Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 795
  • Last Modified:

Windows 2008 R2 remote RDP not working

I have setup a Windows 2008 R2 terminal server and users can log in locally and if one of the users tries to log in from the remote location it does not work. The same user can log in from the local network. It is a member server.

It is trough a VPN and I can ping the server from the remote location. I have checked the filrewall rules but can't find any there that may need changing but perhaps I'm missing something. I have done the same setup before with no issues.

Can someone help me to troubleshoot this?
1 Solution
Rob WilliamsCommented:
By default the remote desktop firewall exception only allows connections from the local subnet. You need to add the remote subnet or allow all.
Rob WilliamsCommented:
To add, if you want to do this using group policy, rather than per device/firewall, Pete Long has a nice article outlining how to do so:
SBS has a feature called Remote Web Workplace that allows you to connect to any PC on the network using RDP and making the initial connection using a web page. In 2008 this is automatically set up you only have to forward ports 443 and 987 from the router to the SBS to configure. VPN's have one weakness which is an open tunnel between the corporate network and an uncontrolled client. RWW is very secure in that only images are exchanged and it uses SSL for the connection. However, especially using an external IPSec VPN client is still a very acceptable solution and has other advantages, but you may wish to consuider RWW.

To answer your question; when RDP is enabled on a PC in a windows domain it creates an exception allowing remote access. However, it only creates an exception from the local LAN (local subnet). With a VPN you are connecting from a remote, different, subnet and traffic is blocked. You need to add an exception for the remote subnet or all subnet. SBS controls the firewall on LAN PC's but you can add exceptions. It is better though to make the changes in the Windows SBS client (windows Vista & XP) policies on the SBS itself.

Refernce link:http://www.petenetlive.com/KB/Article/0000193.htm

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Does your firewall configured to provide ip address to VPN clients which different subnet other than the internal subnet or it is set up to use the internal DHCP? FYI, RDP uses port 3389.
GerhardpetAuthor Commented:
Thank you for your help! Your link solved my problem by creating a GPO
Rob WilliamsCommented:
Good to hear. Thanks Gerhardpet.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now