Solved

RDP Connection Issues

Posted on 2016-11-05
12
47 Views
Last Modified: 2016-11-07
I am having trouble with an RDP connection to en external server.  I have isolated it to 2 issues.  One is that I cannot get out through my on site firewall and the other is that I cannot get to it from a certain PC.  
1) If I connect from a test laptop I can get to the destination via a wireless connection o my Comcast modem/router or via ethernet through my Comcast modem/router
2) Through the same physical ethernet connection (outside the firewall) , I cannot get to the external destination from my PC
3) I was able to get to the destination from this PC several days ago.
4) I can successfully RDP to internal servers from the same PC.
5) I rolled back the Microsoft updates installed on the PC in the last week.
6) I can get to the external target server from another PC outside the firewall.  This Pc has a virgin Windows 7 installation with no updates ever.

I'm stumped.  Looking for troubleshooting guidance.

Thanks,

Scott
0
Comment
Question by:HeilandS
  • 5
  • 4
  • 3
12 Comments
 
LVL 6

Expert Comment

by:No More
ID: 41875462
First at all confirm that you have port forwarding on your router

public IP port   target PC IP port

check if you ACL on your firewall which would possibly block you from accessing server

test forwarding with Telnet public IP address from outside your network


Could you also give more detailed picture of your infrastructure
0
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 41875487
Let's see just to clarify:

1) If I connect from a test laptop I can get to the destination via a wireless connection o my Comcast modem/router or via ethernet through my Comcast modem/router
So this is all on the same LAN, right?

2) Through the same physical ethernet connection (outside the firewall) , I cannot get to the external destination from my PC
This appears to mean: If I use the Ethernet connection on the test laptop that is (somehow, i.e. IP address, etc.) connected outside the firewall.  So it would appear that you gave the laptop a public IP address or .... ?

3) I was able to get to the destination from this PC several days ago.
So something has changed.  Most likely a Windows 10 update....?

4) I can successfully RDP to internal servers from the same PC.
So you can access computers using RDP on the LAN.

5) I rolled back the Microsoft updates installed on the PC in the last week.
That may well be but the "updates" also change computer settings which may not go back with this rollback.  It seems like they would but then it seems like they would not happen in the first place.  Is this "PC" the same as "external server"??

6) I can get to the external target server from another PC outside the firewall.  This Pc has a virgin Windows 7 installation with no updates ever.

It's not entirely clear to me which computer is which regarding the updates, etc.  Very important to know in isolating problems.  Anyway, the Windows 10 updates will change some of the Advanced File and Sharing settings - so check those.  Also they will change Windows firewall settings - so check those.
0
 

Author Comment

by:HeilandS
ID: 41875504
I'm pretty much of a lan/wan novice.  I have port forwarding on my router, but only for an incoming SSH Service on port 22.

No ACL on the firewall for outgoing connections.  Its wide open.

Testing forwarding to port 3389 which I believe is the default RDP listening port fails.

A Basic network diagram is attached
Basic-Network-Layout.pdf
0
 

Author Comment

by:HeilandS
ID: 41875510
1) If I connect from a test laptop I can get to the destination via a wireless connection o my Comcast modem/router or via ethernet through my Comcast modem/router
So this is all on the same LAN, right?
      Correct

2) Through the same physical ethernet connection (outside the firewall) , I cannot get to the external destination from my PC
This appears to mean: If I use the Ethernet connection on the test laptop that is (somehow, i.e. IP address, etc.) connected outside the firewall.  So it would appear that you gave the laptop a public IP address or .... ?
      Gave the laptop a private IP address through DHCP from the Comcast modem/router

3) I was able to get to the destination from this PC several days ago.
So something has changed.  Most likely a Windows 10 update....?
       Running Windows 7, but I suspect maybe an update

4) I can successfully RDP to internal servers from the same PC.
So you can access computers using RDP on the LAN.
     Correct

5) I rolled back the Microsoft updates installed on the PC in the last week.
That may well be but the "updates" also change computer settings which may not go back with this rollback.  It seems like they would but then it seems like they would not happen in the first place.  Is this "PC" the same as "external server"??
     No idea what OS the external server is running.  It is a 3rd party device.

6) I can get to the external target server from another PC outside the firewall.  This Pc has a virgin Windows 7 installation with no updates ever.

It's not entirely clear to me which computer is which regarding the updates, etc.  Very important to know in isolating problems.  Anyway, the Windows 10 updates will change some of the Advanced File and Sharing settings - so check those.  Also they will change Windows firewall settings - so check those.

The pc and laptop that can successfully connect have not had any recent updates.  The others that cannot connect have had updates this week.
0
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 41875526
Well, I'm still a bit confused with "internal" and "external", etc. etc.
It would be good to have a simple diagram (even ASCII) that shows which computers are where.

If I assume there is a Modem/Router, an interim subnet, a NATting firwall and a LAN subnet then a computer on the interim subnet won't be able to see into the LAN subnet unless there's a route added.  So that isn't surprising and likely not pertinent to this issue.
0
 
LVL 6

Expert Comment

by:No More
ID: 41875527
Is that Comcast router in bridge mode ?

I think, you might have routing issue or some settings on firewall causing this

Make sure that you have RPD On and that you have specific user in the allow access list



I'm kind of confused too
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:HeilandS
ID: 41875544
The Comcast router is not in bridge mode.  

Basic network layout attached.
Basic-Network-Layout.pdf
0
 
LVL 6

Accepted Solution

by:
No More earned 500 total points
ID: 41875552
Well then you need to allow TCP port 3389 and UDP port 3389 on your firewall,as it might be denied by default

Also i would suggest to use tracert  command, also could you post picture of error when trying connect to external server
0
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 41875553
The diagram is good in terms of understanding the arrangement but it's a pretty common configuration and only helps to know where the external server is located.  If there were letters or numbers labeling pertinent computers in the descriptions you've provided then you could say:

Computer 1 (Win 7)
Computer 2 used to be reachable and no longer is via RDP
etc.
0
 

Author Comment

by:HeilandS
ID: 41877419
Updated network layout attached.

Computer 1 (Win 7 with recent updates) used to be able to reach Target Server and is no longer able to via RDP
Computer 1 can reach Server1 & Server2 via RDP
If Computer 1 is moved outside the firewall, It still cannot connect to target server via RDP

Computer 2 (Win 7, no recent updates) cannot reach Target Server via RDP
Computer 3 (Win 7, no recent updates) can reach Target Server via RDP
Basic-Network-Layout.pdf
0
 

Author Comment

by:HeilandS
ID: 41877438
Thanks for your help.
Explicitly opening TCP port 3389 and UDP port 3389 on the firewall solved the problem.
0
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 41877488
Great diagram and description.  Thanks!
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Article by: Lee
Windows 7 Ultimate and Enterprise (and 2008 R2) introduced a new feature you may not be aware of - Boot from VHD.   Boot from VHD (or what Microsoft refers to asNative Boot allows you to install Windows to a VHD (Virtual Hard Disk) file that is t…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now