Solved

RDP with Server 2008 from outside network

Posted on 2015-02-16
12
41 Views
Last Modified: 2016-03-04
I have a requirement for users to access a Server 2008 from outside my network. The server is licensed for RDP and my users can access the server from computers within the network with no problem, but when trying to access the server from outside the network the server will not allow the connection.

It is not a firewall issue as the local firewall is turned off and I can RDP to a Server 2003 from outside the network and I can RDP from the Server 2003 to the Server 2008 if I accessed the Server 2003 from  within the network, If I try to RDP directly to the Server 2008 from outside the network, or to the Server 2003 from outside the network I cannot then RDP to the Server 2008.

I feel like it must be a security policy issue, but I have no idea how to get around it.
0
Comment
Question by:DonkeyAnn
  • 5
  • 3
  • 2
12 Comments
 
LVL 21

Expert Comment

by:yo_bee
ID: 40612494
You will need to know your Public IP to access this first off.
If you only have a single Public IP you will need to change the default port on one of the Server for RDP.
by default RDP uses 3389. So if you want to access your 2008 Server via RDP you will need to configure your router NAT for port 3389.
What this means is when you make a call to <public IP> xx.xxx.xxx.xx using MSTSC (RDP) the call hits the router and needs to know where to redirect the traffic.

NAT <Public:3899> to <Private:3389>
If you have multiple Public addresses you can setup multiple NAT for both the 2003 and 2008 server

Do you have multiple public addresses and do you know the routers current settings for the 2003 Server?


Your description seems that you are able to access 2003 server, but later in the description it stated that you are not able to access either from the outside.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 40612617
I guess you are accessing both servers on single IP

Ur router \ firewall is unable to send traffic then to 2008 server

AS stated above you need to configure one more rule for 2008 RDP with custom RDP port
OR
If both IPs are different ensure that TCP 3389 is opened from new IP to 2008 server

OR

Best option could be setup RD Gateway server in DMZ which can allow you to connect to multiple internal servers via single RD Gateway server
0
 

Author Comment

by:DonkeyAnn
ID: 40612650
No, each server has a separate IP address and I know them both.  I can access the 2003 from outside the network, but when I do, I can't RDP over to the 2008 server.
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 40612685
So you are getting into the 2003 server from the outside via RDP, but unable to access 2008 Server while on the 2003 server, but while internally connecting to the 2003 server you can RDP to the 2008 server.

Have you setup similar rules on the router for your 2008 server as there is for the 2003 server to allow for the connection from the outside?
0
 

Author Comment

by:DonkeyAnn
ID: 40612692
Yep, they are both mapped similarly and have equal access rules.
0
Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

 
LVL 21

Expert Comment

by:yo_bee
ID: 40612799
As you stated you are able to access the 2008 Server directly while internal to the network?
0
 

Author Comment

by:DonkeyAnn
ID: 40613451
Yes, using RDP.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 40613646
Ok
are you able to telnet 2008 server IP on TCP 3389 from internet client machine?

If this test get failed you need to look on firewall 1st
0
 

Author Comment

by:DonkeyAnn
ID: 40615162
Yes, 3389 is the default port and works from inside the network. The firewall on the 2008 server is disabled while trying to resolve this problem. I am also telnetting to the 2003 server from outside and inside the network on 3389.
0
 

Accepted Solution

by:
DonkeyAnn earned 0 total points
ID: 40615800
Thanks everyone for the help; as usual it was the dumbest of things.  Another tech plugged the patch cable into the wrong port.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Hello, As I have seen there a lot of requests regarding monitoring and reporting for exchange 2007 / 2010 / 2013 I have decided to post some thoughts together and link to articles that have helped me. Of course a lot of information you can get…
Resolve DNS query failed errors for Exchange
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now