Solved

Remote Desktop Issue

Posted on 2014-11-27
17
95 Views
Last Modified: 2015-04-12
OK the problem I have is.......

I can login remotely to Server1 from my laptop

User is unable to login from Site A to remote Server1.

User is able to remote login to Site B ok to there Server 2 (this is the same with 8 other remote site servers they have)

If I remote login to Server 2 then rdp from there to Server1 it works ok.

No computer at Site A can remote to Server1, but 8 other rdps work ok from Site A to different sites.

Error msg is 'Remote desktop cant connect to the remote computer'.

All servers are Server 2003.

Usernames password are not a issue.
0
Comment
Question by:Keith Owen
  • 8
  • 5
  • 4
17 Comments
 
LVL 12

Expert Comment

by:DLeaver
ID: 40468977
Sounds like a riddle!

Have you checked the permissions?

If Server 1 is accessible via your laptop and from another server then it would suggest you have permissions on your account to RDP but the other users have not been enabled to RDP on to this particular server.

Check the Remote connection permissions policy or ensure that the server is added to the same OU as the other RDP servers in order to allow the specified RDP users
0
 

Author Comment

by:Keith Owen
ID: 40468992
Ha yeh tell me about it!!

Had a check and everything looks ok.

It doesn't even get to the point of asking for username or password, its like the router is just blocking the connection from Site A.

Forgot to mention that this has been working in the past but just stopped for no reason. Nothing has been changed.

Just does not make sense!
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40469161
If you use:
telnet server1_ip 3389
and the result is something like: Could not open connection to the host
Then it's definitely a firewall issue.
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 40469197
When you say it works from your laptop, is that from site A?  If yes then a firewall/router issue is still a possibility, but it would be an odd fault rather than a misconfiguration.  If no then definitely try Kimputers suggestion above.

If it is the latter then I would confirm the outgoing ports on the firewall/router, do you have access to this?  Is it possible somebody may have adjusted the config?

Is connectivity up between these two sites?  Assume you have pinged from Site A?.....
0
 

Author Comment

by:Keith Owen
ID: 40469313
Thanks for the reply guys. I will try once I get a moment

All sites have separate Servers and networks (10 in all) Head office uses Remote desktop to login to each site to the Server.

All work but 1 site, it does not even make a connection, my laptop located offsite can connect ok. None of the machines can access this server from head office.

They all use the same user / password for each server (10 in all) If i use same details it works.

Kimputer - I can login from my laptop and from any other of the 9 Servers to this site, just head office will not even connect nevermind ask for user/password.

Thanks again
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40470216
As I said, in the head office:

telnet server1_ip 3389
and the result is something like: Could not open connection to the host
Then it's definitely a firewall issue

Firewall issue could be in firewall in head office or at the server though.
0
 

Author Comment

by:Keith Owen
ID: 40470360
Hi,

Ok tried this and the result was 'could not open connection to host.

Cant see  it being a firewall issue on the target server as it lets me in and 9 other connections from there other servers in.

Maybe Head office then?
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40470365
Firewall might have some unique rules (blocking IP number/range), but also, usually there's a firewall at the source, and at the destination. Therefore you have to investigate at both sides.
To distinguish if it's a protocol block or IP range block, you can try to access other things on the server (like FTP, www). If you can't access those either, it's an IP block. If you CAN access other services, it's a service block (still doesn't bring you closer to a solution though, you still need to investigate both sides, but at least you know a bit more on how the rule looks like)
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:Keith Owen
ID: 40470370
Ok thanks for the info, I will have a play.
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 40470567
OK, so no access at all from HO.

I would run through the following

1. From HO run the telnet again but against server 2, this will prove without doubt that outbound traffic is allowed out of your network on 3389.
2. Confirm on the HO firewall that traffic is allowed out (source) to the Server 1 site (destination).  As Kimputer suggests, testing other services is a good idea too, as if these work then you would just need to add 3389 to that allowed service list and you are done.
3. Confirm on the Server 1 site firewall that the HO subnet is allowed to send traffic inbound on 3389

* I questioned how these sites are connected previously.  If you RDP over the WAN then points 1-3 are sufficient to locate the issue.  If they are connected via VPN then you may need to go a step further and ensure that the correct subnets are added to the allowed list on either ends of the VPN tunnel.
0
 

Accepted Solution

by:
Keith Owen earned 0 total points
ID: 40710258
Ok I reset the router at the host and started from scratch and all worked ok, maybe something went a miss with the router.
0
 
LVL 12

Expert Comment

by:DLeaver
ID: 40712084
Up to you but myself and Kimputer both suggested it was a potential firewall issue....
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40714414
Clearly the firewall was configured incorrectly, and by resettings and starting over, you somehow got the configuration correct this time.
0
 

Author Comment

by:Keith Owen
ID: 40714418
The firewalls were turned off and still no connection were made so that is what made me think the router at host site was playing up.
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40714432
Yes, sometimes (but not often) that can happen. Better get a configuration backup now, as it might happen again in the future.
0
 

Author Comment

by:Keith Owen
ID: 40714438
Good call on that, thanks
0
 

Author Closing Comment

by:Keith Owen
ID: 40719448
I tried multiple ways to resolve the issue and in the end I just changed the router which worked.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now