networkadmin
asked on
server 2008 r2 Remote Desktop Services (RDS) IP question
Hello,
We have a Server 2008 R2 domain with a server running RDS. We can connect to the server from the client using the FQDN but cannot connect by typing in the IP address of the RDS server on the remote desktop connection client. We have several machines that are not part of the domain on the network and would like to connect via the IP address.
Tried turning the firewall off and both machines are on the same LAN subnet.
What am i missing? Our client machines are running Windows 7 RDC client.
Thank you for the help.
We have a Server 2008 R2 domain with a server running RDS. We can connect to the server from the client using the FQDN but cannot connect by typing in the IP address of the RDS server on the remote desktop connection client. We have several machines that are not part of the domain on the network and would like to connect via the IP address.
Tried turning the firewall off and both machines are on the same LAN subnet.
What am i missing? Our client machines are running Windows 7 RDC client.
Thank you for the help.
Do an nslookup on the client for the FQDN of the RDS server.
Is that the IP address you are putting into your RD client?
Not sure if you are accessing with an externally resolvable IP by what you said.
If it is the public address, and you only want to access it from inside the LAN, can you ping the LAN IP of the server from the client as suggested by Mysidia?
Is that the IP address you are putting into your RD client?
Not sure if you are accessing with an externally resolvable IP by what you said.
If it is the public address, and you only want to access it from inside the LAN, can you ping the LAN IP of the server from the client as suggested by Mysidia?
ASKER
1.
NLA is setup as you mentioned.
NLA is also disabled under Configuration for Remote Desktop Session Host server:
You can disable NLA by going to
-Remote Desktop Session Host Configurations
-TCP RDP Properties
-General tab
-uncheck the Allow NLA
-Security layer:negotiable
-encryption level: Client compatible
2.
The FQDN of the RDS server is the same as what I am putting into the RD client.
I am local on the same lan as the RDS server
Still no luck anything else?
NLA is setup as you mentioned.
NLA is also disabled under Configuration for Remote Desktop Session Host server:
You can disable NLA by going to
-Remote Desktop Session Host Configurations
-TCP RDP Properties
-General tab
-uncheck the Allow NLA
-Security layer:negotiable
-encryption level: Client compatible
2.
The FQDN of the RDS server is the same as what I am putting into the RD client.
I am local on the same lan as the RDS server
Still no luck anything else?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Right click My Computer > Properties
Try opening up the "Remote administration settings" ,
where you enable Remote Desktop Protocol
Check and see if Remote Desktop Protocol is enabled with the _bottom_ option selected
"Any version of the remote desktop protocol client", and not the middle option.
In other words: check to make sure that Network level authentication requirement disabled. Note that there are security ramifications, if the middle option was selected, and you change to the bottom option.
But to allow non-domain-joined computers to connect using RDP, you must use the bottom option and allow all remote desktop protocol clients to connect regardless of version.
A RDP client running on a computer that is not a member of your domain will not be capable of using network level authentication to verify the identity of the server you are connecting to.
These remote desktop protocol connections that do not use NLA can be intercepted, and usernames/passwords sent during login, or during a session can be captured by a bad actor on the LAN using a man-in-the-middle type of attack.
Prior to NLA; it's true that remote desktop protocol sessions are encrypted, BUT all remote desktop protocol sessions' encryption uses the same encryption key, prior to NLA; in other words, anyone who can sniff RDP traffic can decrypt it, prior to NLA.
Remote desktop protocol is not a secure method of remote administration, and NLA was an effort by Microsoft to secure the protocol.