Windows 2008 R2 remote RDP not working

Posted on 2011-10-28
Last Modified: 2012-05-12
I have setup a Windows 2008 R2 terminal server and users can log in locally and if one of the users tries to log in from the remote location it does not work. The same user can log in from the local network. It is a member server.

It is trough a VPN and I can ping the server from the remote location. I have checked the filrewall rules but can't find any there that may need changing but perhaps I'm missing something. I have done the same setup before with no issues.

Can someone help me to troubleshoot this?
Question by:Gerhardpet
    LVL 77

    Expert Comment

    by:Rob Williams
    By default the remote desktop firewall exception only allows connections from the local subnet. You need to add the remote subnet or allow all.
    LVL 77

    Accepted Solution

    To add, if you want to do this using group policy, rather than per device/firewall, Pete Long has a nice article outlining how to do so:
    LVL 24

    Expert Comment

    SBS has a feature called Remote Web Workplace that allows you to connect to any PC on the network using RDP and making the initial connection using a web page. In 2008 this is automatically set up you only have to forward ports 443 and 987 from the router to the SBS to configure. VPN's have one weakness which is an open tunnel between the corporate network and an uncontrolled client. RWW is very secure in that only images are exchanged and it uses SSL for the connection. However, especially using an external IPSec VPN client is still a very acceptable solution and has other advantages, but you may wish to consuider RWW.

    To answer your question; when RDP is enabled on a PC in a windows domain it creates an exception allowing remote access. However, it only creates an exception from the local LAN (local subnet). With a VPN you are connecting from a remote, different, subnet and traffic is blocked. You need to add an exception for the remote subnet or all subnet. SBS controls the firewall on LAN PC's but you can add exceptions. It is better though to make the changes in the Windows SBS client (windows Vista & XP) policies on the SBS itself.

    Refernce link:

    LVL 7

    Expert Comment

    Does your firewall configured to provide ip address to VPN clients which different subnet other than the internal subnet or it is set up to use the internal DHCP? FYI, RDP uses port 3389.
    LVL 1

    Author Closing Comment

    Thank you for your help! Your link solved my problem by creating a GPO
    LVL 77

    Expert Comment

    by:Rob Williams
    Good to hear. Thanks Gerhardpet.

    Featured Post

    Live: Real-Time Solutions, Start Here

    Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

    Join & Write a Comment

    Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
    This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now