Suddenly cannot RDP or ping to or from RDS server 2008 except from within one subnet
On a Windows 2008 R2 server running RDS, suddenly the server cannot be accessed via RDP expect by a machine on the same subnet. It also cannot be pinged. Subnets cannot be accessed from that server at all (no pinging or mapping to anything in any other subnet). It cannot get to the Internet , though the Networking connection shows Internet as connected OK. i have checked the DHCP reservation, the DNS settings, flushed and registered, checked the adapter binding order, i have rebooted. I suspect a change in the firewall, some changes were made, am not managing the routing, but would like to know where to look on the Sonic Wall. Any suggestions would be appreciated.
ASKER
Hi smckeown77
yes the gateway address is correct,
i cannot ping the gateway
tracert 8.8.8.8 fails
yes the gateway address is correct,
i cannot ping the gateway
tracert 8.8.8.8 fails
Ok, so next question is why can't you ping the gateway...
Have you a switch in the connection between server and gateway? I'd start by rebooting that
You mentioned changes in the firewall...since you can't even ping the gateway from the server that might be the case...can you login to the Sonicwall?
From it can you ping back to the server? Most Sonicwall devices have a ping utility to test this
As for what could have changed you'd need to look at the rules that are setup, usually there are rules based on interfaces...WAN-LAN, WAN-Subnet etc...your RDS is obviously on a specific subnet so I'd check for rules connected to that subnet
Which model Sonicwall?
Have you a switch in the connection between server and gateway? I'd start by rebooting that
You mentioned changes in the firewall...since you can't even ping the gateway from the server that might be the case...can you login to the Sonicwall?
From it can you ping back to the server? Most Sonicwall devices have a ping utility to test this
As for what could have changed you'd need to look at the rules that are setup, usually there are rules based on interfaces...WAN-LAN, WAN-Subnet etc...your RDS is obviously on a specific subnet so I'd check for rules connected to that subnet
Which model Sonicwall?
ASKER
The servers are colocated, so i can't reboot the switch until about 9 am. The other servers in the same switch are pingable from another subnet, but not the one in question. Other servers in the same switch are working ok, maybe a bad port?? seems strange...
I logged onto the sonic (NSA 2400) and I cannot ping that server from the firewall, but i can ping the others.
I see a couple of things in the firewall address objects that look incorrect, but I am not managing the firewall and am not an expert, The config is complicated by VPN rules, i don't want to break it. I will get the person handling this to check my questions.
I logged onto the sonic (NSA 2400) and I cannot ping that server from the firewall, but i can ping the others.
I see a couple of things in the firewall address objects that look incorrect, but I am not managing the firewall and am not an expert, The config is complicated by VPN rules, i don't want to break it. I will get the person handling this to check my questions.
ASKER
I should add... the server can be accessed from my home by using the Sonicwall VPN remote client. If i use the VPN client, i can remote to the server by its internal IP address.
Ok, that also points to a rule breakdown...
Server is accessible from home over a VPN - so the rules between the local subnet the server is on and the VPN subnet are working...
So yes this looks more and more like a rule that is mis-configured, switch is probably not an issue, port is def not an issue if the server is accessible at all(which it is)
Server is accessible from home over a VPN - so the rules between the local subnet the server is on and the VPN subnet are working...
So yes this looks more and more like a rule that is mis-configured, switch is probably not an issue, port is def not an issue if the server is accessible at all(which it is)
ASKER
Thanks I will get back to you in a few hours.
Hi quaybj,
Ping is operational by default in the VPN tunnel and is not for other Zones, which would explain why ping is not working on the other Zones (not allowed via Access Rules).
Which Zone is the troubled server located in and which Zone are the others you mention in?
Can you provide a screen shot of your WAN > {whichever Zone your troubled server is in} within Firewall > Access Rules.
Thanks!
Ping is operational by default in the VPN tunnel and is not for other Zones, which would explain why ping is not working on the other Zones (not allowed via Access Rules).
Which Zone is the troubled server located in and which Zone are the others you mention in?
Can you provide a screen shot of your WAN > {whichever Zone your troubled server is in} within Firewall > Access Rules.
Thanks!
ASKER
diverseit (nice handle!)
the troubled server is in the LAN zone, so are the rest of the servers, 8 different subnets. The fact that the server cannot surf the net is also puzzling. One of the Access groups has an entry 'sonic for udp' pointing to 192.168.1.3, but there is no server at 192.168.1.3.
I also wonder if i have a windows firewall problem. I didn't change anything and it was working fine before . I will send a screen shot of the rules shortly.
the troubled server is in the LAN zone, so are the rest of the servers, 8 different subnets. The fact that the server cannot surf the net is also puzzling. One of the Access groups has an entry 'sonic for udp' pointing to 192.168.1.3, but there is no server at 192.168.1.3.
I also wonder if i have a windows firewall problem. I didn't change anything and it was working fine before . I will send a screen shot of the rules shortly.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry that was not clear, i meant that the other servers are all in the same subnet as the troubled one, which can only be remoted to from within the subnet - i have to remote to the colocation site, then remote to the RDS server. it's as though it's in a cage, no pinging, no surfing, no remoting from it to anything else. Even the VPN scenario is basically the same thing: get to the subnet via the sonicwall, then one can use RDP.
The Windows firewall is on on the whole domain via GP. I did try to disable it just on the RDP via services, i got kicked off, and now i cannot remote to the server at all. more later...
The Windows firewall is on on the whole domain via GP. I did try to disable it just on the RDP via services, i got kicked off, and now i cannot remote to the server at all. more later...
OK. Thanks for the clarification. Let's just focus on the screenshot of the Access Rules and then go from there whenever you have a chance to get logged back in.
Talk to you soon.
Talk to you soon.
ASKER
After i disabled the firewall and got disconnected in the process, the engineers at the colo rebooted, saw that that service was disabled when it came back up and re-enabled the firewall. Everything went back to normal then. Why this server hiccuped is still not clear, but starting and stopping the firewall did the trick. I am awarding points here because i would not have gone to the services to disable the firewall right away, tweaking the group policy settings for that server did not make the problem go away. That tip saved me some work.
Thanks to Diverse IT!
Thanks to Diverse IT!
My pleasure. Glad I could help and thanks for the points!
Is the correct default gateway address setup on the server?
Can you from the server ping the default gateway?
If yes can you tracert to an external ip from it?
tracert 8.8.8.8 - run this from the server and see where it stops