• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1503
  • Last Modified:

Cannot RDP over VPN to SBS 2011 server

Hi All,
I have an issue with my firewall or possibly the router. I need to be able to RDP to a pair of SBS boxes over a VPN tunnel using the Cisco VPN client
The cisco connecting is an 877
Essentially I can connect the VPN fine and I can ping the server (192.168.50.5) but cannot RDP to it. I can ping the server IP and browse the folders etc.
However I can connect and RDP to other machines in the network.
A terminal service box 192.168.50.6 and a windows 7 reporting machine (192.168.50.7)
What would be the setting to change on the SBS box to allow a direct RDP into it over the VPN?
The only other thing to note is the Cisco is using Radius authentication.
Any help you can provide would be great!
Thanks
Craig
MrBungle50
I reckon it is a group policy but can't be sure
1
mrbungle50
Asked:
mrbungle50
1 Solution
 
Rob WilliamsCommented:
Devices on an SBS domain have a firewall exception created automatically to allow RDP connections, however by default they only allow connections from the local subnet. When using a VPN you are usually connecting from a different subnet so the firewall exception has to be edited manualy on the device to which you want to connect or you can do so through group policy. Pete Long has a great article on doing so with group policy:
http://www.petenetlive.com/KB/Article/0000193.htm
0
 
ComsycoCommented:
An obvious question but can you RDP to the SBS when on the same network? It could be that RDP isn't configured correctly if you can't..
0
 
mrbungle50Author Commented:
Thanks guys, Firstly I'll look at the link and check out the subnet exception
And yes, I can RDP internally, essentially I can RDP over vpn to the TS box and then RDP no worries to the SBS from inside the subnet.
Will post findings after the link investigation.
Craig
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
mrbungle50Author Commented:
Hi guys I tried the config changes to GPO in Pete's article. however it doesn't work still no good connecting to the SBS machine direct over VPN
The one thing he doesn't mention in that article is which GOPO to edit. obviously in an SBS machine there are quite a few policies already set up.
Can you shed light on which one would be the effective one?
Thanks
Craig
MrBungle50
0
 
Rob WilliamsCommented:
The firewall on PC's is controlled by the following policies:
Windows SBS Client - Windows Vista -Win 7 Policy
Windows SBS Client - Windows XP Policy

The SBS itself is not controlled by a policy in the default configuration. With it best bet is to go to administrative tools | windows firewall with advanced security | inbound rules | remote desktop (TCP-in) Properties | scope and select "any" or add the remote subnet | Also under advanced select Domain, Public, and private and I am not sure but the default "block edge traversal" should be OK, but if not change to Allow, but only if necessary.
0
 
Marius GunnerudSenior Systems EngineerCommented:
Are you able to telnet to the server using port 3389 over the vpn?  Are there any ACLs on the firewall or router that might be blocking traffic?
Are you able to RDP to the server from a different computer over the VPN? Is your user account on the server a member of the remote operators group? Are there any Group Policies that might be denying RDP for your user account?
0
 
mrbungle50Author Commented:
Hi Mag33
I have a cisco guy looking at the config  don't think it's the cisco as you can RDP direct to other machines in the network  , just not the SBS
But we'll see..
Cheers
Craig
MrBungle50
0
 
mrbungle50Author Commented:
Still looking into the config chaps, will post results as I have them.
I have posted a new question about the cisco also, so maybe the who;e cisco thing is a troublesome issue?
Craig
MrBungle50
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now