Windows 2008 R2 remote RDP not working

I have setup a Windows 2008 R2 terminal server and users can log in locally and if one of the users tries to log in from the remote location it does not work. The same user can log in from the local network. It is a member server.

It is trough a VPN and I can ping the server from the remote location. I have checked the filrewall rules but can't find any there that may need changing but perhaps I'm missing something. I have done the same setup before with no issues.

Can someone help me to troubleshoot this?
Who is Participating?
Rob WilliamsCommented:
To add, if you want to do this using group policy, rather than per device/firewall, Pete Long has a nice article outlining how to do so:
Rob WilliamsCommented:
By default the remote desktop firewall exception only allows connections from the local subnet. You need to add the remote subnet or allow all.
SandeshdubeySenior Server EngineerCommented:
SBS has a feature called Remote Web Workplace that allows you to connect to any PC on the network using RDP and making the initial connection using a web page. In 2008 this is automatically set up you only have to forward ports 443 and 987 from the router to the SBS to configure. VPN's have one weakness which is an open tunnel between the corporate network and an uncontrolled client. RWW is very secure in that only images are exchanged and it uses SSL for the connection. However, especially using an external IPSec VPN client is still a very acceptable solution and has other advantages, but you may wish to consuider RWW.

To answer your question; when RDP is enabled on a PC in a windows domain it creates an exception allowing remote access. However, it only creates an exception from the local LAN (local subnet). With a VPN you are connecting from a remote, different, subnet and traffic is blocked. You need to add an exception for the remote subnet or all subnet. SBS controls the firewall on LAN PC's but you can add exceptions. It is better though to make the changes in the Windows SBS client (windows Vista & XP) policies on the SBS itself.

Refernce link:

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Does your firewall configured to provide ip address to VPN clients which different subnet other than the internal subnet or it is set up to use the internal DHCP? FYI, RDP uses port 3389.
GerhardpetAuthor Commented:
Thank you for your help! Your link solved my problem by creating a GPO
Rob WilliamsCommented:
Good to hear. Thanks Gerhardpet.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.