Solved

RDP Connection Issues

Posted on 2016-11-05
12
86 Views
Last Modified: 2016-11-07
I am having trouble with an RDP connection to en external server.  I have isolated it to 2 issues.  One is that I cannot get out through my on site firewall and the other is that I cannot get to it from a certain PC.  
1) If I connect from a test laptop I can get to the destination via a wireless connection o my Comcast modem/router or via ethernet through my Comcast modem/router
2) Through the same physical ethernet connection (outside the firewall) , I cannot get to the external destination from my PC
3) I was able to get to the destination from this PC several days ago.
4) I can successfully RDP to internal servers from the same PC.
5) I rolled back the Microsoft updates installed on the PC in the last week.
6) I can get to the external target server from another PC outside the firewall.  This Pc has a virgin Windows 7 installation with no updates ever.

I'm stumped.  Looking for troubleshooting guidance.

Thanks,

Scott
0
Comment
Question by:HeilandS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
12 Comments
 
LVL 7

Expert Comment

by:No More
ID: 41875462
First at all confirm that you have port forwarding on your router

public IP port   target PC IP port

check if you ACL on your firewall which would possibly block you from accessing server

test forwarding with Telnet public IP address from outside your network


Could you also give more detailed picture of your infrastructure
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 41875487
Let's see just to clarify:

1) If I connect from a test laptop I can get to the destination via a wireless connection o my Comcast modem/router or via ethernet through my Comcast modem/router
So this is all on the same LAN, right?

2) Through the same physical ethernet connection (outside the firewall) , I cannot get to the external destination from my PC
This appears to mean: If I use the Ethernet connection on the test laptop that is (somehow, i.e. IP address, etc.) connected outside the firewall.  So it would appear that you gave the laptop a public IP address or .... ?

3) I was able to get to the destination from this PC several days ago.
So something has changed.  Most likely a Windows 10 update....?

4) I can successfully RDP to internal servers from the same PC.
So you can access computers using RDP on the LAN.

5) I rolled back the Microsoft updates installed on the PC in the last week.
That may well be but the "updates" also change computer settings which may not go back with this rollback.  It seems like they would but then it seems like they would not happen in the first place.  Is this "PC" the same as "external server"??

6) I can get to the external target server from another PC outside the firewall.  This Pc has a virgin Windows 7 installation with no updates ever.

It's not entirely clear to me which computer is which regarding the updates, etc.  Very important to know in isolating problems.  Anyway, the Windows 10 updates will change some of the Advanced File and Sharing settings - so check those.  Also they will change Windows firewall settings - so check those.
0
 

Author Comment

by:HeilandS
ID: 41875504
I'm pretty much of a lan/wan novice.  I have port forwarding on my router, but only for an incoming SSH Service on port 22.

No ACL on the firewall for outgoing connections.  Its wide open.

Testing forwarding to port 3389 which I believe is the default RDP listening port fails.

A Basic network diagram is attached
Basic-Network-Layout.pdf
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:HeilandS
ID: 41875510
1) If I connect from a test laptop I can get to the destination via a wireless connection o my Comcast modem/router or via ethernet through my Comcast modem/router
So this is all on the same LAN, right?
      Correct

2) Through the same physical ethernet connection (outside the firewall) , I cannot get to the external destination from my PC
This appears to mean: If I use the Ethernet connection on the test laptop that is (somehow, i.e. IP address, etc.) connected outside the firewall.  So it would appear that you gave the laptop a public IP address or .... ?
      Gave the laptop a private IP address through DHCP from the Comcast modem/router

3) I was able to get to the destination from this PC several days ago.
So something has changed.  Most likely a Windows 10 update....?
       Running Windows 7, but I suspect maybe an update

4) I can successfully RDP to internal servers from the same PC.
So you can access computers using RDP on the LAN.
     Correct

5) I rolled back the Microsoft updates installed on the PC in the last week.
That may well be but the "updates" also change computer settings which may not go back with this rollback.  It seems like they would but then it seems like they would not happen in the first place.  Is this "PC" the same as "external server"??
     No idea what OS the external server is running.  It is a 3rd party device.

6) I can get to the external target server from another PC outside the firewall.  This Pc has a virgin Windows 7 installation with no updates ever.

It's not entirely clear to me which computer is which regarding the updates, etc.  Very important to know in isolating problems.  Anyway, the Windows 10 updates will change some of the Advanced File and Sharing settings - so check those.  Also they will change Windows firewall settings - so check those.

The pc and laptop that can successfully connect have not had any recent updates.  The others that cannot connect have had updates this week.
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 41875526
Well, I'm still a bit confused with "internal" and "external", etc. etc.
It would be good to have a simple diagram (even ASCII) that shows which computers are where.

If I assume there is a Modem/Router, an interim subnet, a NATting firwall and a LAN subnet then a computer on the interim subnet won't be able to see into the LAN subnet unless there's a route added.  So that isn't surprising and likely not pertinent to this issue.
0
 
LVL 7

Expert Comment

by:No More
ID: 41875527
Is that Comcast router in bridge mode ?

I think, you might have routing issue or some settings on firewall causing this

Make sure that you have RPD On and that you have specific user in the allow access list



I'm kind of confused too
0
 

Author Comment

by:HeilandS
ID: 41875544
The Comcast router is not in bridge mode.  

Basic network layout attached.
Basic-Network-Layout.pdf
0
 
LVL 7

Accepted Solution

by:
No More earned 500 total points
ID: 41875552
Well then you need to allow TCP port 3389 and UDP port 3389 on your firewall,as it might be denied by default

Also i would suggest to use tracert  command, also could you post picture of error when trying connect to external server
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 41875553
The diagram is good in terms of understanding the arrangement but it's a pretty common configuration and only helps to know where the external server is located.  If there were letters or numbers labeling pertinent computers in the descriptions you've provided then you could say:

Computer 1 (Win 7)
Computer 2 used to be reachable and no longer is via RDP
etc.
0
 

Author Comment

by:HeilandS
ID: 41877419
Updated network layout attached.

Computer 1 (Win 7 with recent updates) used to be able to reach Target Server and is no longer able to via RDP
Computer 1 can reach Server1 & Server2 via RDP
If Computer 1 is moved outside the firewall, It still cannot connect to target server via RDP

Computer 2 (Win 7, no recent updates) cannot reach Target Server via RDP
Computer 3 (Win 7, no recent updates) can reach Target Server via RDP
Basic-Network-Layout.pdf
0
 

Author Comment

by:HeilandS
ID: 41877438
Thanks for your help.
Explicitly opening TCP port 3389 and UDP port 3389 on the firewall solved the problem.
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 41877488
Great diagram and description.  Thanks!
0

Featured Post

ScreenConnect 6.0 Free Trial

At ScreenConnect, partner feedback doesn't fall on deaf ears. We collected partner suggestions off of their virtual wish list and transformed them into one game-changing release: ScreenConnect 6.0. Explore all of the extras and enhancements for yourself!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server 2012 R2 Radius server and Cisco AP 7 45
Internet Explorer 11.0 fails to open 34 86
Remotely control the TV over the internet 7 43
Samsung Dex 3 44
At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
With User Account Control (UAC) enabled in Windows 7, one needs to open an elevated Command Prompt in order to run scripts under administrative privileges. Although the elevated Command Prompt accomplishes the task, the question How to run as script…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question