Solved

Remote desktop works on the LAN but not from the WAN

Posted on 2013-06-10
24
2,019 Views
Last Modified: 2013-06-12
I have just set up a new Windows Server 2012.  Everything work, except I cannot connect to the remote desktop from locations outside the LAN (out of the building).  

The RDP work fine on the domain from one workstation to another and from a workstation to the server and from the server to the workstations.

When I enter the static ip address of the router remotely, it comes back and says cannot connect.

I am using a Comcast modem.  Is there any port forwarding on the modem?  I have the port 3389 forwarded to the server in the router.

How do I progressively test where the break in connection is?
0
Comment
Question by:ken_b
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 14
  • 6
  • 3
  • +1
24 Comments
 
LVL 24

Expert Comment

by:smckeown777
ID: 39236221
Normally you have to open port(Firewall) and then port forward(NAT) on the router - you've done both these yes? What router are you using

I assume the server has a default gateway assigned yes? It will work on the LAN without that but not over router(I've seen this from time to time when static ip's were assigned to servers internally) so just something to check...
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 39236257
are you using xp to 2012?

update your rdp

http://www.microsoft.com/en-us/download/details.aspx?id=20609


on 2012 box temporarily disable your firewall and check then.
Is your nat port forwarding works both ways?
0
 

Author Comment

by:ken_b
ID: 39236283
smckeown777:

On the Win 2012 server, I have the RDP allowed for all 3 categories checked in the server's firewall, and have also turned the firewall off temporarily with no results.

I believe I set up the default gateway correctly when I first configured the server, and the internet has been working fine through the router since.  Maybe if you could explain how I can double check that it is set correctly.

janpakula:

The workstations that I am trying to connect from are Win 8 or Win 7.  

I will look again at the router port forwarding settings.  I believe that I have it set to forward port 3389 to the server's ip address.  How can I confirm that the server is using 3389 for RDP?

I have pinged the router's address with no problem.
0
Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

 

Author Comment

by:ken_b
ID: 39236292
I just found that the port forwarding for 3389 was not forwarding to the server's address and have changed to the server's ip address.  Please stand by for testing...
0
 
LVL 24

Assisted Solution

by:smckeown777
smckeown777 earned 125 total points
ID: 39236293
I was refering to the router firewall - routers normally have a NAT section(often called port forwarding) and a firewall section - ensure the port is active in the firewall section(you never mentioned which router you have)

As for testing this -

telnet <router ip> 3389

run that from machine on the outside - if you get a blank screen its working, I think you'll get another message(connection refused) which means its not working

As for confirming the server is using 3389 it will be by default(unless you've changed it with registry hack), but again the telnet command will show this

telnet <server ip> 3389

If it shows a blank screen with blinking cursor its using 3389
0
 

Author Comment

by:ken_b
ID: 39236309
The testing still doesn't work.

I have a Belkin router.  The NAT section appears to be in the "Virtual Server" section.

I have port 3389, type tcp, going to the server's ip address, and to the same port 3389.

Stand by for the telnet testing...
0
 

Author Comment

by:ken_b
ID: 39236316
"Could not open connection to the host on port 3389.  Connect failed"

What now?
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 39236323
This is from outside yes?
Is there a Firewall section on router?
0
 

Author Comment

by:ken_b
ID: 39236324
What was meant by the earlier comment "Is your nat port forwarding works both ways?"

I am going to try turning off the server's firewall.

What can cause the connection failed in the telnet test?
0
 

Author Comment

by:ken_b
ID: 39236326
yes test was from the inside, out using RDP to my home server and then back using RDP to this new server.

Stand by for my check on the router's firewall...
0
 

Author Comment

by:ken_b
ID: 39236327
Router's firewall is off.  Still "Connect failed" on telenet test.
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 39236334
can you even ping it from outside?
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 39236339
try disabling your firewall on 2012 - (public one)
0
 

Author Comment

by:ken_b
ID: 39236349
2012 firewall is off.  Still failed on telnet test.
0
 

Author Comment

by:ken_b
ID: 39236354
I "installed" the RDP as a part of the setup of the server.  Did I need to start the service or do something else on the server to make it work?
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 39236358
U said rdp works on the lan...so that means everything is installed that is needed
Did u run the telnet test from lan? If that fails then u've a syntax issue
Note
Telnet ip 3389 - there's a space between ip and port
0
 

Author Comment

by:ken_b
ID: 39236366
I ran the telnet from a cmd prompt on a server outside.  I am using an ip address which should be visible to the public.

(Edit: IP Address redacted - Modulus_Twelve)
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 39236369
Edit it out
No need for us to see it

Basically means the rules aren't working
Can u post screenshot of ur virtual server screen from router?
Edit out public ip's
0
 

Author Comment

by:ken_b
ID: 39236376
Arg!  It won't let me edit it.  It locks when you responded.

I work on the screen shot.
0
 

Author Comment

by:ken_b
ID: 39236382
screen shot of the port forwarding page of the belkin router attached
screen-shot-1.docx
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 39236399
You said the router firewall was off - possibly the router needs it enabled to make the NAT work...

Rules are ok, that's a lot of access you are opening to the internet though...

Switch the router firewall on and open port 3389 and see what happens

On that screen(virtual server) see the link at top - More info - any details in there for requirements to make it work? Or just basic help?
0
 

Author Comment

by:ken_b
ID: 39236556
When I get back, I will try turning on the router firewall and also will reconfigure an entirely new router to see if that's the problem.

If anyone thinks of other possible solutions in the meanwhile, please post them.
 

Thanks
0
 
LVL 80

Accepted Solution

by:
David Johnson, CD, MVP earned 375 total points
ID: 39236732
You need both TCP and UDP protocols to be forwarded
0
 

Author Closing Comment

by:ken_b
ID: 39240040
Thanks to all for your efforts.  Making the port forwarding both TCP and UDP fixed it!

I am still wondering when to use both versus just one protocol over another.  But, problem fixed for now thanks to EE University.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will review the basic installation and configuration for Windows Software Update Services (WSUS) in a Windows 2012 R2 environment.  WSUS is a Microsoft tool that allows administrators to manage and control updates to be approved and ins…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question