?
Solved

Remote desktop works on the LAN but not from the WAN

Posted on 2013-06-10
24
Medium Priority
?
2,147 Views
Last Modified: 2013-06-12
I have just set up a new Windows Server 2012.  Everything work, except I cannot connect to the remote desktop from locations outside the LAN (out of the building).  

The RDP work fine on the domain from one workstation to another and from a workstation to the server and from the server to the workstations.

When I enter the static ip address of the router remotely, it comes back and says cannot connect.

I am using a Comcast modem.  Is there any port forwarding on the modem?  I have the port 3389 forwarded to the server in the router.

How do I progressively test where the break in connection is?
0
Comment
Question by:ken_b
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 14
  • 6
  • 3
  • +1
24 Comments
 
LVL 24

Expert Comment

by:smckeown777
ID: 39236221
Normally you have to open port(Firewall) and then port forward(NAT) on the router - you've done both these yes? What router are you using

I assume the server has a default gateway assigned yes? It will work on the LAN without that but not over router(I've seen this from time to time when static ip's were assigned to servers internally) so just something to check...
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 39236257
are you using xp to 2012?

update your rdp

http://www.microsoft.com/en-us/download/details.aspx?id=20609


on 2012 box temporarily disable your firewall and check then.
Is your nat port forwarding works both ways?
0
 

Author Comment

by:ken_b
ID: 39236283
smckeown777:

On the Win 2012 server, I have the RDP allowed for all 3 categories checked in the server's firewall, and have also turned the firewall off temporarily with no results.

I believe I set up the default gateway correctly when I first configured the server, and the internet has been working fine through the router since.  Maybe if you could explain how I can double check that it is set correctly.

janpakula:

The workstations that I am trying to connect from are Win 8 or Win 7.  

I will look again at the router port forwarding settings.  I believe that I have it set to forward port 3389 to the server's ip address.  How can I confirm that the server is using 3389 for RDP?

I have pinged the router's address with no problem.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Author Comment

by:ken_b
ID: 39236292
I just found that the port forwarding for 3389 was not forwarding to the server's address and have changed to the server's ip address.  Please stand by for testing...
0
 
LVL 24

Assisted Solution

by:smckeown777
smckeown777 earned 500 total points
ID: 39236293
I was refering to the router firewall - routers normally have a NAT section(often called port forwarding) and a firewall section - ensure the port is active in the firewall section(you never mentioned which router you have)

As for testing this -

telnet <router ip> 3389

run that from machine on the outside - if you get a blank screen its working, I think you'll get another message(connection refused) which means its not working

As for confirming the server is using 3389 it will be by default(unless you've changed it with registry hack), but again the telnet command will show this

telnet <server ip> 3389

If it shows a blank screen with blinking cursor its using 3389
0
 

Author Comment

by:ken_b
ID: 39236309
The testing still doesn't work.

I have a Belkin router.  The NAT section appears to be in the "Virtual Server" section.

I have port 3389, type tcp, going to the server's ip address, and to the same port 3389.

Stand by for the telnet testing...
0
 

Author Comment

by:ken_b
ID: 39236316
"Could not open connection to the host on port 3389.  Connect failed"

What now?
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 39236323
This is from outside yes?
Is there a Firewall section on router?
0
 

Author Comment

by:ken_b
ID: 39236324
What was meant by the earlier comment "Is your nat port forwarding works both ways?"

I am going to try turning off the server's firewall.

What can cause the connection failed in the telnet test?
0
 

Author Comment

by:ken_b
ID: 39236326
yes test was from the inside, out using RDP to my home server and then back using RDP to this new server.

Stand by for my check on the router's firewall...
0
 

Author Comment

by:ken_b
ID: 39236327
Router's firewall is off.  Still "Connect failed" on telenet test.
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 39236334
can you even ping it from outside?
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 39236339
try disabling your firewall on 2012 - (public one)
0
 

Author Comment

by:ken_b
ID: 39236349
2012 firewall is off.  Still failed on telnet test.
0
 

Author Comment

by:ken_b
ID: 39236354
I "installed" the RDP as a part of the setup of the server.  Did I need to start the service or do something else on the server to make it work?
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 39236358
U said rdp works on the lan...so that means everything is installed that is needed
Did u run the telnet test from lan? If that fails then u've a syntax issue
Note
Telnet ip 3389 - there's a space between ip and port
0
 

Author Comment

by:ken_b
ID: 39236366
I ran the telnet from a cmd prompt on a server outside.  I am using an ip address which should be visible to the public.

(Edit: IP Address redacted - Modulus_Twelve)
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 39236369
Edit it out
No need for us to see it

Basically means the rules aren't working
Can u post screenshot of ur virtual server screen from router?
Edit out public ip's
0
 

Author Comment

by:ken_b
ID: 39236376
Arg!  It won't let me edit it.  It locks when you responded.

I work on the screen shot.
0
 

Author Comment

by:ken_b
ID: 39236382
screen shot of the port forwarding page of the belkin router attached
screen-shot-1.docx
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 39236399
You said the router firewall was off - possibly the router needs it enabled to make the NAT work...

Rules are ok, that's a lot of access you are opening to the internet though...

Switch the router firewall on and open port 3389 and see what happens

On that screen(virtual server) see the link at top - More info - any details in there for requirements to make it work? Or just basic help?
0
 

Author Comment

by:ken_b
ID: 39236556
When I get back, I will try turning on the router firewall and also will reconfigure an entirely new router to see if that's the problem.

If anyone thinks of other possible solutions in the meanwhile, please post them.
 

Thanks
0
 
LVL 82

Accepted Solution

by:
David Johnson, CD, MVP earned 1500 total points
ID: 39236732
You need both TCP and UDP protocols to be forwarded
0
 

Author Closing Comment

by:ken_b
ID: 39240040
Thanks to all for your efforts.  Making the port forwarding both TCP and UDP fixed it!

I am still wondering when to use both versus just one protocol over another.  But, problem fixed for now thanks to EE University.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
Resolve DNS query failed errors for Exchange
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question