Solved

RDP with Server 2008 from outside network

Posted on 2015-02-16
12
48 Views
Last Modified: 2016-03-04
I have a requirement for users to access a Server 2008 from outside my network. The server is licensed for RDP and my users can access the server from computers within the network with no problem, but when trying to access the server from outside the network the server will not allow the connection.

It is not a firewall issue as the local firewall is turned off and I can RDP to a Server 2003 from outside the network and I can RDP from the Server 2003 to the Server 2008 if I accessed the Server 2003 from  within the network, If I try to RDP directly to the Server 2008 from outside the network, or to the Server 2003 from outside the network I cannot then RDP to the Server 2008.

I feel like it must be a security policy issue, but I have no idea how to get around it.
0
Comment
Question by:DonkeyAnn
  • 5
  • 3
  • 2
12 Comments
 
LVL 22

Expert Comment

by:yo_bee
ID: 40612494
You will need to know your Public IP to access this first off.
If you only have a single Public IP you will need to change the default port on one of the Server for RDP.
by default RDP uses 3389. So if you want to access your 2008 Server via RDP you will need to configure your router NAT for port 3389.
What this means is when you make a call to <public IP> xx.xxx.xxx.xx using MSTSC (RDP) the call hits the router and needs to know where to redirect the traffic.

NAT <Public:3899> to <Private:3389>
If you have multiple Public addresses you can setup multiple NAT for both the 2003 and 2008 server

Do you have multiple public addresses and do you know the routers current settings for the 2003 Server?


Your description seems that you are able to access 2003 server, but later in the description it stated that you are not able to access either from the outside.
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 40612617
I guess you are accessing both servers on single IP

Ur router \ firewall is unable to send traffic then to 2008 server

AS stated above you need to configure one more rule for 2008 RDP with custom RDP port
OR
If both IPs are different ensure that TCP 3389 is opened from new IP to 2008 server

OR

Best option could be setup RD Gateway server in DMZ which can allow you to connect to multiple internal servers via single RD Gateway server
0
 

Author Comment

by:DonkeyAnn
ID: 40612650
No, each server has a separate IP address and I know them both.  I can access the 2003 from outside the network, but when I do, I can't RDP over to the 2008 server.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 22

Expert Comment

by:yo_bee
ID: 40612685
So you are getting into the 2003 server from the outside via RDP, but unable to access 2008 Server while on the 2003 server, but while internally connecting to the 2003 server you can RDP to the 2008 server.

Have you setup similar rules on the router for your 2008 server as there is for the 2003 server to allow for the connection from the outside?
0
 

Author Comment

by:DonkeyAnn
ID: 40612692
Yep, they are both mapped similarly and have equal access rules.
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 40612799
As you stated you are able to access the 2008 Server directly while internal to the network?
0
 

Author Comment

by:DonkeyAnn
ID: 40613451
Yes, using RDP.
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 40613646
Ok
are you able to telnet 2008 server IP on TCP 3389 from internet client machine?

If this test get failed you need to look on firewall 1st
0
 

Author Comment

by:DonkeyAnn
ID: 40615162
Yes, 3389 is the default port and works from inside the network. The firewall on the 2008 server is disabled while trying to resolve this problem. I am also telnetting to the 2003 server from outside and inside the network on 3389.
0
 

Accepted Solution

by:
DonkeyAnn earned 0 total points
ID: 40615800
Thanks everyone for the help; as usual it was the dumbest of things.  Another tech plugged the patch cable into the wrong port.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello, As I have seen there a lot of requests regarding monitoring and reporting for exchange 2007 / 2010 / 2013 I have decided to post some thoughts together and link to articles that have helped me. Of course a lot of information you can get…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question