Solved

Remote desktop works on the LAN but not from the WAN

Posted on 2013-06-10
24
1,909 Views
Last Modified: 2013-06-12
I have just set up a new Windows Server 2012.  Everything work, except I cannot connect to the remote desktop from locations outside the LAN (out of the building).  

The RDP work fine on the domain from one workstation to another and from a workstation to the server and from the server to the workstations.

When I enter the static ip address of the router remotely, it comes back and says cannot connect.

I am using a Comcast modem.  Is there any port forwarding on the modem?  I have the port 3389 forwarded to the server in the router.

How do I progressively test where the break in connection is?
0
Comment
Question by:ken_b
  • 14
  • 6
  • 3
  • +1
24 Comments
 
LVL 24

Expert Comment

by:smckeown777
Comment Utility
Normally you have to open port(Firewall) and then port forward(NAT) on the router - you've done both these yes? What router are you using

I assume the server has a default gateway assigned yes? It will work on the LAN without that but not over router(I've seen this from time to time when static ip's were assigned to servers internally) so just something to check...
0
 
LVL 14

Expert Comment

by:JAN PAKULA
Comment Utility
are you using xp to 2012?

update your rdp

http://www.microsoft.com/en-us/download/details.aspx?id=20609


on 2012 box temporarily disable your firewall and check then.
Is your nat port forwarding works both ways?
0
 

Author Comment

by:ken_b
Comment Utility
smckeown777:

On the Win 2012 server, I have the RDP allowed for all 3 categories checked in the server's firewall, and have also turned the firewall off temporarily with no results.

I believe I set up the default gateway correctly when I first configured the server, and the internet has been working fine through the router since.  Maybe if you could explain how I can double check that it is set correctly.

janpakula:

The workstations that I am trying to connect from are Win 8 or Win 7.  

I will look again at the router port forwarding settings.  I believe that I have it set to forward port 3389 to the server's ip address.  How can I confirm that the server is using 3389 for RDP?

I have pinged the router's address with no problem.
0
 

Author Comment

by:ken_b
Comment Utility
I just found that the port forwarding for 3389 was not forwarding to the server's address and have changed to the server's ip address.  Please stand by for testing...
0
 
LVL 24

Assisted Solution

by:smckeown777
smckeown777 earned 125 total points
Comment Utility
I was refering to the router firewall - routers normally have a NAT section(often called port forwarding) and a firewall section - ensure the port is active in the firewall section(you never mentioned which router you have)

As for testing this -

telnet <router ip> 3389

run that from machine on the outside - if you get a blank screen its working, I think you'll get another message(connection refused) which means its not working

As for confirming the server is using 3389 it will be by default(unless you've changed it with registry hack), but again the telnet command will show this

telnet <server ip> 3389

If it shows a blank screen with blinking cursor its using 3389
0
 

Author Comment

by:ken_b
Comment Utility
The testing still doesn't work.

I have a Belkin router.  The NAT section appears to be in the "Virtual Server" section.

I have port 3389, type tcp, going to the server's ip address, and to the same port 3389.

Stand by for the telnet testing...
0
 

Author Comment

by:ken_b
Comment Utility
"Could not open connection to the host on port 3389.  Connect failed"

What now?
0
 
LVL 24

Expert Comment

by:smckeown777
Comment Utility
This is from outside yes?
Is there a Firewall section on router?
0
 

Author Comment

by:ken_b
Comment Utility
What was meant by the earlier comment "Is your nat port forwarding works both ways?"

I am going to try turning off the server's firewall.

What can cause the connection failed in the telnet test?
0
 

Author Comment

by:ken_b
Comment Utility
yes test was from the inside, out using RDP to my home server and then back using RDP to this new server.

Stand by for my check on the router's firewall...
0
 

Author Comment

by:ken_b
Comment Utility
Router's firewall is off.  Still "Connect failed" on telenet test.
0
 
LVL 14

Expert Comment

by:JAN PAKULA
Comment Utility
can you even ping it from outside?
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 14

Expert Comment

by:JAN PAKULA
Comment Utility
try disabling your firewall on 2012 - (public one)
0
 

Author Comment

by:ken_b
Comment Utility
2012 firewall is off.  Still failed on telnet test.
0
 

Author Comment

by:ken_b
Comment Utility
I "installed" the RDP as a part of the setup of the server.  Did I need to start the service or do something else on the server to make it work?
0
 
LVL 24

Expert Comment

by:smckeown777
Comment Utility
U said rdp works on the lan...so that means everything is installed that is needed
Did u run the telnet test from lan? If that fails then u've a syntax issue
Note
Telnet ip 3389 - there's a space between ip and port
0
 

Author Comment

by:ken_b
Comment Utility
I ran the telnet from a cmd prompt on a server outside.  I am using an ip address which should be visible to the public.

(Edit: IP Address redacted - Modulus_Twelve)
0
 
LVL 24

Expert Comment

by:smckeown777
Comment Utility
Edit it out
No need for us to see it

Basically means the rules aren't working
Can u post screenshot of ur virtual server screen from router?
Edit out public ip's
0
 

Author Comment

by:ken_b
Comment Utility
Arg!  It won't let me edit it.  It locks when you responded.

I work on the screen shot.
0
 

Author Comment

by:ken_b
Comment Utility
screen shot of the port forwarding page of the belkin router attached
screen-shot-1.docx
0
 
LVL 24

Expert Comment

by:smckeown777
Comment Utility
You said the router firewall was off - possibly the router needs it enabled to make the NAT work...

Rules are ok, that's a lot of access you are opening to the internet though...

Switch the router firewall on and open port 3389 and see what happens

On that screen(virtual server) see the link at top - More info - any details in there for requirements to make it work? Or just basic help?
0
 

Author Comment

by:ken_b
Comment Utility
When I get back, I will try turning on the router firewall and also will reconfigure an entirely new router to see if that's the problem.

If anyone thinks of other possible solutions in the meanwhile, please post them.
 

Thanks
0
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 375 total points
Comment Utility
You need both TCP and UDP protocols to be forwarded
0
 

Author Closing Comment

by:ken_b
Comment Utility
Thanks to all for your efforts.  Making the port forwarding both TCP and UDP fixed it!

I am still wondering when to use both versus just one protocol over another.  But, problem fixed for now thanks to EE University.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

My GPO's made for 2008 R2 servers were not allowing me to RDP into a new 2012 server by default.  That’s why I tried to allow RDP via Powershell, because I could log into a remote shell without further configuration. Below I will describe how I wen…
The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now