• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1291
  • Last Modified:

Suddenly cannot RDP or ping to or from RDS server 2008 except from within one subnet

On a Windows 2008 R2 server running RDS, suddenly the server cannot be accessed via RDP expect by a machine on the same subnet.  It also cannot be pinged. Subnets cannot be accessed from that server at all (no pinging or mapping to anything in any other subnet). It cannot get to the Internet , though the Networking connection shows Internet as connected  OK.   i have checked the DHCP reservation, the DNS settings, flushed and registered, checked the adapter binding order, i have rebooted. I suspect a change in the firewall, some changes were made, am not managing the routing, but would like to know where to look on the Sonic Wall.  Any suggestions would be appreciated.
0
quaybj
Asked:
quaybj
  • 7
  • 4
  • 3
1 Solution
 
smckeown777Commented:
Since it can be accessed by machine on the same subnet that tells me its possibly a gateway setting that is wrong

Is the correct default gateway address setup on the server?
Can you from the server ping the default gateway?
If yes can you tracert to an external ip from it?

tracert 8.8.8.8 - run this from the server and see where it stops
0
 
quaybjAuthor Commented:
Hi smckeown77

yes the gateway address is correct,
i cannot ping the gateway
tracert 8.8.8.8 fails
0
 
smckeown777Commented:
Ok, so next question is why can't you ping the gateway...

Have you a switch in the connection between server and gateway? I'd start by rebooting that
You mentioned changes in the firewall...since you can't even ping the gateway from the server that might be the case...can you login to the Sonicwall?

From it can you ping back to the server? Most Sonicwall devices have a ping utility to test this

As for what could have changed you'd need to look at the rules that are setup, usually there are rules based on interfaces...WAN-LAN, WAN-Subnet etc...your RDS is obviously on a specific subnet so I'd check for rules connected to that subnet

Which model Sonicwall?
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
quaybjAuthor Commented:
The servers are colocated, so i can't reboot the switch until about 9 am.  The other servers in the same switch are pingable from another subnet, but not the one in question.  Other servers in the same switch are working ok, maybe a bad port?? seems strange...

I logged onto the sonic (NSA 2400)  and I cannot ping that server from the firewall, but i can ping the others.

I see a couple of things in the firewall address objects that look incorrect, but I am not managing the firewall and am not an expert, The config is complicated by VPN rules, i don't want to break it.  I will get the person handling this to check my questions.
0
 
quaybjAuthor Commented:
I should add... the server can be accessed from my home by using the Sonicwall VPN  remote client.  If i use the VPN client, i can remote to the server by its internal IP address.
0
 
smckeown777Commented:
Ok, that also points to a rule breakdown...

Server is accessible from home over a VPN - so the rules between the local subnet the server is on and the VPN subnet are working...

So yes this looks more and more like a rule that is mis-configured, switch is probably not an issue, port is def not an issue if the server is accessible at all(which it is)
0
 
quaybjAuthor Commented:
Thanks I will get back to you in a few hours.
0
 
Blue Street TechLast KnightsCommented:
Hi quaybj,

Ping is operational by default in the VPN tunnel and is not for other Zones, which would explain why ping is not working on the other Zones (not allowed via Access Rules).

Which Zone is the troubled server located in and which Zone are the others you mention in?

Can you provide a screen shot of your WAN > {whichever Zone your troubled server is in} within Firewall > Access Rules.

Thanks!
0
 
quaybjAuthor Commented:
diverseit (nice handle!)

the troubled server is in the LAN zone, so are the rest of the servers, 8 different subnets.  The fact that the server cannot surf the net is also puzzling.  One of the Access groups has an entry 'sonic for udp' pointing to 192.168.1.3, but there is no server at 192.168.1.3.

I also wonder if i have a windows firewall problem.  I didn't change anything and it was working fine before .  I will send a screen shot of the rules shortly.
0
 
Blue Street TechLast KnightsCommented:
Sounds good!

Also disable the Windows Firewall via Services as through the GUI can lead to false/positives if there are OS corruptions.

So all the other servers are setup as sub-Interfaces within the LAN zone?

Diverse IT (Thanks!)
0
 
quaybjAuthor Commented:
Sorry that was not clear, i meant that the other servers are all in the same subnet as the troubled one, which can only be remoted to from within the subnet - i have to remote to the colocation site, then remote to the RDS server.  it's as though it's in a cage, no pinging, no surfing, no remoting from it to anything else.  Even the VPN scenario is basically the same thing: get to the subnet via the sonicwall, then one can use RDP.

The Windows firewall is on on the whole domain via GP.  I did try to disable it just on the RDP via services, i got kicked off, and now i cannot remote to the server at all.  more later...
0
 
Blue Street TechLast KnightsCommented:
OK. Thanks for the clarification. Let's just focus on the screenshot of the Access Rules and then go from there whenever you have a chance to get logged back in.

Talk to you soon.
0
 
quaybjAuthor Commented:
After i disabled the firewall and got disconnected in the process, the engineers at the colo rebooted, saw that that service was disabled when it came back up and re-enabled the firewall.  Everything went back to normal then.  Why this server hiccuped is still not clear, but starting and stopping the firewall did the trick.  I am awarding points here because i would not have gone to the services to disable the firewall right away, tweaking the  group policy settings for that server did not make the problem go away.  That tip saved me some work.
Thanks to Diverse IT!
0
 
Blue Street TechLast KnightsCommented:
My pleasure. Glad I could help and thanks for the points!
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

  • 7
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now