Solved

Remote Desktops Services not working to workstations

Posted on 2014-11-23
8
290 Views
Last Modified: 2014-11-23
Just took over managing a network for a company that has had 3 different companies managing it in the past year.  Two servers and 9 PCs with an SQL DB hosted on one of them.  The entire network had the firewalls turned off and a bunch of group policies defined to limit traffic.  All of this because apparently they didn't know how to enable a few SQL ports through the server and workstations.

I have tried removing all the policies I can find, turned the workstations firewalls on again but I am having issues with not having the ability to RDP to any of the workstations.  I can RDP to the servers no problem.  Have checked the workstations to make sure RDP is enabled and the firewall rules allow it as well...no luck.

Previously the owner could remote straight in to their workstation from home using the full machine name plus :3390 port at the end.  (Yes, they were natting apparently through the sonicwall.)  I removed all the sonicwall rules and redefined them all to push 1723 and 3389 to the VPN server and established the RAS service on that server.  They are no longer able to remote in, even with the port definition removed.

I can RDP into the servers but upon attempting to RDP from the servers to the workstations, this internal RDP does not work either.  Need help on where to look for what is stopping the workstation RDP function.
0
Comment
Question by:dstewart83161
8 Comments
 
LVL 10

Expert Comment

by:abraham808
ID: 40460687
Check the registry. FDenyTSConnections. This article shows one.  Http://www.computerperformance.co.uk/w2k3/services/terminal_services_remote_desktop.htm


there is another registry entry,

HKLM->SOFTWARE->Policies->Microsoft->Terminal Services->

check if fDenyTsconnections to 0
0
 

Author Comment

by:dstewart83161
ID: 40460697
Have checked a machine for the registry entry and it is set to 0.  Please note that the owner was able to remote in before to her machine but since I removed the NAT rules and I believe the GP rules it no longer allows remoting.  I'm not sure if I got all the GP rules discovered though.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40460717
Looks like there was no PAT with the NAT applied, and port 3390 also used in the client RDP setup. Did you try that port (plus adding the new RDP rules to the Firewall for allowing port 3390)?

On another note, why do you forward port 3389 to the VPN server?
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 

Author Comment

by:dstewart83161
ID: 40460739
Have always been taught that 3389 needed to be open for terminal services and to point it to the RAS server.  How else would it be done?

This issue is secondary to the primary issue though.  From the servers, I am unable to RDP to the workstations which is internal to the network.  No NATting or ports on the Sonicwall should be involved in that.
0
 
LVL 15

Accepted Solution

by:
Perarduaadastra earned 500 total points
ID: 40460754
Have you confirmed that the workstations are listening for RDP connections on 3389? It seems from what you report that they might be listening on 3390, or indeed any other port that's been specified. You can check it in the target computer's registry by browsing to this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

In the right pane scroll down to PortNumber - the value in brackets is the port number being used. Be aware that if you change the value, you will need to reboot the workstation before it will take effect.

I'm guessing that three different companies managing the system in the space of a year equates to approximately zero documentation of the system and any changes made to it...
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40460765
^^^ exactly what I tried to say in http:#a40460717.

"Have always been taught that 3389 needed to be open for terminal services and to point it to the RAS server. " What for? You either
 use RDP without a VPN, and RDP is forwarded to the machine you need to go to,
or
 user RDP with a VPN, and there is no port-forwarding - the VPN clients uses the LAN IPs.
0
 

Author Closing Comment

by:dstewart83161
ID: 40460792
This was it.  I assumed the Sonicwall rules were the only area that was changing the port.  Each of the machines in question had the port set to other than 3389.  reset them and rebooted and everything began working correctly both locally and remotely.  Thanks so much !!!
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40460805
Sorry? That. again, is what I told you in http:#a40460717.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question