Solved

Remote Desktops Services not working to workstations

Posted on 2014-11-23
8
289 Views
Last Modified: 2014-11-23
Just took over managing a network for a company that has had 3 different companies managing it in the past year.  Two servers and 9 PCs with an SQL DB hosted on one of them.  The entire network had the firewalls turned off and a bunch of group policies defined to limit traffic.  All of this because apparently they didn't know how to enable a few SQL ports through the server and workstations.

I have tried removing all the policies I can find, turned the workstations firewalls on again but I am having issues with not having the ability to RDP to any of the workstations.  I can RDP to the servers no problem.  Have checked the workstations to make sure RDP is enabled and the firewall rules allow it as well...no luck.

Previously the owner could remote straight in to their workstation from home using the full machine name plus :3390 port at the end.  (Yes, they were natting apparently through the sonicwall.)  I removed all the sonicwall rules and redefined them all to push 1723 and 3389 to the VPN server and established the RAS service on that server.  They are no longer able to remote in, even with the port definition removed.

I can RDP into the servers but upon attempting to RDP from the servers to the workstations, this internal RDP does not work either.  Need help on where to look for what is stopping the workstation RDP function.
0
Comment
Question by:dstewart83161
8 Comments
 
LVL 10

Expert Comment

by:abraham808
ID: 40460687
Check the registry. FDenyTSConnections. This article shows one.  Http://www.computerperformance.co.uk/w2k3/services/terminal_services_remote_desktop.htm


there is another registry entry,

HKLM->SOFTWARE->Policies->Microsoft->Terminal Services->

check if fDenyTsconnections to 0
0
 

Author Comment

by:dstewart83161
ID: 40460697
Have checked a machine for the registry entry and it is set to 0.  Please note that the owner was able to remote in before to her machine but since I removed the NAT rules and I believe the GP rules it no longer allows remoting.  I'm not sure if I got all the GP rules discovered though.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40460717
Looks like there was no PAT with the NAT applied, and port 3390 also used in the client RDP setup. Did you try that port (plus adding the new RDP rules to the Firewall for allowing port 3390)?

On another note, why do you forward port 3389 to the VPN server?
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:dstewart83161
ID: 40460739
Have always been taught that 3389 needed to be open for terminal services and to point it to the RAS server.  How else would it be done?

This issue is secondary to the primary issue though.  From the servers, I am unable to RDP to the workstations which is internal to the network.  No NATting or ports on the Sonicwall should be involved in that.
0
 
LVL 15

Accepted Solution

by:
Perarduaadastra earned 500 total points
ID: 40460754
Have you confirmed that the workstations are listening for RDP connections on 3389? It seems from what you report that they might be listening on 3390, or indeed any other port that's been specified. You can check it in the target computer's registry by browsing to this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

In the right pane scroll down to PortNumber - the value in brackets is the port number being used. Be aware that if you change the value, you will need to reboot the workstation before it will take effect.

I'm guessing that three different companies managing the system in the space of a year equates to approximately zero documentation of the system and any changes made to it...
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40460765
^^^ exactly what I tried to say in http:#a40460717.

"Have always been taught that 3389 needed to be open for terminal services and to point it to the RAS server. " What for? You either
 use RDP without a VPN, and RDP is forwarded to the machine you need to go to,
or
 user RDP with a VPN, and there is no port-forwarding - the VPN clients uses the LAN IPs.
0
 

Author Closing Comment

by:dstewart83161
ID: 40460792
This was it.  I assumed the Sonicwall rules were the only area that was changing the port.  Each of the machines in question had the port set to other than 3389.  reset them and rebooted and everything began working correctly both locally and remotely.  Thanks so much !!!
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40460805
Sorry? That. again, is what I told you in http:#a40460717.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
The 21st century solution to antiquated pagers.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question