Link to home
Start Free TrialLog in
Avatar of HeilandS
HeilandS

asked on

RDP Connection Issues

I am having trouble with an RDP connection to en external server.  I have isolated it to 2 issues.  One is that I cannot get out through my on site firewall and the other is that I cannot get to it from a certain PC.  
1) If I connect from a test laptop I can get to the destination via a wireless connection o my Comcast modem/router or via ethernet through my Comcast modem/router
2) Through the same physical ethernet connection (outside the firewall) , I cannot get to the external destination from my PC
3) I was able to get to the destination from this PC several days ago.
4) I can successfully RDP to internal servers from the same PC.
5) I rolled back the Microsoft updates installed on the PC in the last week.
6) I can get to the external target server from another PC outside the firewall.  This Pc has a virgin Windows 7 installation with no updates ever.

I'm stumped.  Looking for troubleshooting guidance.

Thanks,

Scott
Avatar of No More
No More

First at all confirm that you have port forwarding on your router

public IP port   target PC IP port

check if you ACL on your firewall which would possibly block you from accessing server

test forwarding with Telnet public IP address from outside your network


Could you also give more detailed picture of your infrastructure
Avatar of hypercube
Let's see just to clarify:

1) If I connect from a test laptop I can get to the destination via a wireless connection o my Comcast modem/router or via ethernet through my Comcast modem/router
So this is all on the same LAN, right?

2) Through the same physical ethernet connection (outside the firewall) , I cannot get to the external destination from my PC
This appears to mean: If I use the Ethernet connection on the test laptop that is (somehow, i.e. IP address, etc.) connected outside the firewall.  So it would appear that you gave the laptop a public IP address or .... ?

3) I was able to get to the destination from this PC several days ago.
So something has changed.  Most likely a Windows 10 update....?

4) I can successfully RDP to internal servers from the same PC.
So you can access computers using RDP on the LAN.

5) I rolled back the Microsoft updates installed on the PC in the last week.
That may well be but the "updates" also change computer settings which may not go back with this rollback.  It seems like they would but then it seems like they would not happen in the first place.  Is this "PC" the same as "external server"??

6) I can get to the external target server from another PC outside the firewall.  This Pc has a virgin Windows 7 installation with no updates ever.

It's not entirely clear to me which computer is which regarding the updates, etc.  Very important to know in isolating problems.  Anyway, the Windows 10 updates will change some of the Advanced File and Sharing settings - so check those.  Also they will change Windows firewall settings - so check those.
Avatar of HeilandS

ASKER

I'm pretty much of a lan/wan novice.  I have port forwarding on my router, but only for an incoming SSH Service on port 22.

No ACL on the firewall for outgoing connections.  Its wide open.

Testing forwarding to port 3389 which I believe is the default RDP listening port fails.

A Basic network diagram is attached
Basic-Network-Layout.pdf
1) If I connect from a test laptop I can get to the destination via a wireless connection o my Comcast modem/router or via ethernet through my Comcast modem/router
So this is all on the same LAN, right?
      Correct

2) Through the same physical ethernet connection (outside the firewall) , I cannot get to the external destination from my PC
This appears to mean: If I use the Ethernet connection on the test laptop that is (somehow, i.e. IP address, etc.) connected outside the firewall.  So it would appear that you gave the laptop a public IP address or .... ?
      Gave the laptop a private IP address through DHCP from the Comcast modem/router

3) I was able to get to the destination from this PC several days ago.
So something has changed.  Most likely a Windows 10 update....?
       Running Windows 7, but I suspect maybe an update

4) I can successfully RDP to internal servers from the same PC.
So you can access computers using RDP on the LAN.
     Correct

5) I rolled back the Microsoft updates installed on the PC in the last week.
That may well be but the "updates" also change computer settings which may not go back with this rollback.  It seems like they would but then it seems like they would not happen in the first place.  Is this "PC" the same as "external server"??
     No idea what OS the external server is running.  It is a 3rd party device.

6) I can get to the external target server from another PC outside the firewall.  This Pc has a virgin Windows 7 installation with no updates ever.

It's not entirely clear to me which computer is which regarding the updates, etc.  Very important to know in isolating problems.  Anyway, the Windows 10 updates will change some of the Advanced File and Sharing settings - so check those.  Also they will change Windows firewall settings - so check those.

The pc and laptop that can successfully connect have not had any recent updates.  The others that cannot connect have had updates this week.
Well, I'm still a bit confused with "internal" and "external", etc. etc.
It would be good to have a simple diagram (even ASCII) that shows which computers are where.

If I assume there is a Modem/Router, an interim subnet, a NATting firwall and a LAN subnet then a computer on the interim subnet won't be able to see into the LAN subnet unless there's a route added.  So that isn't surprising and likely not pertinent to this issue.
Is that Comcast router in bridge mode ?

I think, you might have routing issue or some settings on firewall causing this

Make sure that you have RPD On and that you have specific user in the allow access list



I'm kind of confused too
The Comcast router is not in bridge mode.  

Basic network layout attached.
Basic-Network-Layout.pdf
ASKER CERTIFIED SOLUTION
Avatar of No More
No More

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
The diagram is good in terms of understanding the arrangement but it's a pretty common configuration and only helps to know where the external server is located.  If there were letters or numbers labeling pertinent computers in the descriptions you've provided then you could say:

Computer 1 (Win 7)
Computer 2 used to be reachable and no longer is via RDP
etc.
Updated network layout attached.

Computer 1 (Win 7 with recent updates) used to be able to reach Target Server and is no longer able to via RDP
Computer 1 can reach Server1 & Server2 via RDP
If Computer 1 is moved outside the firewall, It still cannot connect to target server via RDP

Computer 2 (Win 7, no recent updates) cannot reach Target Server via RDP
Computer 3 (Win 7, no recent updates) can reach Target Server via RDP
Basic-Network-Layout.pdf
Thanks for your help.
Explicitly opening TCP port 3389 and UDP port 3389 on the firewall solved the problem.
Great diagram and description.  Thanks!