Solved

Why can't I RDP over VPN to a machine to which I can RDP from the LAN

Posted on 2012-04-12
31
1,074 Views
Last Modified: 2012-08-13
I've got a user to whom I just gave a new machine. She still has her old machine running.

All machines are Windows 7. VPN is via Cisco AnyConnect client to our ASA.

She can RDP to the new machine from her old machine from within the LAN.

She can RDP to her old machine from the new machine on the LAN.

She can RDP to the old machine from her home machine on the VPN.

She *cannot* RDP to the new machine from her home machine on the VPN. The error is a simple authentication message (see attached screen shot).



She can RDP to another machine on the VPN and then hop from there to the new machine.

I looked at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
The Security Packages Key had kerberos msv1_0 schannel wdigest tspkg pku2u, as required.
4-12-2012-11-09-46-AM.png
0
Comment
Question by:richardRinJH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 6
  • 6
  • +3
31 Comments
 
LVL 6

Expert Comment

by:todd_beedy
ID: 37838831
VPN policy and certificates loaded on that new computer? Can she accesses all other network resources as before when she is VPN in?
0
 

Author Comment

by:richardRinJH
ID: 37838857
Yes. Access over the VPN is unchanged to all other resources. I'd think is was simply not having RDP open on the new machine except that she can get to it from within the LAN. I don't know of a setting that would allow it from within the LAN but on the VPN, is there one?
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 37838883
Because the Windows Firewall is on.  Turn the Windows firewall off (all 3 settings) and test.

Once confirmed you can turn it back on and modify the firewall to allow RDP from the VPN address pool.
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 6

Expert Comment

by:todd_beedy
ID: 37838922
Also make sure she did not set her "home" network to public when she "plugged in" at home.
0
 

Author Comment

by:richardRinJH
ID: 37838942
I thought about that, but the fact that she can see other machines inside the LAN from the VPN connection led me away from thinking it's on her end.
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 37839041
Turn the firewall off on the machine she is connecting TO, not the machine she is connecting FROM.
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 37839046
> I don't know of a setting that would allow it from within the LAN but on the VPN, is there one?

Yes.  The firewall.
0
 
LVL 6

Expert Comment

by:todd_beedy
ID: 37839183
When she is connecting on the lan I would assume you are authenticating on the domain so the windows firewall sets that up under the "domain" firewall rules. When she is connecting from outside, she could have selected public.
0
 

Author Comment

by:richardRinJH
ID: 37839247
Firewall is OFF on all settings as recommended. User is no longer at home so can't test right away. It will likely be this evening before I'll know more.
0
 
LVL 79

Expert Comment

by:arnold
ID: 37840343
Are all systems on the same subnet? Or isit possible that the new system has an ip that is outside the VPN rule or they have an ip overlap where the user's home network matches thrip of the new system.
0
 

Author Comment

by:richardRinJH
ID: 37852666
Still testing. The user has been on vacation!
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 37957646
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 37957647
I provided a valid answer and request the assigned points.
0
 
LVL 6

Expert Comment

by:todd_beedy
ID: 37957670
I also provided a valid answer(s) and dialogue with the open poster. I would like to ask the post remain open two more weeks until the OP can respond with specifics. If no posts have been made by that time, I would agree with closing and assigning points as to participants.
0
 

Author Comment

by:richardRinJH
ID: 37961078
The user in question returns to work on Monday and we will continue troubleshooting then. All solutions suggested to date have been applied with no success. The user will bring the laptop in question in to work on Monday and we'll see what we can find when we have it in hand.

I'd suggest letting the clock run on this for awhile longer.
0
 
LVL 6

Expert Comment

by:todd_beedy
ID: 37965503
Hello Richard,

any luck yet?
0
 
LVL 6

Expert Comment

by:todd_beedy
ID: 37966562
Experts,
 
Please make your recommendations here.  Your recommendations may include:
1) Delete/refund
2) Delete/no refund
3) Accept one or more Expert posts as the answer
4) PAQ refund if the Asker answered his/her own question
 
If you recommend #3 or #4, please indicate which post ID(s) should be selected as the answer.  To make it easier for us to process this request, when posting the comment ID(s) to use, please post them in the format http:#CommentID. For example, http:#a12345678.
 
Further, if you recommend #3 or #4, please include a sentence or two to help the Moderator understand why that comment/selection of comments is the right answer, as your Moderator will not necessarily be an Expert in this particular subject!
 
A Moderator will be along in about 4 days to finalize the question.  Anyone not posting within that window shall be deemed no longer interested in the outcome.
 
Link to CSG thread:
http://www.experts-exchange.com/R_5657.html
 
modus_operandi
EE Admin

Comment: http:#a37965503

recommend to #1 delete and refund as points and responses provided did not result in success for the issue posted.
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 37966584
3) Accept one or more Expert posts as the answer
50/50 split todd_beedy & RPPreacher
0
 

Author Comment

by:richardRinJH
ID: 37966598
No posts to this point have solved the problem. All were tested. I am pursuing a solution, but to date with no success.

I repeat, the problem has NOT been resolved.
0
 
LVL 79

Expert Comment

by:arnold
ID: 37967149
The problem is that it is unclear what your issue is.  It seems you are able to connect, but the credentials you are using are being reflected as the cause for the failure to connect.

If you are entering the wrong credentials, attaching local resources that cause the remote system to reject.  Checking the event log on the desktop for the period when the connection attempts were made are the only way to see why it is being rejected.
0
 

Author Comment

by:richardRinJH
ID: 37967196
Understood. As soon as I can coerce the user into bringing her laptop to work so I can get at it that's exactly what I'm going to do. I'm trying to get the information, but am fighting user inertia!
0
 
LVL 79

Expert Comment

by:arnold
ID: 37967312
Do you have the same VPN access?  Are you able to VPN and then RDP to a LAN system?
Is RDP on the LAN from the same system?
i.e. the laptop is on the LAN and then the user RDPs to that system?

ip route table from the remote user might be helpful before and after the VPN connection is established.
ipconfig /all
netstat -rn
0
 

Author Comment

by:richardRinJH
ID: 37967616
Using the same laptop, from the same Internet connection she can VPN to another machine sitting on her desk and plugged into another port on the same switch. If I switch the machines between the two ports the problem follows the machine.
0
 

Accepted Solution

by:
richardRinJH earned 0 total points
ID: 37972839
We solved the problem here. All Windows 7 Security Descriptors were missing in the registry. We added them back in manually and the problem was solved. We are unsure how the registry entries went missing, the machine was a direct purchase by the user and had never been in our shop before.

I don't believe any of the proposed solutions mentioned that, so no points awarded?
0
 

Expert Comment

by:Modalot
ID: 37977170
I've requested that this question be closed as follows:

Accepted answer: 0 points for richardRinJH's comment #37972839

for the following reason:

Final solution has been posted now by the Asker, and there were no Expert suggestions used, so accepting that comment is the only correct disposition.<br /><br />Modalot<br />Community Support Moderator
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 37977171
Expert solutions aided the Asker in troubleshooting and identifying a solution.  Our submitted troubleshooting steps contributed to the overall identification of a solution.
0
 

Author Comment

by:richardRinJH
ID: 37977523
I don't agree, but limited split OK by me.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question