Solved

Remote Desktops Services not working to workstations

Posted on 2014-11-23
8
286 Views
Last Modified: 2014-11-23
Just took over managing a network for a company that has had 3 different companies managing it in the past year.  Two servers and 9 PCs with an SQL DB hosted on one of them.  The entire network had the firewalls turned off and a bunch of group policies defined to limit traffic.  All of this because apparently they didn't know how to enable a few SQL ports through the server and workstations.

I have tried removing all the policies I can find, turned the workstations firewalls on again but I am having issues with not having the ability to RDP to any of the workstations.  I can RDP to the servers no problem.  Have checked the workstations to make sure RDP is enabled and the firewall rules allow it as well...no luck.

Previously the owner could remote straight in to their workstation from home using the full machine name plus :3390 port at the end.  (Yes, they were natting apparently through the sonicwall.)  I removed all the sonicwall rules and redefined them all to push 1723 and 3389 to the VPN server and established the RAS service on that server.  They are no longer able to remote in, even with the port definition removed.

I can RDP into the servers but upon attempting to RDP from the servers to the workstations, this internal RDP does not work either.  Need help on where to look for what is stopping the workstation RDP function.
0
Comment
Question by:dstewart83161
8 Comments
 
LVL 10

Expert Comment

by:abraham808
ID: 40460687
Check the registry. FDenyTSConnections. This article shows one.  Http://www.computerperformance.co.uk/w2k3/services/terminal_services_remote_desktop.htm


there is another registry entry,

HKLM->SOFTWARE->Policies->Microsoft->Terminal Services->

check if fDenyTsconnections to 0
0
 

Author Comment

by:dstewart83161
ID: 40460697
Have checked a machine for the registry entry and it is set to 0.  Please note that the owner was able to remote in before to her machine but since I removed the NAT rules and I believe the GP rules it no longer allows remoting.  I'm not sure if I got all the GP rules discovered though.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 40460717
Looks like there was no PAT with the NAT applied, and port 3390 also used in the client RDP setup. Did you try that port (plus adding the new RDP rules to the Firewall for allowing port 3390)?

On another note, why do you forward port 3389 to the VPN server?
0
 

Author Comment

by:dstewart83161
ID: 40460739
Have always been taught that 3389 needed to be open for terminal services and to point it to the RAS server.  How else would it be done?

This issue is secondary to the primary issue though.  From the servers, I am unable to RDP to the workstations which is internal to the network.  No NATting or ports on the Sonicwall should be involved in that.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 15

Accepted Solution

by:
Perarduaadastra earned 500 total points
ID: 40460754
Have you confirmed that the workstations are listening for RDP connections on 3389? It seems from what you report that they might be listening on 3390, or indeed any other port that's been specified. You can check it in the target computer's registry by browsing to this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

In the right pane scroll down to PortNumber - the value in brackets is the port number being used. Be aware that if you change the value, you will need to reboot the workstation before it will take effect.

I'm guessing that three different companies managing the system in the space of a year equates to approximately zero documentation of the system and any changes made to it...
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 40460765
^^^ exactly what I tried to say in http:#a40460717.

"Have always been taught that 3389 needed to be open for terminal services and to point it to the RAS server. " What for? You either
 use RDP without a VPN, and RDP is forwarded to the machine you need to go to,
or
 user RDP with a VPN, and there is no port-forwarding - the VPN clients uses the LAN IPs.
0
 

Author Closing Comment

by:dstewart83161
ID: 40460792
This was it.  I assumed the Sonicwall rules were the only area that was changing the port.  Each of the machines in question had the port set to other than 3389.  reset them and rebooted and everything began working correctly both locally and remotely.  Thanks so much !!!
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 40460805
Sorry? That. again, is what I told you in http:#a40460717.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now