the entry in my firewall to allow port 4490?

0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35159738
I just use the RDP client and VisioApp.
In the IP address field you cannot add :4490 for the connection?
0
 

Author Comment

by:IBSIT
ID: 35159777
in the old tsmmc i coould not but the upgraded one i am able to and it worked perfectly so i believe te problem is solved. I thank you all for you input in helping me with this issue

Luch
0
 
LVL 13

Accepted Solution

by:
AustinComputerLabs earned 500 total points
ID: 35159917
Excellent.
Glad I could help.

Rick
0
 

Author Comment

by:IBSIT
ID: 35159955
actually i can only add the port with windows 7 snap in not XP.
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35159993
Can you upgrade to the new ver in the XP box?
0
 

Author Comment

by:IBSIT
ID: 35160007
what do i upgrade?
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35160175
I am guessing the TS MMC snap in.
0
 

Author Comment

by:IBSIT
ID: 35160203
i am looking for a snap in that will work as the visionapp is for LAN machines onluy as far as i notice.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

I have never ceased to be amazed how many problems you can encounter on a fresh install of a Windows operating system.  This is certainly case in point& Unable to complete ANY MSI installation.  This means Windows Updates are failing and I can't …
Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now