Solved

External Remote Desktop Issue with Microsoft Server 2008

Posted on 2011-03-23
31
946 Views
Last Modified: 2012-05-11
I am trying to RDP into my Microsoft Server Standard 2008 externally, I have the port forwarded in the router to its IP address and there is no firewall. The remote settings are set to allow all connections on the server; however, when I try to connect it states that I cannot connect to the designated computer and gives me the usual reasons such as it could be turned off or the firewall could be turned on etc.. I really don't know where else to change any settings, if anybody could help me out I would greatly appreciate it. Thanks!
0
Comment
Question by:TechGuy_007
  • 12
  • 8
  • 3
  • +4
31 Comments
 
LVL 4

Expert Comment

by:m_walker
Comment Utility
I assume rdp has been testing inside your network and all is well.

When you connect from outside are you using a hostname, fqdn or IP address.
if you use a hostname (no domain bit) you might have trouble finding it.
if you use an fqdn eg : rdp.my.com have you check its giving the correct IP Address.

If you have not tried this yet, try just the ip address.
0
 
LVL 11

Expert Comment

by:FastFngrz
Comment Utility
On the server itself, go to a command prompt (run as administrator often helps) and type
Netstat -an | find ":3389"

If it comes back with a 'listening' line, the rdp services are running and the problem is likely with a windows firewall or networking, if not, then rdp isn't enabled on the server and needs to be turned on under control panel-system-advanced settings-remote

So, is port 3389 open and listening?
















0
 

Author Comment

by:TechGuy_007
Comment Utility
Yes, I am connecting with the external IP address and I ran the netstat and it is open and listening
0
 
LVL 4

Expert Comment

by:m_walker
Comment Utility
Under the RDP system properties

try "Allow connections from computers running any version of rdp"
0
 

Author Comment

by:TechGuy_007
Comment Utility
Yes that is already checked
0
 
LVL 20

Expert Comment

by:Radhakrishnan Rajayyan
Comment Utility
Check the windows firewall, make sure that it's disabled.
0
 

Author Comment

by:TechGuy_007
Comment Utility
Windows firewall is off still no go
0
 
LVL 4

Accepted Solution

by:
m_walker earned 500 total points
Comment Utility
Any hint in the server logs ?
0
 
LVL 20

Expert Comment

by:Radhakrishnan Rajayyan
Comment Utility
From the client, Check the registry key HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\control\Terminlserver\fDenyTSConnections, If the value is 0 then make it 1.

From the server system properties>>Remote>>Allow users to connect remotely to this computer>make sure that the tick mark also check the Select remote users list your name listed or not.

Hope this will help you to resolve the issue.

0
 
LVL 11

Expert Comment

by:FastFngrz
Comment Utility
Try from a workstation inside the network (in fact, you can even RDP to itself if you are physically on the console).

If that works, then it's a perimeter firewall NAT issue.  If not, then something is still is blocking the packets (is there another firewall product installed on the box?)
0
 

Author Comment

by:TechGuy_007
Comment Utility
in the registry I do not see the fDenyTSConnections there is only under
HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\control\Terminlserver\

AddIns
ConnectionHandler
DefaultUserConfiguration
KeyboardType Mapping
RCM
SessionArbitrationHelper
SysProcs
TerminalTypes
Utilities
VIDEO
Wds
WinStations

and I can RDP from inside the network
0
 

Author Comment

by:TechGuy_007
Comment Utility
If it helps the router is a Linksys WRT54G
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
Any chance you are trying to login as a user with no password?
0
 

Author Comment

by:TechGuy_007
Comment Utility
I have tried with and without a user and still no luck
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
Just to clarify, from on the LAN you can connect to the server? Use that same exact user and password from out on the Internet and it doesn't work?
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:TechGuy_007
Comment Utility
I can access the server from the LAN side; however, I cannot connect to the server externally. I get the error

Remote Desktop can't connect to the remote computer for one of these reasons

1) Remote access to the server is not enabled
2) The remote computer is turned off
3) The remote computer is not available on the network

Make sure the remote computer is turned on and connected to the network, and that remote access is enabled.
0
 
LVL 8

Expert Comment

by:Nivlesh
Comment Utility
0
 

Author Comment

by:TechGuy_007
Comment Utility
The port forwarding has been all set and is enabled and I even disabled the firewall service and it still will not connect I reset the server and the router and it still will not connect
0
 
LVL 4

Expert Comment

by:m_walker
Comment Utility
I think its time to get the network sniffer out and see if the connection request (syn packet) is makeing to the server.  If it is then the inbound rules are ok.  If the server sends back a SYN ACK then you know the server got it and replied.  By running the sniffer on the remote computer as well you should see the SYN ACK make it all the way back.  If the inside sniffer sees a SYN ACK but the remote computer did not, then you have an outbound issue on your router/firewall, or a routing issue.  

Is your server pointing to the the router/firewall as its default gateway.  Can you surf to a web page from the server?
0
 

Author Comment

by:TechGuy_007
Comment Utility
what network sniffer do you recommend?
0
 

Author Comment

by:TechGuy_007
Comment Utility
and yes it is pointing to the router as the default gateway and I can access the web via browser from the server
0
 
LVL 8

Expert Comment

by:Nivlesh
Comment Utility
do you have two network cards on the server? one for internal network and one for outside?
0
 
LVL 9

Expert Comment

by:Ashok Dewan
Comment Utility
scan your port 3389 by externely use this iste http://t1shopper.com  se if it is responding from outside or not. i know it is responding but see from out side
0
 

Author Comment

by:TechGuy_007
Comment Utility
it says that it isn't responding
0
 
LVL 4

Expert Comment

by:m_walker
Comment Utility
If the test is responding then the rdp must not want to allow the connection for some reason.

From memory, windows server allows a limited number of remote connections (I think it was 5 for admin).  Depending on how the server is setup these 5 can get locked to IP addresses or concurrent users (in 2003 it was Server Side CALs v Client Side CALs under the server lic.).

As such two things now come to mind.
1. You already have 5 active connections (still active even though you are not connected) so when you connect from out side it sees a differnet IP (not connected) and says know.  But when you connect inside it says. yep an active session and reconnects.

OR

2. All 5 IPs have been used and cant have any more and you can only connect from those 5 IP Addresses (I know 2003 did this).

Log onto the server and using the rdp manager (should be under admin menu) and see if there are any connected session and clean up.

0
 

Author Comment

by:TechGuy_007
Comment Utility
there is no connections showing in the Terminal Services Manager window, besides my current session
0
 
LVL 4

Expert Comment

by:m_walker
Comment Utility
from a remote site can you try running the rdp client like this...

start->run : mstsc.exe /admin
and if that does not work
start->run : mstsc.exe /console

0
 
LVL 8

Expert Comment

by:Nivlesh
Comment Utility
I am thinking it could be your router. Do you have any other port forwarding enabled on it? This will prove that its not the router. Is it updated with the latest firmware?
0
 
LVL 11

Expert Comment

by:FastFngrz
Comment Utility
The problem is in your router - 95% says you don't have port forwarding properly set.  Can you share a screen shot (public IP's obscured of course) where you set that forward?  It's not anything with the server because LAN connections work.
0
 
LVL 4

Expert Comment

by:m_walker
Comment Utility
Just found this while looking for something else (I cant check atm, so it could be a double up on something already tried).

See what happens if you turn off NLA (Network level authentication) on the R2 server in RDP-tcp properties General Tab in RD Session HOst COnfigurtation tool (right click on RDP-tcp, pick Properties..)

0
 
LVL 4

Expert Comment

by:m_walker
Comment Utility
Also have a look at this : http://technet.microsoft.com/en-us/library/ff393708(WS.10).aspx

One thing that jumped out at a quick look

Prompt for credentials on clientUpdated: February 4, 2010

Applies To: Windows Server 2008

This setting determines whether or not Remote Desktop Connection (RDC) prompts for credentials when connecting to a server that does not support server authentication

The deafult was not to prompt.  So if the clinet side settings has this set, but cant do a "server auth" while off site, it may just give up....
0

Featured Post

Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

Join & Write a Comment

Suggested Solutions

OfficeMate Freezes on login or does not load after login credentials are input.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now