• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 105
  • Last Modified:

RDP Connection Issues

I am having trouble with an RDP connection to en external server.  I have isolated it to 2 issues.  One is that I cannot get out through my on site firewall and the other is that I cannot get to it from a certain PC.  
1) If I connect from a test laptop I can get to the destination via a wireless connection o my Comcast modem/router or via ethernet through my Comcast modem/router
2) Through the same physical ethernet connection (outside the firewall) , I cannot get to the external destination from my PC
3) I was able to get to the destination from this PC several days ago.
4) I can successfully RDP to internal servers from the same PC.
5) I rolled back the Microsoft updates installed on the PC in the last week.
6) I can get to the external target server from another PC outside the firewall.  This Pc has a virgin Windows 7 installation with no updates ever.

I'm stumped.  Looking for troubleshooting guidance.

Thanks,

Scott
0
HeilandS
Asked:
HeilandS
  • 5
  • 4
  • 3
1 Solution
 
No MoreCommented:
First at all confirm that you have port forwarding on your router

public IP port   target PC IP port

check if you ACL on your firewall which would possibly block you from accessing server

test forwarding with Telnet public IP address from outside your network


Could you also give more detailed picture of your infrastructure
0
 
Fred MarshallCommented:
Let's see just to clarify:

1) If I connect from a test laptop I can get to the destination via a wireless connection o my Comcast modem/router or via ethernet through my Comcast modem/router
So this is all on the same LAN, right?

2) Through the same physical ethernet connection (outside the firewall) , I cannot get to the external destination from my PC
This appears to mean: If I use the Ethernet connection on the test laptop that is (somehow, i.e. IP address, etc.) connected outside the firewall.  So it would appear that you gave the laptop a public IP address or .... ?

3) I was able to get to the destination from this PC several days ago.
So something has changed.  Most likely a Windows 10 update....?

4) I can successfully RDP to internal servers from the same PC.
So you can access computers using RDP on the LAN.

5) I rolled back the Microsoft updates installed on the PC in the last week.
That may well be but the "updates" also change computer settings which may not go back with this rollback.  It seems like they would but then it seems like they would not happen in the first place.  Is this "PC" the same as "external server"??

6) I can get to the external target server from another PC outside the firewall.  This Pc has a virgin Windows 7 installation with no updates ever.

It's not entirely clear to me which computer is which regarding the updates, etc.  Very important to know in isolating problems.  Anyway, the Windows 10 updates will change some of the Advanced File and Sharing settings - so check those.  Also they will change Windows firewall settings - so check those.
0
 
HeilandSAuthor Commented:
I'm pretty much of a lan/wan novice.  I have port forwarding on my router, but only for an incoming SSH Service on port 22.

No ACL on the firewall for outgoing connections.  Its wide open.

Testing forwarding to port 3389 which I believe is the default RDP listening port fails.

A Basic network diagram is attached
Basic-Network-Layout.pdf
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
HeilandSAuthor Commented:
1) If I connect from a test laptop I can get to the destination via a wireless connection o my Comcast modem/router or via ethernet through my Comcast modem/router
So this is all on the same LAN, right?
      Correct

2) Through the same physical ethernet connection (outside the firewall) , I cannot get to the external destination from my PC
This appears to mean: If I use the Ethernet connection on the test laptop that is (somehow, i.e. IP address, etc.) connected outside the firewall.  So it would appear that you gave the laptop a public IP address or .... ?
      Gave the laptop a private IP address through DHCP from the Comcast modem/router

3) I was able to get to the destination from this PC several days ago.
So something has changed.  Most likely a Windows 10 update....?
       Running Windows 7, but I suspect maybe an update

4) I can successfully RDP to internal servers from the same PC.
So you can access computers using RDP on the LAN.
     Correct

5) I rolled back the Microsoft updates installed on the PC in the last week.
That may well be but the "updates" also change computer settings which may not go back with this rollback.  It seems like they would but then it seems like they would not happen in the first place.  Is this "PC" the same as "external server"??
     No idea what OS the external server is running.  It is a 3rd party device.

6) I can get to the external target server from another PC outside the firewall.  This Pc has a virgin Windows 7 installation with no updates ever.

It's not entirely clear to me which computer is which regarding the updates, etc.  Very important to know in isolating problems.  Anyway, the Windows 10 updates will change some of the Advanced File and Sharing settings - so check those.  Also they will change Windows firewall settings - so check those.

The pc and laptop that can successfully connect have not had any recent updates.  The others that cannot connect have had updates this week.
0
 
Fred MarshallCommented:
Well, I'm still a bit confused with "internal" and "external", etc. etc.
It would be good to have a simple diagram (even ASCII) that shows which computers are where.

If I assume there is a Modem/Router, an interim subnet, a NATting firwall and a LAN subnet then a computer on the interim subnet won't be able to see into the LAN subnet unless there's a route added.  So that isn't surprising and likely not pertinent to this issue.
0
 
No MoreCommented:
Is that Comcast router in bridge mode ?

I think, you might have routing issue or some settings on firewall causing this

Make sure that you have RPD On and that you have specific user in the allow access list



I'm kind of confused too
0
 
HeilandSAuthor Commented:
The Comcast router is not in bridge mode.  

Basic network layout attached.
Basic-Network-Layout.pdf
0
 
No MoreCommented:
Well then you need to allow TCP port 3389 and UDP port 3389 on your firewall,as it might be denied by default

Also i would suggest to use tracert  command, also could you post picture of error when trying connect to external server
0
 
Fred MarshallCommented:
The diagram is good in terms of understanding the arrangement but it's a pretty common configuration and only helps to know where the external server is located.  If there were letters or numbers labeling pertinent computers in the descriptions you've provided then you could say:

Computer 1 (Win 7)
Computer 2 used to be reachable and no longer is via RDP
etc.
0
 
HeilandSAuthor Commented:
Updated network layout attached.

Computer 1 (Win 7 with recent updates) used to be able to reach Target Server and is no longer able to via RDP
Computer 1 can reach Server1 & Server2 via RDP
If Computer 1 is moved outside the firewall, It still cannot connect to target server via RDP

Computer 2 (Win 7, no recent updates) cannot reach Target Server via RDP
Computer 3 (Win 7, no recent updates) can reach Target Server via RDP
Basic-Network-Layout.pdf
0
 
HeilandSAuthor Commented:
Thanks for your help.
Explicitly opening TCP port 3389 and UDP port 3389 on the firewall solved the problem.
0
 
Fred MarshallCommented:
Great diagram and description.  Thanks!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 5
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now