Solved

server 2008 r2 Remote Desktop Services (RDS) IP question

Posted on 2013-06-30
4
821 Views
Last Modified: 2013-07-17
Hello,

We have a Server 2008 R2 domain with a server running RDS.  We can connect to the server from the client using the FQDN but cannot connect by typing in the IP address of the RDS server on the remote desktop connection client.  We have several machines that are not part of the domain on the network and would like to connect via the IP address.

Tried turning the firewall off and both machines are on the same LAN subnet.

What am i missing? Our client machines are running Windows 7 RDC client.

Thank you for the help.
0
Comment
Question by:networkadmin
4 Comments
 
LVL 23

Expert Comment

by:Mysidia
ID: 39288983
First run a ping on the client, and verify the FQDN  indeed points to the same IP address..

Right click My Computer > Properties
Try opening up the "Remote administration settings" ,
where you enable Remote Desktop Protocol

Check and see if Remote Desktop Protocol is enabled with the  _bottom_  option selected
"Any version of the remote desktop protocol client",   and not the middle option.

In other words:  check to make sure that  Network level authentication requirement disabled.    Note that there are security ramifications,  if the middle option was selected, and you change to the bottom option.

But to allow non-domain-joined computers  to connect using RDP,  you must use the bottom option and allow all  remote desktop protocol clients to connect regardless of version.

A RDP client running on a computer that is not a member of your domain will not be capable of using network level authentication  to verify the identity of the server you are connecting to.


These  remote desktop protocol  connections that do not use NLA can be intercepted,  and  usernames/passwords  sent during login, or during a session can be captured by a bad actor on the LAN using a man-in-the-middle type of attack.

Prior to NLA; it's true that remote desktop protocol sessions are encrypted, BUT   all remote desktop protocol sessions' encryption uses the same encryption key,  prior to NLA;   in other words,   anyone  who  can sniff  RDP traffic can decrypt it,   prior to NLA.

Remote desktop protocol is not a secure method of remote administration,  and NLA was an effort by Microsoft to secure the protocol.
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39288998
Do an nslookup on the client for the FQDN of the RDS server.
Is that the IP address you are putting into your RD client?

Not sure if you are accessing with an externally resolvable IP by what you said.

If it is the public address, and you only want to access it from inside the LAN, can you ping the LAN IP of the server from the client as suggested by Mysidia?
0
 

Author Comment

by:networkadmin
ID: 39289020
1.
NLA is setup as you mentioned.

NLA is also disabled under Configuration for Remote Desktop Session Host server:
You can disable NLA by going to

-Remote Desktop Session Host Configurations

-TCP RDP Properties

-General tab

-uncheck the Allow NLA

-Security layer:negotiable

-encryption level: Client compatible

2.
The FQDN of the RDS server is the same as what I am putting into the RD client.

I am local on the same lan as the RDS server

Still no luck anything else?
0
 
LVL 4

Accepted Solution

by:
Dash Amr earned 500 total points
ID: 39289039
Hi,

Please Download and install this Hotfix link is below:
http://support.microsoft.com/kb/2768492

IF AND ONLY IF you still Have the issue please follow the following Steps:

1- Log on as an administrator to the remote 2008 server by using the console or by using Remote Desktop Services FROM A Windows XP CLIENT.

2-Open an elevated Command Prompt window (shift-right-click on the Command Prompt icon and select Run As Administrator, or type CMD in a run box and press ctrl-shift-Enter).

3-At the command prompt, type the following command, and then press ENTER:
                 winrm quickconfig

4-Answer Y to any prompts and then disconnect the remote session by closing the window (note: You do NOT have to restart the remote server).

5-You should now be able to connect to the remote server from the Windows 7 client, although it will appear to take longer than it does in XP, so be patient.

Hopefully this Will fix it :)
Cheers
Dash
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
Let’s list some of the technologies that enable smooth teleworking. 
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now