We help IT Professionals succeed at work.

Remote Desktop Issue

118 Views
Last Modified: 2015-04-12
OK the problem I have is.......

I can login remotely to Server1 from my laptop

User is unable to login from Site A to remote Server1.

User is able to remote login to Site B ok to there Server 2 (this is the same with 8 other remote site servers they have)

If I remote login to Server 2 then rdp from there to Server1 it works ok.

No computer at Site A can remote to Server1, but 8 other rdps work ok from Site A to different sites.

Error msg is 'Remote desktop cant connect to the remote computer'.

All servers are Server 2003.

Usernames password are not a issue.
Comment
Watch Question

CERTIFIED EXPERT

Commented:
Sounds like a riddle!

Have you checked the permissions?

If Server 1 is accessible via your laptop and from another server then it would suggest you have permissions on your account to RDP but the other users have not been enabled to RDP on to this particular server.

Check the Remote connection permissions policy or ensure that the server is added to the same OU as the other RDP servers in order to allow the specified RDP users
Keith OwenTechnical Director

Author

Commented:
Ha yeh tell me about it!!

Had a check and everything looks ok.

It doesn't even get to the point of asking for username or password, its like the router is just blocking the connection from Site A.

Forgot to mention that this has been working in the past but just stopped for no reason. Nothing has been changed.

Just does not make sense!
KimputerIT Manager
CERTIFIED EXPERT

Commented:
If you use:
telnet server1_ip 3389
and the result is something like: Could not open connection to the host
Then it's definitely a firewall issue.
CERTIFIED EXPERT

Commented:
When you say it works from your laptop, is that from site A?  If yes then a firewall/router issue is still a possibility, but it would be an odd fault rather than a misconfiguration.  If no then definitely try Kimputers suggestion above.

If it is the latter then I would confirm the outgoing ports on the firewall/router, do you have access to this?  Is it possible somebody may have adjusted the config?

Is connectivity up between these two sites?  Assume you have pinged from Site A?.....
Keith OwenTechnical Director

Author

Commented:
Thanks for the reply guys. I will try once I get a moment

All sites have separate Servers and networks (10 in all) Head office uses Remote desktop to login to each site to the Server.

All work but 1 site, it does not even make a connection, my laptop located offsite can connect ok. None of the machines can access this server from head office.

They all use the same user / password for each server (10 in all) If i use same details it works.

Kimputer - I can login from my laptop and from any other of the 9 Servers to this site, just head office will not even connect nevermind ask for user/password.

Thanks again
KimputerIT Manager
CERTIFIED EXPERT

Commented:
As I said, in the head office:

telnet server1_ip 3389
and the result is something like: Could not open connection to the host
Then it's definitely a firewall issue

Firewall issue could be in firewall in head office or at the server though.
Keith OwenTechnical Director

Author

Commented:
Hi,

Ok tried this and the result was 'could not open connection to host.

Cant see  it being a firewall issue on the target server as it lets me in and 9 other connections from there other servers in.

Maybe Head office then?
KimputerIT Manager
CERTIFIED EXPERT

Commented:
Firewall might have some unique rules (blocking IP number/range), but also, usually there's a firewall at the source, and at the destination. Therefore you have to investigate at both sides.
To distinguish if it's a protocol block or IP range block, you can try to access other things on the server (like FTP, www). If you can't access those either, it's an IP block. If you CAN access other services, it's a service block (still doesn't bring you closer to a solution though, you still need to investigate both sides, but at least you know a bit more on how the rule looks like)
Keith OwenTechnical Director

Author

Commented:
Ok thanks for the info, I will have a play.
CERTIFIED EXPERT

Commented:
OK, so no access at all from HO.

I would run through the following

1. From HO run the telnet again but against server 2, this will prove without doubt that outbound traffic is allowed out of your network on 3389.
2. Confirm on the HO firewall that traffic is allowed out (source) to the Server 1 site (destination).  As Kimputer suggests, testing other services is a good idea too, as if these work then you would just need to add 3389 to that allowed service list and you are done.
3. Confirm on the Server 1 site firewall that the HO subnet is allowed to send traffic inbound on 3389

* I questioned how these sites are connected previously.  If you RDP over the WAN then points 1-3 are sufficient to locate the issue.  If they are connected via VPN then you may need to go a step further and ensure that the correct subnets are added to the allowed list on either ends of the VPN tunnel.
Technical Director
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT

Commented:
Up to you but myself and Kimputer both suggested it was a potential firewall issue....
KimputerIT Manager
CERTIFIED EXPERT

Commented:
Clearly the firewall was configured incorrectly, and by resettings and starting over, you somehow got the configuration correct this time.
Keith OwenTechnical Director

Author

Commented:
The firewalls were turned off and still no connection were made so that is what made me think the router at host site was playing up.
KimputerIT Manager
CERTIFIED EXPERT

Commented:
Yes, sometimes (but not often) that can happen. Better get a configuration backup now, as it might happen again in the future.
Keith OwenTechnical Director

Author

Commented:
Good call on that, thanks
Keith OwenTechnical Director

Author

Commented:
I tried multiple ways to resolve the issue and in the end I just changed the router which worked.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.