<div>
There are several things to check;<br />
<br />
1. &nbsp;How can you test that the server you need to connect to is running normally?<br />
2. &nbsp;Is there any firewall in the way that could be changed its configuration by somebody?<br />
3. &nbsp;About your own PC and virtual environment, perform the basics; ping to external network, internet navigation, DNS tests from the vbox.<br />
4. &nbsp;Do you have other RDP server to test if it connects to?. &nbsp;If your PC connects with other server running RDP, almost 99% your PC config is ok.<br />
5. &nbsp;Check and re-check the .rdp configuration; IP and options about security.<br />
<br />
Let us know to deepen on one subject or another.
</div>


<div>
Hey - thanks for the quick response.<br />
<br />
&gt;&gt;1. &nbsp;How can you test that the server you need to connect to is running normally?<br />
Need a clarification on this: the W7 client (VM) that I'm trying to connect to is on a LAN with domain controller. &nbsp;So which &quot;server&quot; are you inquiring about?<br />
<br />
&gt;&gt;2. &nbsp;Is there any firewall in the way that could be changed its configuration by somebody?<br />
Unlikely - unless done mistakenly. &nbsp;The Host PC currently has Windows Firewall disabled, but I'm not sure how to check for other relevant firewalls (Server? Gateway?)<br />
<br />
&gt;&gt;3. &nbsp;About your own PC and virtual environment, perform the basics; ping to external network, internet navigation, DNS tests from the vbox.<br />
<br />
To clarify: <br />
<br />
W10Pro PC -&gt; Internet to dedicated ip-&gt; Comcast Gateway-&gt; ??? (role of Windows Server) ??? -&gt; Host PC NIC -&gt; Client W7 VM <br />
<br />
&gt;&gt;&nbsp;ping to external network<br />
ping from W10Pro to google.com? &nbsp;If so, that works fine<br />
<br />
&gt;&gt;&nbsp;internet navigation<br />
Can I navigate internet on W10Pro? &nbsp;If so, that works fine<br />
<br />
&gt;&gt;DNS tests from the vbox.<br />
ping from W7 VM to google.com? &nbsp;Or something else?<br />
<br />
&gt;&gt;4. &nbsp;Do you have other RDP server to test if it connects to?. &nbsp;If your PC connects with other server running RDP, almost 99% your PC config is ok.<br />
<br />
I don't have anything setup, but I'm already 99% sure the problem is not my PC (another user has a copy of the rdp file and they can't connect to the W7 VM either).
</div>


<div>
OK. &nbsp;It is clear the problem is on that W7 on the local lan.<br />
<br />
Unfortunately it will not be a solution without having physical access to the W7 . I assume you do not have access at this time to that computer.<br />
<br />
In the future , you could set up a second PC, or the server in the lan as a second RDP. &nbsp;This assuming a problem on the W7 box.<br />
<br />
Another possibility is that the router or the internet line are dropped.<br />
<br />
-&gt; You can ping to the public ip to see if it works?<br />
<br />
..MFlores..
</div>


<div>
&gt;&gt; Unfortunately it will not be a solution without having physical access to the W7 . I assume you do not have access at this time to that computer.<br />
<br />
I have remote access through Chrome Remote Desktop to the W7 Host (so I can access the Client W7 VM through VirtualBox on the Host too, but I'm trying to diagnose the rdp connection problem)
</div>


<div>
OK. &nbsp;So that discard a internet or router problem.<br />
<br />
You should try using the remote desktop client of the host, to connect to W7. &nbsp;As you use bridged mode, a Lan IP is assigned to W7 client so you can try to connect.
</div>


<div>
W7 client is in brigded mode and a static lan ip configured, I suppose ?
</div>


<div>
OK. &nbsp;Please, tell us whether you can connect RDP from host to client or not.
</div>


<div>
Thanks! &nbsp;Embarrassed at my &quot;Duh...!&quot; moment... &nbsp;So simple!<br />
<br />
Nope, same error. &nbsp;So looks like the problem is with the VM guest.<br />
<br />
Turning off Windows Firewall for &quot;Domain network location settings&quot; on VM guest and I'm able to connect. &nbsp;Any guidance on how to setup Windows Firewall to allow safe access?<br />
<br />
Also, any thoughts on how this behavior might have &quot;changed&quot;?
</div>


<div>
You must provide a firewall rule to allow incoming RDP connections. &nbsp;Probably changed enabling the firewall?... any recent windows security update?<br />
<br />
Here is step by step instructions;<br />
<br />
<a href="http://itproguru.com/expert/2014/09/allow-remote-desktop-services-rdp-and-ping-icmp-through-windows-firewall/" rel="ugc">http://itproguru.com/exper<wbr />t/2014/09/<wbr />allow-remo<wbr />te-desktop<wbr />-services-<wbr />rdp-and-pi<wbr />ng-icmp-th<wbr />rough-wind<wbr />ows-firewa<wbr />ll/</a>
</div>


<div>
Don't understand the reason for enabling ICMP - any idea? &nbsp;I enabled it for Domain.<br />
<br />
Remote Desktop (TCP-In) was already enabled. &nbsp;<br />
<br />
Then I turned back on the Windows Firewall for &quot;Domain networks&quot;. &nbsp;I still can't connect.<br />
<br />
I note the following properties in 'Remote Desktop (TCP-In)' rule:<br />
“Programs and Services” Tab shows “Programs: This &nbsp;program: System”<br />
Advanced tab shows: Edge traversal: Block edge traversal<br />
<br />
I'm wondering whether Windows Server Group Policy/Domain Controller could be a factor here?<br />
<br />
Other info:<br />
I can use the ip address without a port# to connect to the server; adding the port# to the ip address is for the client W7 VM. &nbsp;I suspect the Server is managing rdp sessions and port forwarding<br />
<br />
I would have expected to find a log entry each time Windows Firewall blocked the incoming Remote Desktop session, but the log is empty.<br />
<br />
At a loss as to what to try next...
</div>


<div>
I'll try to investigate later in my own infrastructure and try to give you some inputs.
</div>


<div>
1. &nbsp;Maybe vbox is blocking the traffic. &nbsp;It should be only because depends on client firewall running state. &nbsp;Just check vbox host settings.<br />
<br />
2. &nbsp;If you enabled ICMP, you should ping client IP from where RDP doesn't work with firewall enabled. &nbsp;Does it ping correctly?<br />
<br />
3. &nbsp;Test connection from W7 client to IP: localhost<br />
i.e. trying to connect to just the own machine. &nbsp;I suppose it works with firewall active?.<br />
<br />
4. &nbsp;We could try NAT mode. &nbsp;You need to forward the RDP port 3389 from ip host interface to client internal ip interface.<br />
<br />
5. &nbsp;Maybe is there a RDP gateway or broker which of course would need it's own firewall rules?.<br />
<br />
..MFlores..
</div>


<div>
Man -- you're a prince. &nbsp;Let me review your post and see what I can figure out &amp;&nbsp;get back to you. &nbsp;Thanks--
</div>


<div>
&gt;&gt; 1. &nbsp;Maybe vbox is blocking the traffic. &nbsp;It should be only because depends on client firewall running state. &nbsp;Just check vbox host settings.<br />
<br />
I'm not following: haven't we proven that it's windows firewall on the guest which is blocking the traffic? &nbsp;Wouldn't adding/modifying an inbound firewall rule on the guest windows firewall resolve the problem?<br />
<br />
<br />
&gt;&gt;&nbsp;2. &nbsp;If you enabled ICMP, you should ping client IP from where RDP doesn't work with firewall enabled. &nbsp;Does it ping correctly?<br />
<br />
NOTE: Remote Desktop connection to Client requires ip:port address, so standard icmp &quot;ping&quot; won't work. &nbsp;Using sysinternal's (tcp) psping, it works fine when client's Windows Firewall, Domain Networks if off; no response when Firewall turned back on.<br />
<br />
<br />
&gt;&gt;&nbsp;3. &nbsp;Test connection from W7 client to IP: localhost<br />
i.e. trying to connect to just the own machine. &nbsp;I suppose it works with firewall active?.<br />
<br />
Wasn't clear on what you wanted me to try: a remote desktop connection from client to itself by specifying &quot;localhost&quot; in Computer field instead of ip:port? &nbsp;I tried that, but get same message (can't connect -- see below screenshot). <br />
<br />
<br />
&gt;&gt;&nbsp;4. &nbsp;We could try NAT mode. &nbsp;You need to forward the RDP port 3389 from ip host interface to client internal ip interface.<br />
<br />
I'm still trying to figure out how/where port forwarding is currently configured!! &nbsp;The client virtual adapter is bridged to the host NIC. &nbsp;I don't know how to do what you're suggesting.<br />
<br />
&gt;&gt;&nbsp;5. &nbsp;Maybe is there a RDP gateway or broker which of course would need it's own firewall rules?.<br />
That's what I've been wondering, but I haven't been able to track one down.<br />
<br />
A big missing piece of the puzzle for me is I can't figure out where the adapter is that has the dedicated ip address!! &nbsp;(I use the isp-assigned dedicated (public) ip address to remote desktop to the server, and append a port# to connect instead to the guest vm on another PC on the LAN).<br />
<br />
In any event, I'm still thinking that the solution is to add an inbound rule for Remote Desktop TCP-in on the guest firewall and if that works, try to understand why the existing inbound rule is blocking the connection; and/or figure out how to log the blocked connection event to get further clues. &nbsp;What do you think?<br />
Argh!!!!<br />
<a href="https://filedb.experts-exchange.com/incoming/2016/08_w33/1111037/Capture.PNG" target="_blank" class="file-inline" title="can't connect (81 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>Capture.PNG</a>
</div>


Capture.PNG

<div>
About 3. &nbsp;Use instead of localhost, the following IP; 127.0.0.1 that should work. &nbsp;This kind of tests is to have information to guess what could be failing here.<br />
<br />
About 4. &nbsp;Indeed, is a good test in my opinion. &nbsp;I'll try to explain below.<br />
<br />
About 5 and your explanation of public IP. &nbsp;So, the host (I guess) is being configured directly with the public IP?. &nbsp;At this moment it will help to have a screenshots or a couple of files with host and vm ip configuration. &nbsp;Please, just execute; <br />
<br />

<pre><code class="code-1 nolinks" id="code-20-41751971-1"><span>ipconfig /all</span>
</code></pre>
and attach the result. &nbsp;If there is a public ip listed there, please hide it using something like xx......xx.<br />
<br />
<b>Bridged vs NAT</b><br />
<br />
In <b>bridged</b> mode you will have some thing like;<br />
<br />
--------------------------<wbr />----------<wbr />--- &nbsp;network (address??) x.x.x.x (whatever)<br />
&nbsp; &nbsp; &nbsp; &nbsp;| &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;|<br />
&nbsp; &nbsp; Host &nbsp;(ip x) &nbsp; &nbsp; &nbsp; &nbsp;client (ip of the same network as host)<br />
<br />
So the client and host are in the same network, each having a different IP address of you local network. &nbsp;Bridged mode put a bridge from the client VM to the physical network so can have a network ip by itself.<br />
<br />
In <b>NAT</b> mode.<br />
<br />
network (as above) ---------- HOST ----------- (internal/virtual vbox network) &nbsp;something like 192.168.2.x<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;|<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;|<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Client. &nbsp;IP from vbox virtual network. i.e. 192.168.2.2<br />
<br />
The internal/virtual network of the host will be 192.168.2.1 or what ever. &nbsp;Indeed the host must be the default gateway of your client and is behaving as a router as well.<br />
So, as router as Host is, you should configure an incoming route from external to internal net, port 3389 (you can use another 3388 i.e.) to 192.168.2.2 port 3389 (the port RDP is listening on Client).<br />
<br />
NAT configuration is as valid as bridged, and indeed your client will be less exposed and you could disable its firewall, because the host can take care of this if properly configured.<br />
<br />
..MFlores..
</div>


<div>
&gt;&gt;About 3. &nbsp;Use instead of localhost, the following IP; 127.0.0.1 that should work. &nbsp;This kind of tests is to have information to guess what could be failing here.<br />
<br />
Same &quot;Can't connect&quot; message<br />
<br />
&gt;&gt;&nbsp;&gt;&gt; 5. &nbsp;Maybe is there a RDP gateway or broker which of course would need it's own firewall rules?.<br />
I found a setting in the RD client on Advanced tab&gt;Connect from anywhere&gt;Settings&gt;Connecti<wbr />on Settings: Do not use an RD Gateway server<br />
<br />
I'm still able to connect after enabling this setting, so I wonder if that rules out that there is an RD gateway in the mix?<br />
<br />
ipconfig /all (Guest VM &amp;&nbsp;Host) attached below.<br />
<br />
<br />
&gt;&gt;&nbsp;So, the host (I guess) is being configured directly with the public IP?.<br />
<br />
Your explanation was helpful; here's what I'm seeing:<br />
1) Public ip 77.77.77.77 is being forwarded to Server1 (somehow)<br />
2) Public ip 77.77.77.77:3333 is being forwarded (somehow) to the Guest_VM on Host_PC<br />
3) It seems to me that the Guest_VM Firewall rule for &quot;Remote Desktop TCP-In&quot; is irrelevant because it is hardcoded to port 3389 whereas I'm using port 3333 to Remote Desktop to Guest_VM<br />
4) HKEY_LOCAL_MACHINE\System\<wbr />CurrentCon<wbr />trolSet\Co<wbr />ntrol\Term<wbr />inal Server\WinStations\RDP-Tcp<wbr />\PortNumbe<wbr />r is set to 3389 on Guest_VM; I would have thought this needed to be set to 3333, otherwise Guest_VM won't be listening to port 3333...? &nbsp;Unless maybe the port forwarding (wherever it's being done) is forwarding 77.77.77.77:3333 to 192.168.1.22 (private ip of Guest_VM) and since there was no forwarding port specified, the default 3389 port is used on Guest_VM for rdp?<br />
5) However, doing a netstat -a on Guest_VM shows port 3333 &quot;Listening&quot; and port 3389 isn't listed?? Doesn't this contradict &quot;4)&quot; above?<br />
<br />
I added a new inbound rule in Windows Firewall of Guest_VM for Domain profile. &nbsp;Now I'm able to connect with Firewall on.<br />
<br />
Would appreciate any feedback you have on my analysis above/my questions. &nbsp;Although I'm able to connect now with the firewall on, I still am at a loss to understand the routing/forwarding that's going on and how to get closer to figuring it out.<br />
<a href="https://filedb.experts-exchange.com/incoming/2016/08_w33/1111241/ipconfig_guest_EE.png" target="_blank" class="file-inline" title="ipconfig /all (Guest VM) (190 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>ipconfig_guest_EE.png</a><br />
<a href="https://filedb.experts-exchange.com/incoming/2016/08_w33/1111244/ipconfig_Host_EE.png" target="_blank" class="file-inline" title="ipconfig /all (Host) (444 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>ipconfig_Host_EE.png</a>
</div>


ipconfig_Host_EE.png

ipconfig_guest_EE.png

<div>
Thanks for all your help. &nbsp;Much appreciated!!
</div>


<div>
<div class="content wysiwyg-content">
Environment:<br />
Comcast business gateway with static ip addresses<br />
Windows Server with small LAN<br />
W7 PC running VirtualBox with W7 client; VM Network setting: Bridged adapter using PC's Intel wired Gigabit NIC<br />
<br />
I've been using .rdp file (Remote Desktop Connection) to connect remotely to the W7 client. &nbsp;But I can no longer connect, getting message:<br />

<blockquote>
Remote Desktop can’t connect to the remote computer for one of these reasons:<br />
<br />
1) Remote access to the server is not enabled<br />
2) The remote computer is turned off<br />
3) The remote computer is not available on the network<br />
<br />
Make sure the remote computer is turned on and connected to the network, and that remote access is enabled.
</blockquote>
<br />
How can I diagnose the problem?
</div>
</div>


Environment:
Comcast business gateway with static ip addresses
Windows Server with small LAN
W7 PC running VirtualBox with W7 client; VM Network setting: Bridged adapter using PC's Intel wired Gigabit NIC

I've been using .rdp file (Remote Desktop Connection) to connect remotely to the W7 client.  But I can no longer connect, getting message:
Remote Desktop can’t connect to the remote computer for one of these reasons:

1) Remote access to the server is not enabled
2) The remote computer is turned off
3) The remote computer is not available on the network

Make sure the remote computer is turned on and connected to the network, and that remote access is enabled.

How can I diagnose the problem?

.rdp connection no longer working - how diagnose?

Remote access may refer to the connection to a data-processing system from a remote location, for example through a virtual private network remote desktop software, terminal emulation, or the activation of features of a business telephone system from outside the business's premises.

Remote Access

Windows 7 is an operating system from Microsoft. Features include multi-touch support, a redesigned Windows Shell with a new taskbar, referred to as the Superbar, a home networking system called HomeGroup, and performance improvements.

Windows 7

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

Windows Server 2003

Virtualization is the act of creating a virtual (rather than actual) version of something, including (but not limited to) a virtual computer hardware platform, operating system (OS), storage device, or computer network resources. Virtualization is usually the creation of a system that executes separate from the underlying hardware resources, or the creation of an entire desktop for systems located elsewhere, similar to thin clients.