Solved

Remote Desktop connection, This computer can't connect to the remote computer

Posted on 2011-09-12
19
806 Views
Last Modified: 2012-05-12
Hi There,

I have two windows 2003 servers running on my domain and have had remote desktop enabled for some time now.  I most recently opened port 3389 on my firewall to allow me to connect from outside the office using my static ip address.  This was working fine up to most recently and now every time i try to connect i get this message  "Remote Desktop connection, This computer can't connect to the remote computer.  I have tried other computers and i get the same problem.  I have checked on the server and remote desktop is enabled and the service is running.  I have tried restarting the server.  Any ideas of what i can do to correct this?

Thank you
0
Comment
Question by:snipa911
  • 9
  • 7
  • 2
  • +1
19 Comments
 
LVL 11

Expert Comment

by:jimbecher
Comment Utility
  You have to use port forwarding in conjuncion with opening up port 3389 on the firewall. If you don't use port forwarding RDP has no idea where to go. You can port forward 3389 to one server or the other but not both. The fact that you have been able to RDP in to both servers confuses me a little.

   Can you RDP in to both these servers inside the network?
0
 

Author Comment

by:snipa911
Comment Utility
RDP Is disabled on the second server and the port is forwarded to the ip address of the server i want it to go to.  Any other ideas?
0
 
LVL 11

Expert Comment

by:jimbecher
Comment Utility
  I always start with the basics. Can you RDP in to that server from another computer on the LAN? That will probably give you more insight then anything else. It will take the internet and your router out of the picture. Let me know....
0
 
LVL 5

Accepted Solution

by:
CoSmismgr earned 500 total points
Comment Utility
I would advice you to use a different port than the default 3389. I use 3390, and only have it opened for specific IP addresses, not all.

To change the RDP listening port:
1.Start Registry Editor.
2.Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber3.On the Edit menu, click Modify, and then click Decimal.
4.Type the new port number, and then click OK.
5.Quit Registry Editor.
6.Restart the computer.

When you connect via RDP you'll need to specifiy the port like this:  "xxx.xxx.xxx.xxx:3390"

As for your rdp connection issue, establish basic connectivity first - can you ping, does DNS resolve? Double check firewall settings. Is there automated feature that closes ports if attacked? You can try closing 3389, and open 3390 for specific internal IP addresses and change the listening port as I mentioned above to eliminate possible configuration issue with port 3389.
0
 

Author Comment

by:snipa911
Comment Utility
yes i can remote from inside the lan
0
 
LVL 11

Expert Comment

by:jimbecher
Comment Utility
  That takes a lot of guess work out of the picture. It is a known that RDP works on port 3389 to that server. Now you just have to focus on why it isn't getting through the routher.

    I would double check things. Some routers will open the firewall when you port forward, others won't. Some routers require a two step process. First opening the firewall and second do the port forwarding. I would also check to make sure that you are port forwarding to the correct server :)

    I use IPTools but there are several "port scanners" out there for free that will let you scan open ports on the router from the internet. When you scan port 3389 from the internet it should show as "open" meaning it is allowed to get through the firewall and is being port forwarded to "something" listening on port 3390.

   Chances are it is something simple you have overlooked in the router. Sometimes I do that too. I will usualy delete the port forwarding and firewall rule and create it from ground zero just to make sure I got it right.....
0
 
LVL 11

Expert Comment

by:jimbecher
Comment Utility
Here is a link to a freebie port scanner:

http://www.radmin.com/products/previousversions/portscanner.php
0
 

Author Comment

by:snipa911
Comment Utility
Ok I ran the port scanner on the ip address of the server and even in the firewall of the server i have a check beside port remote desktop which is 3389 after the scan it didn't show that port as being open.  What can i do to fix this.  I believe im getting through the router because when i removed port 3389 to the server my rdp session just sits there and doesn't even connect.  When i port forward that port to the server at least it comes back with a response.  I believe the answer is the port on the server.  How do i open this port?
0
 
LVL 11

Expert Comment

by:jimbecher
Comment Utility
  You kind of lost me a little bit. You said you can connect via RDP to the server from a computer on the LAN right? That to me says port 3389 is open on the server.

    Where I get a little lost is where you say "I ran the port scanner on the ip address of the server ". That to me means you ran the port scanner on a computer on the LAN. I guess that is OK but where you really want to run the port scanner is from someplace out of the building and over the internet. The IP address you want to scan is the internet IP address of your router/firewall.

That will tell you if port 3389 is getting through the router/firewall and to the server...
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:snipa911
Comment Utility
Ok I ran the scan again from the outside to the internet ip of the office modem and it came back as 1 port open.  Port 80  This doesn't make sense because i have opened a few other ports for other devices which works fine.
0
 

Author Comment

by:snipa911
Comment Utility
Ok Never mind i did the scan again and 3389 is open from the outside.  As i suspected.  So it has to be something else.  Does the terminal server app have to be installed on the server for this to work from the outside?
0
 
LVL 11

Expert Comment

by:jimbecher
Comment Utility
  You have to have something on the server "listening" on port 3389. If you port forward port 3389 to another computer and that computer doesn't have anything "listening" on port 3389 (i.e you have shut off the remote desktiop connection) the port will not show up as open when you scan it.

   There is yet another utility by sysinternals TCPVIew

http://technet.microsoft.com/en-us/sysinternals/bb897437

   That will show you what tcp ports are open and listening on the computer. I kind of stumbled upon the same senario just yesterday. I was looking for something completely different but noticed that when I ran TCPview my computer was listening on port 3389. I never though much about it but when you enable Remote Desktop on your computer you are telling your computer to start the RDP protocol on your computer and sit there and "listen", continually, for someone to connect.

   Terminal Services and Remote Desktop Connection are virtually the same thing. Work on the same port. Terminal Services will let several computers RDP in to one simultaneously. I believe enabling RDP on a computer will just let one come in but i might be wrong.

   The Terminal Server App you are refering to is the check box on ControlPanel=>System=>Remote=>Allow RemoteDesktop to this computer. If that is checked on the server or any workstations it will allow someone to RDP in to it. The kicker is that if they are trying to RDP in to it from the internet you have to open the firewall and port forward 3389.

   Have you just recently opened up the firewall to all remote access to the server via RDP? Is this particular server per chance a Terminal Server?

   CoSmismgr am I missing anything obvious here? You might do as he suggested and try a different port other than 3389. You might have something conflicting with it that is causing problems.




0
 
LVL 11

Expert Comment

by:jimbecher
Comment Utility
  Sorry snipa911. My last post was rather lenghty. I am kind of baffled. You can RDP to the server from any other computer on the LAN which to me means 3389 is not being firewalled and there are no conflicts on the server yet you can't do it from out on the internet. It almost surely has to be someting in the firewall/router. That could be ugly. One thing I never thought to ask... when you RDP to the server from within the LAN you RDP to the computer name. When you RDP to it from out on the internet you RDP to the router internet IP address right?
0
 
LVL 1

Expert Comment

by:HHTech1
Comment Utility
This sounds like a router/firewall configuration issue. Check and make sure that the firewall is forwarding Port 3389 to the static internal IP of the server you want to connect to. From home open Remote desktop connection type IP:3389 like this - XXX.XXX.XXX.XXX:3389. This is the public static IP of your office network NOT an internal ip address. If you have 2 servers just edit the registry of one of them to change the RDP port as mentioned above to a port you like could be 3390. Then add an additional port fowarder on your firewall/router to forward 3390 to the static ip of the second server/computer. from home open RDP and type XXX.XXX.XXX.XXX:3390 to connect to the second server/computer.
Bottom line is that if you can RDP internally to the server/computer using the internal ip address or computer name then it is a firewall/router port forwarding issue not a local network or local RDP issue.
Most routers will give you a config page for a port Range forwarder, Be sure to use the range and not the single port forwarding page. App name RDP, Starting port 3389 and ending port 3389 to the static ip of the server/computer.
Hope this helps...
0
 
LVL 5

Expert Comment

by:CoSmismgr
Comment Utility
@ jimbecher: Yes, since hes able to RDP internally we know it is external issue, most likely a firewall or router configuration.

We need to know more about which firewall/router you are using to help further. And are you sure there were no changes made before RDP stopped working? It just doesn't 'stop' working all on its own.
0
 

Author Comment

by:snipa911
Comment Utility
Sorry for the late reply,

Ok So i tried what CoSmismgr: had suggested by changing the port.  Now i when i went to regedit i found that the port of the server i want to connect to was set to 4480 which i had not changed prior.  And the port of my other server was 3389.  So i changed the server i want to connect to to 3389 and the server i don't want to connect to to 3390.  Funny enough i cannot connect from the inside any more to the server i want to connect to call it server A from server B or any other computer but i can connect from server A to server B.  This doesn't make any sense what so ever.  So something on the server i want to connect to is not working or is blocking the connection.  I even tried turning the firewall off to see if that would help and not dice.  Any suggestions?
0
 
LVL 11

Expert Comment

by:jimbecher
Comment Utility
I think you need to revert back to the standards and basics. You need to start from ground zero. Set RDP back to 3389 on both servers and leave it there. You need to reboot the servers after making those registry changes. Then verify that you can get to both servers from any other computer on the LAN via RDP. I don't think I would worry about coming in from the outside right now. You need to get RDP working to both servers internally first.
0
 
LVL 11

Expert Comment

by:jimbecher
Comment Utility
Another thing I would try is TCPView. Once you have RDP on the servers back to 3389 run TCPView on both servers. You shold see port 3389 opened nd listening one both servers:

http://technet.microsoft.com/en-us/sysinternals/bb897437

That will assure you that RDP is up, running and listening.
0
 

Author Closing Comment

by:snipa911
Comment Utility
The solution was to change to the port on both of the server to something other then 3389 and it worked  Thanks for all the help
0

Featured Post

ScreenConnect 6.0 Free Trial

Want empowering updates? You're in the right place! Discover new features in ScreenConnect 6.0, based on partner feedback, to keep you business operating smoothly and optimally (the way it should be). Explore all of the extras and enhancements for yourself!

Join & Write a Comment

Suggested Solutions

Remote Desktop Connections allow you to control remote host machines via the magic of the Internet and RDP (Remote Desktop Protocol). For the purposes of this article we will assume you are connecting from your home PC or laptop to a remote offic…
Local Printing Using Remote Desktop Windows 7 sometimes has issues with printing to a local printer using a Remote Desktop Connection (RDC). The 1st step is to verify that printers are checked on the Local Resources tab of the Remote Desktop C…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now