Link to home
Start Free TrialLog in
Avatar of Keith Owen
Keith OwenFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Remote Desktop Issue

OK the problem I have is.......

I can login remotely to Server1 from my laptop

User is unable to login from Site A to remote Server1.

User is able to remote login to Site B ok to there Server 2 (this is the same with 8 other remote site servers they have)

If I remote login to Server 2 then rdp from there to Server1 it works ok.

No computer at Site A can remote to Server1, but 8 other rdps work ok from Site A to different sites.

Error msg is 'Remote desktop cant connect to the remote computer'.

All servers are Server 2003.

Usernames password are not a issue.
Avatar of DLeaver
Flag of United Kingdom of Great Britain and Northern Ireland image

Sounds like a riddle!

Have you checked the permissions?

If Server 1 is accessible via your laptop and from another server then it would suggest you have permissions on your account to RDP but the other users have not been enabled to RDP on to this particular server.

Check the Remote connection permissions policy or ensure that the server is added to the same OU as the other RDP servers in order to allow the specified RDP users
Avatar of Keith Owen


Ha yeh tell me about it!!

Had a check and everything looks ok.

It doesn't even get to the point of asking for username or password, its like the router is just blocking the connection from Site A.

Forgot to mention that this has been working in the past but just stopped for no reason. Nothing has been changed.

Just does not make sense!
Avatar of Kimputer

If you use:
telnet server1_ip 3389
and the result is something like: Could not open connection to the host
Then it's definitely a firewall issue.
When you say it works from your laptop, is that from site A?  If yes then a firewall/router issue is still a possibility, but it would be an odd fault rather than a misconfiguration.  If no then definitely try Kimputers suggestion above.

If it is the latter then I would confirm the outgoing ports on the firewall/router, do you have access to this?  Is it possible somebody may have adjusted the config?

Is connectivity up between these two sites?  Assume you have pinged from Site A?.....
Thanks for the reply guys. I will try once I get a moment

All sites have separate Servers and networks (10 in all) Head office uses Remote desktop to login to each site to the Server.

All work but 1 site, it does not even make a connection, my laptop located offsite can connect ok. None of the machines can access this server from head office.

They all use the same user / password for each server (10 in all) If i use same details it works.

Kimputer - I can login from my laptop and from any other of the 9 Servers to this site, just head office will not even connect nevermind ask for user/password.

Thanks again
As I said, in the head office:

telnet server1_ip 3389
and the result is something like: Could not open connection to the host
Then it's definitely a firewall issue

Firewall issue could be in firewall in head office or at the server though.

Ok tried this and the result was 'could not open connection to host.

Cant see  it being a firewall issue on the target server as it lets me in and 9 other connections from there other servers in.

Maybe Head office then?
Firewall might have some unique rules (blocking IP number/range), but also, usually there's a firewall at the source, and at the destination. Therefore you have to investigate at both sides.
To distinguish if it's a protocol block or IP range block, you can try to access other things on the server (like FTP, www). If you can't access those either, it's an IP block. If you CAN access other services, it's a service block (still doesn't bring you closer to a solution though, you still need to investigate both sides, but at least you know a bit more on how the rule looks like)
Ok thanks for the info, I will have a play.
OK, so no access at all from HO.

I would run through the following

1. From HO run the telnet again but against server 2, this will prove without doubt that outbound traffic is allowed out of your network on 3389.
2. Confirm on the HO firewall that traffic is allowed out (source) to the Server 1 site (destination).  As Kimputer suggests, testing other services is a good idea too, as if these work then you would just need to add 3389 to that allowed service list and you are done.
3. Confirm on the Server 1 site firewall that the HO subnet is allowed to send traffic inbound on 3389

* I questioned how these sites are connected previously.  If you RDP over the WAN then points 1-3 are sufficient to locate the issue.  If they are connected via VPN then you may need to go a step further and ensure that the correct subnets are added to the allowed list on either ends of the VPN tunnel.
Avatar of Keith Owen
Keith Owen
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Up to you but myself and Kimputer both suggested it was a potential firewall issue....
Clearly the firewall was configured incorrectly, and by resettings and starting over, you somehow got the configuration correct this time.
The firewalls were turned off and still no connection were made so that is what made me think the router at host site was playing up.
Yes, sometimes (but not often) that can happen. Better get a configuration backup now, as it might happen again in the future.
Good call on that, thanks
I tried multiple ways to resolve the issue and in the end I just changed the router which worked.