Avatar of Keith Owen
Keith Owen
Flag for United Kingdom of Great Britain and Northern Ireland asked on

Remote Desktop Issue

OK the problem I have is.......

I can login remotely to Server1 from my laptop

User is unable to login from Site A to remote Server1.

User is able to remote login to Site B ok to there Server 2 (this is the same with 8 other remote site servers they have)

If I remote login to Server 2 then rdp from there to Server1 it works ok.

No computer at Site A can remote to Server1, but 8 other rdps work ok from Site A to different sites.

Error msg is 'Remote desktop cant connect to the remote computer'.

All servers are Server 2003.

Usernames password are not a issue.
Remote AccessWindows Server 2003Routers

Avatar of undefined
Last Comment
Keith Owen

8/22/2022 - Mon
DLeaver

Sounds like a riddle!

Have you checked the permissions?

If Server 1 is accessible via your laptop and from another server then it would suggest you have permissions on your account to RDP but the other users have not been enabled to RDP on to this particular server.

Check the Remote connection permissions policy or ensure that the server is added to the same OU as the other RDP servers in order to allow the specified RDP users
Keith Owen

ASKER
Ha yeh tell me about it!!

Had a check and everything looks ok.

It doesn't even get to the point of asking for username or password, its like the router is just blocking the connection from Site A.

Forgot to mention that this has been working in the past but just stopped for no reason. Nothing has been changed.

Just does not make sense!
Kimputer

If you use:
telnet server1_ip 3389
and the result is something like: Could not open connection to the host
Then it's definitely a firewall issue.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
DLeaver

When you say it works from your laptop, is that from site A?  If yes then a firewall/router issue is still a possibility, but it would be an odd fault rather than a misconfiguration.  If no then definitely try Kimputers suggestion above.

If it is the latter then I would confirm the outgoing ports on the firewall/router, do you have access to this?  Is it possible somebody may have adjusted the config?

Is connectivity up between these two sites?  Assume you have pinged from Site A?.....
Keith Owen

ASKER
Thanks for the reply guys. I will try once I get a moment

All sites have separate Servers and networks (10 in all) Head office uses Remote desktop to login to each site to the Server.

All work but 1 site, it does not even make a connection, my laptop located offsite can connect ok. None of the machines can access this server from head office.

They all use the same user / password for each server (10 in all) If i use same details it works.

Kimputer - I can login from my laptop and from any other of the 9 Servers to this site, just head office will not even connect nevermind ask for user/password.

Thanks again
Kimputer

As I said, in the head office:

telnet server1_ip 3389
and the result is something like: Could not open connection to the host
Then it's definitely a firewall issue

Firewall issue could be in firewall in head office or at the server though.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Keith Owen

ASKER
Hi,

Ok tried this and the result was 'could not open connection to host.

Cant see  it being a firewall issue on the target server as it lets me in and 9 other connections from there other servers in.

Maybe Head office then?
Kimputer

Firewall might have some unique rules (blocking IP number/range), but also, usually there's a firewall at the source, and at the destination. Therefore you have to investigate at both sides.
To distinguish if it's a protocol block or IP range block, you can try to access other things on the server (like FTP, www). If you can't access those either, it's an IP block. If you CAN access other services, it's a service block (still doesn't bring you closer to a solution though, you still need to investigate both sides, but at least you know a bit more on how the rule looks like)
Keith Owen

ASKER
Ok thanks for the info, I will have a play.
Your help has saved me hundreds of hours of internet surfing.
fblack61
DLeaver

OK, so no access at all from HO.

I would run through the following

1. From HO run the telnet again but against server 2, this will prove without doubt that outbound traffic is allowed out of your network on 3389.
2. Confirm on the HO firewall that traffic is allowed out (source) to the Server 1 site (destination).  As Kimputer suggests, testing other services is a good idea too, as if these work then you would just need to add 3389 to that allowed service list and you are done.
3. Confirm on the Server 1 site firewall that the HO subnet is allowed to send traffic inbound on 3389

* I questioned how these sites are connected previously.  If you RDP over the WAN then points 1-3 are sufficient to locate the issue.  If they are connected via VPN then you may need to go a step further and ensure that the correct subnets are added to the allowed list on either ends of the VPN tunnel.
ASKER CERTIFIED SOLUTION
Keith Owen

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
DLeaver

Up to you but myself and Kimputer both suggested it was a potential firewall issue....
Kimputer

Clearly the firewall was configured incorrectly, and by resettings and starting over, you somehow got the configuration correct this time.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Keith Owen

ASKER
The firewalls were turned off and still no connection were made so that is what made me think the router at host site was playing up.
Kimputer

Yes, sometimes (but not often) that can happen. Better get a configuration backup now, as it might happen again in the future.
Keith Owen

ASKER
Good call on that, thanks
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Keith Owen

ASKER
I tried multiple ways to resolve the issue and in the end I just changed the router which worked.