snipa911
asked on
Remote Desktop connection, This computer can't connect to the remote computer
Hi There,
I have two windows 2003 servers running on my domain and have had remote desktop enabled for some time now. I most recently opened port 3389 on my firewall to allow me to connect from outside the office using my static ip address. This was working fine up to most recently and now every time i try to connect i get this message "Remote Desktop connection, This computer can't connect to the remote computer. I have tried other computers and i get the same problem. I have checked on the server and remote desktop is enabled and the service is running. I have tried restarting the server. Any ideas of what i can do to correct this?
Thank you
I have two windows 2003 servers running on my domain and have had remote desktop enabled for some time now. I most recently opened port 3389 on my firewall to allow me to connect from outside the office using my static ip address. This was working fine up to most recently and now every time i try to connect i get this message "Remote Desktop connection, This computer can't connect to the remote computer. I have tried other computers and i get the same problem. I have checked on the server and remote desktop is enabled and the service is running. I have tried restarting the server. Any ideas of what i can do to correct this?
Thank you
ASKER
RDP Is disabled on the second server and the port is forwarded to the ip address of the server i want it to go to. Any other ideas?
I always start with the basics. Can you RDP in to that server from another computer on the LAN? That will probably give you more insight then anything else. It will take the internet and your router out of the picture. Let me know....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes i can remote from inside the lan
That takes a lot of guess work out of the picture. It is a known that RDP works on port 3389 to that server. Now you just have to focus on why it isn't getting through the routher.
I would double check things. Some routers will open the firewall when you port forward, others won't. Some routers require a two step process. First opening the firewall and second do the port forwarding. I would also check to make sure that you are port forwarding to the correct server :)
I use IPTools but there are several "port scanners" out there for free that will let you scan open ports on the router from the internet. When you scan port 3389 from the internet it should show as "open" meaning it is allowed to get through the firewall and is being port forwarded to "something" listening on port 3390.
Chances are it is something simple you have overlooked in the router. Sometimes I do that too. I will usualy delete the port forwarding and firewall rule and create it from ground zero just to make sure I got it right.....
I would double check things. Some routers will open the firewall when you port forward, others won't. Some routers require a two step process. First opening the firewall and second do the port forwarding. I would also check to make sure that you are port forwarding to the correct server :)
I use IPTools but there are several "port scanners" out there for free that will let you scan open ports on the router from the internet. When you scan port 3389 from the internet it should show as "open" meaning it is allowed to get through the firewall and is being port forwarded to "something" listening on port 3390.
Chances are it is something simple you have overlooked in the router. Sometimes I do that too. I will usualy delete the port forwarding and firewall rule and create it from ground zero just to make sure I got it right.....
Here is a link to a freebie port scanner:
http://www.radmin.com/products/previousversions/portscanner.php
http://www.radmin.com/products/previousversions/portscanner.php
ASKER
Ok I ran the port scanner on the ip address of the server and even in the firewall of the server i have a check beside port remote desktop which is 3389 after the scan it didn't show that port as being open. What can i do to fix this. I believe im getting through the router because when i removed port 3389 to the server my rdp session just sits there and doesn't even connect. When i port forward that port to the server at least it comes back with a response. I believe the answer is the port on the server. How do i open this port?
You kind of lost me a little bit. You said you can connect via RDP to the server from a computer on the LAN right? That to me says port 3389 is open on the server.
Where I get a little lost is where you say "I ran the port scanner on the ip address of the server ". That to me means you ran the port scanner on a computer on the LAN. I guess that is OK but where you really want to run the port scanner is from someplace out of the building and over the internet. The IP address you want to scan is the internet IP address of your router/firewall.
That will tell you if port 3389 is getting through the router/firewall and to the server...
Where I get a little lost is where you say "I ran the port scanner on the ip address of the server ". That to me means you ran the port scanner on a computer on the LAN. I guess that is OK but where you really want to run the port scanner is from someplace out of the building and over the internet. The IP address you want to scan is the internet IP address of your router/firewall.
That will tell you if port 3389 is getting through the router/firewall and to the server...
ASKER
Ok I ran the scan again from the outside to the internet ip of the office modem and it came back as 1 port open. Port 80 This doesn't make sense because i have opened a few other ports for other devices which works fine.
ASKER
Ok Never mind i did the scan again and 3389 is open from the outside. As i suspected. So it has to be something else. Does the terminal server app have to be installed on the server for this to work from the outside?
You have to have something on the server "listening" on port 3389. If you port forward port 3389 to another computer and that computer doesn't have anything "listening" on port 3389 (i.e you have shut off the remote desktiop connection) the port will not show up as open when you scan it.
There is yet another utility by sysinternals TCPVIew
http://technet.microsoft.com/en-us/sysinternals/bb897437
That will show you what tcp ports are open and listening on the computer. I kind of stumbled upon the same senario just yesterday. I was looking for something completely different but noticed that when I ran TCPview my computer was listening on port 3389. I never though much about it but when you enable Remote Desktop on your computer you are telling your computer to start the RDP protocol on your computer and sit there and "listen", continually, for someone to connect.
Terminal Services and Remote Desktop Connection are virtually the same thing. Work on the same port. Terminal Services will let several computers RDP in to one simultaneously. I believe enabling RDP on a computer will just let one come in but i might be wrong.
The Terminal Server App you are refering to is the check box on ControlPanel=>System=>Remo
Have you just recently opened up the firewall to all remote access to the server via RDP? Is this particular server per chance a Terminal Server?
CoSmismgr am I missing anything obvious here? You might do as he suggested and try a different port other than 3389. You might have something conflicting with it that is causing problems.
There is yet another utility by sysinternals TCPVIew
http://technet.microsoft.com/en-us/sysinternals/bb897437
That will show you what tcp ports are open and listening on the computer. I kind of stumbled upon the same senario just yesterday. I was looking for something completely different but noticed that when I ran TCPview my computer was listening on port 3389. I never though much about it but when you enable Remote Desktop on your computer you are telling your computer to start the RDP protocol on your computer and sit there and "listen", continually, for someone to connect.
Terminal Services and Remote Desktop Connection are virtually the same thing. Work on the same port. Terminal Services will let several computers RDP in to one simultaneously. I believe enabling RDP on a computer will just let one come in but i might be wrong.
The Terminal Server App you are refering to is the check box on ControlPanel=>System=>Remo
Have you just recently opened up the firewall to all remote access to the server via RDP? Is this particular server per chance a Terminal Server?
CoSmismgr am I missing anything obvious here? You might do as he suggested and try a different port other than 3389. You might have something conflicting with it that is causing problems.
Sorry snipa911. My last post was rather lenghty. I am kind of baffled. You can RDP to the server from any other computer on the LAN which to me means 3389 is not being firewalled and there are no conflicts on the server yet you can't do it from out on the internet. It almost surely has to be someting in the firewall/router. That could be ugly. One thing I never thought to ask... when you RDP to the server from within the LAN you RDP to the computer name. When you RDP to it from out on the internet you RDP to the router internet IP address right?
This sounds like a router/firewall configuration issue. Check and make sure that the firewall is forwarding Port 3389 to the static internal IP of the server you want to connect to. From home open Remote desktop connection type IP:3389 like this - XXX.XXX.XXX.XXX:3389. This is the public static IP of your office network NOT an internal ip address. If you have 2 servers just edit the registry of one of them to change the RDP port as mentioned above to a port you like could be 3390. Then add an additional port fowarder on your firewall/router to forward 3390 to the static ip of the second server/computer. from home open RDP and type XXX.XXX.XXX.XXX:3390 to connect to the second server/computer.
Bottom line is that if you can RDP internally to the server/computer using the internal ip address or computer name then it is a firewall/router port forwarding issue not a local network or local RDP issue.
Most routers will give you a config page for a port Range forwarder, Be sure to use the range and not the single port forwarding page. App name RDP, Starting port 3389 and ending port 3389 to the static ip of the server/computer.
Hope this helps...
Bottom line is that if you can RDP internally to the server/computer using the internal ip address or computer name then it is a firewall/router port forwarding issue not a local network or local RDP issue.
Most routers will give you a config page for a port Range forwarder, Be sure to use the range and not the single port forwarding page. App name RDP, Starting port 3389 and ending port 3389 to the static ip of the server/computer.
Hope this helps...
@ jimbecher: Yes, since hes able to RDP internally we know it is external issue, most likely a firewall or router configuration.
We need to know more about which firewall/router you are using to help further. And are you sure there were no changes made before RDP stopped working? It just doesn't 'stop' working all on its own.
We need to know more about which firewall/router you are using to help further. And are you sure there were no changes made before RDP stopped working? It just doesn't 'stop' working all on its own.
ASKER
Sorry for the late reply,
Ok So i tried what CoSmismgr: had suggested by changing the port. Now i when i went to regedit i found that the port of the server i want to connect to was set to 4480 which i had not changed prior. And the port of my other server was 3389. So i changed the server i want to connect to to 3389 and the server i don't want to connect to to 3390. Funny enough i cannot connect from the inside any more to the server i want to connect to call it server A from server B or any other computer but i can connect from server A to server B. This doesn't make any sense what so ever. So something on the server i want to connect to is not working or is blocking the connection. I even tried turning the firewall off to see if that would help and not dice. Any suggestions?
Ok So i tried what CoSmismgr: had suggested by changing the port. Now i when i went to regedit i found that the port of the server i want to connect to was set to 4480 which i had not changed prior. And the port of my other server was 3389. So i changed the server i want to connect to to 3389 and the server i don't want to connect to to 3390. Funny enough i cannot connect from the inside any more to the server i want to connect to call it server A from server B or any other computer but i can connect from server A to server B. This doesn't make any sense what so ever. So something on the server i want to connect to is not working or is blocking the connection. I even tried turning the firewall off to see if that would help and not dice. Any suggestions?
I think you need to revert back to the standards and basics. You need to start from ground zero. Set RDP back to 3389 on both servers and leave it there. You need to reboot the servers after making those registry changes. Then verify that you can get to both servers from any other computer on the LAN via RDP. I don't think I would worry about coming in from the outside right now. You need to get RDP working to both servers internally first.
Another thing I would try is TCPView. Once you have RDP on the servers back to 3389 run TCPView on both servers. You shold see port 3389 opened nd listening one both servers:
http://technet.microsoft.com/en-us/sysinternals/bb897437
That will assure you that RDP is up, running and listening.
http://technet.microsoft.com/en-us/sysinternals/bb897437
That will assure you that RDP is up, running and listening.
ASKER
The solution was to change to the port on both of the server to something other then 3389 and it worked Thanks for all the help
Can you RDP in to both these servers inside the network?