Solved

Suddenly cannot RDP or ping to or from RDS server 2008 except from within one subnet

Posted on 2013-10-25
15
1,146 Views
Last Modified: 2013-11-03
On a Windows 2008 R2 server running RDS, suddenly the server cannot be accessed via RDP expect by a machine on the same subnet.  It also cannot be pinged. Subnets cannot be accessed from that server at all (no pinging or mapping to anything in any other subnet). It cannot get to the Internet , though the Networking connection shows Internet as connected  OK.   i have checked the DHCP reservation, the DNS settings, flushed and registered, checked the adapter binding order, i have rebooted. I suspect a change in the firewall, some changes were made, am not managing the routing, but would like to know where to look on the Sonic Wall.  Any suggestions would be appreciated.
0
Comment
Question by:quaybj
  • 7
  • 4
  • 3
15 Comments
 
LVL 24

Expert Comment

by:smckeown777
Comment Utility
Since it can be accessed by machine on the same subnet that tells me its possibly a gateway setting that is wrong

Is the correct default gateway address setup on the server?
Can you from the server ping the default gateway?
If yes can you tracert to an external ip from it?

tracert 8.8.8.8 - run this from the server and see where it stops
0
 

Author Comment

by:quaybj
Comment Utility
Hi smckeown77

yes the gateway address is correct,
i cannot ping the gateway
tracert 8.8.8.8 fails
0
 
LVL 24

Expert Comment

by:smckeown777
Comment Utility
Ok, so next question is why can't you ping the gateway...

Have you a switch in the connection between server and gateway? I'd start by rebooting that
You mentioned changes in the firewall...since you can't even ping the gateway from the server that might be the case...can you login to the Sonicwall?

From it can you ping back to the server? Most Sonicwall devices have a ping utility to test this

As for what could have changed you'd need to look at the rules that are setup, usually there are rules based on interfaces...WAN-LAN, WAN-Subnet etc...your RDS is obviously on a specific subnet so I'd check for rules connected to that subnet

Which model Sonicwall?
0
 

Author Comment

by:quaybj
Comment Utility
The servers are colocated, so i can't reboot the switch until about 9 am.  The other servers in the same switch are pingable from another subnet, but not the one in question.  Other servers in the same switch are working ok, maybe a bad port?? seems strange...

I logged onto the sonic (NSA 2400)  and I cannot ping that server from the firewall, but i can ping the others.

I see a couple of things in the firewall address objects that look incorrect, but I am not managing the firewall and am not an expert, The config is complicated by VPN rules, i don't want to break it.  I will get the person handling this to check my questions.
0
 

Author Comment

by:quaybj
Comment Utility
I should add... the server can be accessed from my home by using the Sonicwall VPN  remote client.  If i use the VPN client, i can remote to the server by its internal IP address.
0
 
LVL 24

Expert Comment

by:smckeown777
Comment Utility
Ok, that also points to a rule breakdown...

Server is accessible from home over a VPN - so the rules between the local subnet the server is on and the VPN subnet are working...

So yes this looks more and more like a rule that is mis-configured, switch is probably not an issue, port is def not an issue if the server is accessible at all(which it is)
0
 

Author Comment

by:quaybj
Comment Utility
Thanks I will get back to you in a few hours.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 24

Expert Comment

by:diverseit
Comment Utility
Hi quaybj,

Ping is operational by default in the VPN tunnel and is not for other Zones, which would explain why ping is not working on the other Zones (not allowed via Access Rules).

Which Zone is the troubled server located in and which Zone are the others you mention in?

Can you provide a screen shot of your WAN > {whichever Zone your troubled server is in} within Firewall > Access Rules.

Thanks!
0
 

Author Comment

by:quaybj
Comment Utility
diverseit (nice handle!)

the troubled server is in the LAN zone, so are the rest of the servers, 8 different subnets.  The fact that the server cannot surf the net is also puzzling.  One of the Access groups has an entry 'sonic for udp' pointing to 192.168.1.3, but there is no server at 192.168.1.3.

I also wonder if i have a windows firewall problem.  I didn't change anything and it was working fine before .  I will send a screen shot of the rules shortly.
0
 
LVL 24

Accepted Solution

by:
diverseit earned 500 total points
Comment Utility
Sounds good!

Also disable the Windows Firewall via Services as through the GUI can lead to false/positives if there are OS corruptions.

So all the other servers are setup as sub-Interfaces within the LAN zone?

Diverse IT (Thanks!)
0
 

Author Comment

by:quaybj
Comment Utility
Sorry that was not clear, i meant that the other servers are all in the same subnet as the troubled one, which can only be remoted to from within the subnet - i have to remote to the colocation site, then remote to the RDS server.  it's as though it's in a cage, no pinging, no surfing, no remoting from it to anything else.  Even the VPN scenario is basically the same thing: get to the subnet via the sonicwall, then one can use RDP.

The Windows firewall is on on the whole domain via GP.  I did try to disable it just on the RDP via services, i got kicked off, and now i cannot remote to the server at all.  more later...
0
 
LVL 24

Expert Comment

by:diverseit
Comment Utility
OK. Thanks for the clarification. Let's just focus on the screenshot of the Access Rules and then go from there whenever you have a chance to get logged back in.

Talk to you soon.
0
 

Author Closing Comment

by:quaybj
Comment Utility
After i disabled the firewall and got disconnected in the process, the engineers at the colo rebooted, saw that that service was disabled when it came back up and re-enabled the firewall.  Everything went back to normal then.  Why this server hiccuped is still not clear, but starting and stopping the firewall did the trick.  I am awarding points here because i would not have gone to the services to disable the firewall right away, tweaking the  group policy settings for that server did not make the problem go away.  That tip saved me some work.
Thanks to Diverse IT!
0
 
LVL 24

Expert Comment

by:diverseit
Comment Utility
My pleasure. Glad I could help and thanks for the points!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now