Jump to content

can't rdp to a terminal server over vpn

Guest Omer Barel

By Guest Omer Barel
in Windows NT Server

 Share

Recommended Posts

Guest Omer Barel

Guest Omer Barel

Posted
Posted

hello all.

 

I have a windows server 2003 enterprise x64 that is used as a dc and another

one, a member server, that is used as a terminal server. the terminal server

is in the domain.

 

my client computer is a windows vista ultimate.

 

all updates, hot-fixes and latest service-packs are installed on all the

machines.

 

my problem is that i can't rdp to the terminal server when I'm outside the

office and using VPN connection. inside the LAN everything works great.

 

i can rdp to the dc and then, from within the dc, rdp to the terminal

server. i can't to the rdp directly to the terminal.

 

I'm using the same credentials as from within the network, so i don't think

it's the issue. i think it's something with the terminal server itself.

 

any ideas?

 

best regards,

 

Omer Barel,

NSGroup

  • Replies 8
  • Created
  • Last Reply

Popular Days

Popular Days

Guest jolteroli

Guest jolteroli

Posted
Posted

Re: can't rdp to a terminal server over vpn

 

check the subnet-mask of the TS ip-interface. if it's halfed

(255.255.255.128), the TS may be together with the DC, but foreign to the

VPN router. so packets will reach the TS, but no packet will find the route

back to the VPN router and hence to you workstation at home.

 

e.g.

DC: 192.168.0.1/255.255.255.0

TS: 192.168.0.2/255.255.255.128

VPN: 192.168.0.254/255.255.255.0

 

our VPN router has reserved as much IP addresses as connection are

allowed/possible. if you dial in, u'll probably act as one of this IP

addresses. you could use one of this VPN-reserved-addresses for the vista

workstation in the office and check if the RDP connect still succeeds.

 

also, the TS might accept only RDP connections from specific IP addresses

and not from any IP on the network. the system firewall can be configured

this way as well as by the IP-policies.

 

-jolt (out of ideas)

 

"Omer Barel" <Omer Barel@discussions.microsoft.com> schrieb im Newsbeitrag

news:CFCE2235-5435-4EB4-8367-CFEE4E5AA7AC@microsoft.com...

> hello all.

>

> I have a windows server 2003 enterprise x64 that is used as a dc and

> another

> one, a member server, that is used as a terminal server. the terminal

> server

> is in the domain.

>

> my client computer is a windows vista ultimate.

>

> all updates, hot-fixes and latest service-packs are installed on all the

> machines.

>

> my problem is that i can't rdp to the terminal server when I'm outside the

> office and using VPN connection. inside the LAN everything works great.

>

> i can rdp to the dc and then, from within the dc, rdp to the terminal

> server. i can't to the rdp directly to the terminal.

>

> I'm using the same credentials as from within the network, so i don't

> think

> it's the issue. i think it's something with the terminal server itself.

>

> any ideas?

>

> best regards,

>

> Omer Barel,

> NSGroup

Guest Omer Barel

Guest Omer Barel

Posted
Posted

Re: can't rdp to a terminal server over vpn

 

hi jolteroli

 

the subnet is the same for all devices (both servers and the vista client) -

a regular class c.

the dc is also the dns, dhcp and RRAS server, and handles all connections.

 

the firewall is turned off in the terminal server.

 

when i open the rdp port in the router i can connect to the terminal server

directly from outside the network (through NAT)

 

any other ideas?

"jolteroli" wrote:

> check the subnet-mask of the TS ip-interface. if it's halfed

> (255.255.255.128), the TS may be together with the DC, but foreign to the

> VPN router. so packets will reach the TS, but no packet will find the route

> back to the VPN router and hence to you workstation at home.

>

> e.g.

> DC: 192.168.0.1/255.255.255.0

> TS: 192.168.0.2/255.255.255.128

> VPN: 192.168.0.254/255.255.255.0

>

> our VPN router has reserved as much IP addresses as connection are

> allowed/possible. if you dial in, u'll probably act as one of this IP

> addresses. you could use one of this VPN-reserved-addresses for the vista

> workstation in the office and check if the RDP connect still succeeds.

>

> also, the TS might accept only RDP connections from specific IP addresses

> and not from any IP on the network. the system firewall can be configured

> this way as well as by the IP-policies.

>

> -jolt (out of ideas)

>

> "Omer Barel" <Omer Barel@discussions.microsoft.com> schrieb im Newsbeitrag

> news:CFCE2235-5435-4EB4-8367-CFEE4E5AA7AC@microsoft.com...

> > hello all.

> >

> > I have a windows server 2003 enterprise x64 that is used as a dc and

> > another

> > one, a member server, that is used as a terminal server. the terminal

> > server

> > is in the domain.

> >

> > my client computer is a windows vista ultimate.

> >

> > all updates, hot-fixes and latest service-packs are installed on all the

> > machines.

> >

> > my problem is that i can't rdp to the terminal server when I'm outside the

> > office and using VPN connection. inside the LAN everything works great.

> >

> > i can rdp to the dc and then, from within the dc, rdp to the terminal

> > server. i can't to the rdp directly to the terminal.

> >

> > I'm using the same credentials as from within the network, so i don't

> > think

> > it's the issue. i think it's something with the terminal server itself.

> >

> > any ideas?

> >

> > best regards,

> >

> > Omer Barel,

> > NSGroup

>

>

Guest thundergod255

Guest thundergod255

Posted
Posted

Re: can't rdp to a terminal server over vpn

 

Can you remote to the terminal server across the VPN through a console session?

 

"Omer Barel" wrote:

> hi jolteroli

>

> the subnet is the same for all devices (both servers and the vista client) -

> a regular class c.

> the dc is also the dns, dhcp and RRAS server, and handles all connections.

>

> the firewall is turned off in the terminal server.

>

> when i open the rdp port in the router i can connect to the terminal server

> directly from outside the network (through NAT)

>

> any other ideas?

> "jolteroli" wrote:

>

> > check the subnet-mask of the TS ip-interface. if it's halfed

> > (255.255.255.128), the TS may be together with the DC, but foreign to the

> > VPN router. so packets will reach the TS, but no packet will find the route

> > back to the VPN router and hence to you workstation at home.

> >

> > e.g.

> > DC: 192.168.0.1/255.255.255.0

> > TS: 192.168.0.2/255.255.255.128

> > VPN: 192.168.0.254/255.255.255.0

> >

> > our VPN router has reserved as much IP addresses as connection are

> > allowed/possible. if you dial in, u'll probably act as one of this IP

> > addresses. you could use one of this VPN-reserved-addresses for the vista

> > workstation in the office and check if the RDP connect still succeeds.

> >

> > also, the TS might accept only RDP connections from specific IP addresses

> > and not from any IP on the network. the system firewall can be configured

> > this way as well as by the IP-policies.

> >

> > -jolt (out of ideas)

> >

> > "Omer Barel" <Omer Barel@discussions.microsoft.com> schrieb im Newsbeitrag

> > news:CFCE2235-5435-4EB4-8367-CFEE4E5AA7AC@microsoft.com...

> > > hello all.

> > >

> > > I have a windows server 2003 enterprise x64 that is used as a dc and

> > > another

> > > one, a member server, that is used as a terminal server. the terminal

> > > server

> > > is in the domain.

> > >

> > > my client computer is a windows vista ultimate.

> > >

> > > all updates, hot-fixes and latest service-packs are installed on all the

> > > machines.

> > >

> > > my problem is that i can't rdp to the terminal server when I'm outside the

> > > office and using VPN connection. inside the LAN everything works great.

> > >

> > > i can rdp to the dc and then, from within the dc, rdp to the terminal

> > > server. i can't to the rdp directly to the terminal.

> > >

> > > I'm using the same credentials as from within the network, so i don't

> > > think

> > > it's the issue. i think it's something with the terminal server itself.

> > >

> > > any ideas?

> > >

> > > best regards,

> > >

> > > Omer Barel,

> > > NSGroup

> >

> >

Guest Omer Barel

Guest Omer Barel

Posted
Posted

Re: can't rdp to a terminal server over vpn

 

i don't know how to do that... i log using normal rdp, and that's a user

session i think...

 

how can i log on to the console session?

 

"thundergod255" wrote:

> Can you remote to the terminal server across the VPN through a console session?

>

> "Omer Barel" wrote:

>

> > hi jolteroli

> >

> > the subnet is the same for all devices (both servers and the vista client) -

> > a regular class c.

> > the dc is also the dns, dhcp and RRAS server, and handles all connections.

> >

> > the firewall is turned off in the terminal server.

> >

> > when i open the rdp port in the router i can connect to the terminal server

> > directly from outside the network (through NAT)

> >

> > any other ideas?

> > "jolteroli" wrote:

> >

> > > check the subnet-mask of the TS ip-interface. if it's halfed

> > > (255.255.255.128), the TS may be together with the DC, but foreign to the

> > > VPN router. so packets will reach the TS, but no packet will find the route

> > > back to the VPN router and hence to you workstation at home.

> > >

> > > e.g.

> > > DC: 192.168.0.1/255.255.255.0

> > > TS: 192.168.0.2/255.255.255.128

> > > VPN: 192.168.0.254/255.255.255.0

> > >

> > > our VPN router has reserved as much IP addresses as connection are

> > > allowed/possible. if you dial in, u'll probably act as one of this IP

> > > addresses. you could use one of this VPN-reserved-addresses for the vista

> > > workstation in the office and check if the RDP connect still succeeds.

> > >

> > > also, the TS might accept only RDP connections from specific IP addresses

> > > and not from any IP on the network. the system firewall can be configured

> > > this way as well as by the IP-policies.

> > >

> > > -jolt (out of ideas)

> > >

> > > "Omer Barel" <Omer Barel@discussions.microsoft.com> schrieb im Newsbeitrag

> > > news:CFCE2235-5435-4EB4-8367-CFEE4E5AA7AC@microsoft.com...

> > > > hello all.

> > > >

> > > > I have a windows server 2003 enterprise x64 that is used as a dc and

> > > > another

> > > > one, a member server, that is used as a terminal server. the terminal

> > > > server

> > > > is in the domain.

> > > >

> > > > my client computer is a windows vista ultimate.

> > > >

> > > > all updates, hot-fixes and latest service-packs are installed on all the

> > > > machines.

> > > >

> > > > my problem is that i can't rdp to the terminal server when I'm outside the

> > > > office and using VPN connection. inside the LAN everything works great.

> > > >

> > > > i can rdp to the dc and then, from within the dc, rdp to the terminal

> > > > server. i can't to the rdp directly to the terminal.

> > > >

> > > > I'm using the same credentials as from within the network, so i don't

> > > > think

> > > > it's the issue. i think it's something with the terminal server itself.

> > > >

> > > > any ideas?

> > > >

> > > > best regards,

> > > >

> > > > Omer Barel,

> > > > NSGroup

> > >

> > >

Guest Jeff Pitsch

Guest Jeff Pitsch

Posted
Posted

Re: can't rdp to a terminal server over vpn

 

Can you telnet to port 3389? Can you ping the server? Can you connect to

any shares or printers on the server (especially the default admin shares)?

In other words, beyond RDP is there any connectivity to this server

whatsoever. The telnet will tell you if you are actually able to get to the

rdp listener on the server.

 

--

Jeff Pitsch

Microsoft MVP - Terminal Services

 

"Omer Barel" <OmerBarel@discussions.microsoft.com> wrote in message

news:0FE3EDF2-9F54-4FFE-95DF-9562BD5E9DB6@microsoft.com...

>i don't know how to do that... i log using normal rdp, and that's a user

> session i think...

>

> how can i log on to the console session?

>

> "thundergod255" wrote:

>

>> Can you remote to the terminal server across the VPN through a console

>> session?

>>

>> "Omer Barel" wrote:

>>

>> > hi jolteroli

>> >

>> > the subnet is the same for all devices (both servers and the vista

>> > client) -

>> > a regular class c.

>> > the dc is also the dns, dhcp and RRAS server, and handles all

>> > connections.

>> >

>> > the firewall is turned off in the terminal server.

>> >

>> > when i open the rdp port in the router i can connect to the terminal

>> > server

>> > directly from outside the network (through NAT)

>> >

>> > any other ideas?

>> > "jolteroli" wrote:

>> >

>> > > check the subnet-mask of the TS ip-interface. if it's halfed

>> > > (255.255.255.128), the TS may be together with the DC, but foreign to

>> > > the

>> > > VPN router. so packets will reach the TS, but no packet will find the

>> > > route

>> > > back to the VPN router and hence to you workstation at home.

>> > >

>> > > e.g.

>> > > DC: 192.168.0.1/255.255.255.0

>> > > TS: 192.168.0.2/255.255.255.128

>> > > VPN: 192.168.0.254/255.255.255.0

>> > >

>> > > our VPN router has reserved as much IP addresses as connection are

>> > > allowed/possible. if you dial in, u'll probably act as one of this IP

>> > > addresses. you could use one of this VPN-reserved-addresses for the

>> > > vista

>> > > workstation in the office and check if the RDP connect still

>> > > succeeds.

>> > >

>> > > also, the TS might accept only RDP connections from specific IP

>> > > addresses

>> > > and not from any IP on the network. the system firewall can be

>> > > configured

>> > > this way as well as by the IP-policies.

>> > >

>> > > -jolt (out of ideas)

>> > >

>> > > "Omer Barel" <Omer Barel@discussions.microsoft.com> schrieb im

>> > > Newsbeitrag

>> > > news:CFCE2235-5435-4EB4-8367-CFEE4E5AA7AC@microsoft.com...

>> > > > hello all.

>> > > >

>> > > > I have a windows server 2003 enterprise x64 that is used as a dc

>> > > > and

>> > > > another

>> > > > one, a member server, that is used as a terminal server. the

>> > > > terminal

>> > > > server

>> > > > is in the domain.

>> > > >

>> > > > my client computer is a windows vista ultimate.

>> > > >

>> > > > all updates, hot-fixes and latest service-packs are installed on

>> > > > all the

>> > > > machines.

>> > > >

>> > > > my problem is that i can't rdp to the terminal server when I'm

>> > > > outside the

>> > > > office and using VPN connection. inside the LAN everything works

>> > > > great.

>> > > >

>> > > > i can rdp to the dc and then, from within the dc, rdp to the

>> > > > terminal

>> > > > server. i can't to the rdp directly to the terminal.

>> > > >

>> > > > I'm using the same credentials as from within the network, so i

>> > > > don't

>> > > > think

>> > > > it's the issue. i think it's something with the terminal server

>> > > > itself.

>> > > >

>> > > > any ideas?

>> > > >

>> > > > best regards,

>> > > >

>> > > > Omer Barel,

>> > > > NSGroup

>> > >

>> > >

Guest James

Guest James

Posted
Posted

Re: can't rdp to a terminal server over vpn

 

See if the console session works. If it doesn't work, then you may have a

firewall/VPN issue.

 

Go to the command prompt and try typing:

-mstsc -v:<Ip address of server> /f -console

 

Here is a walkthrough:

http://support.microsoft.com/kb/278845

 

 

"Omer Barel" wrote:

> i don't know how to do that... i log using normal rdp, and that's a user

> session i think...

>

> how can i log on to the console session?

>

> "thundergod255" wrote:

>

> > Can you remote to the terminal server across the VPN through a console session?

> >

> > "Omer Barel" wrote:

> >

> > > hi jolteroli

> > >

> > > the subnet is the same for all devices (both servers and the vista client) -

> > > a regular class c.

> > > the dc is also the dns, dhcp and RRAS server, and handles all connections.

> > >

> > > the firewall is turned off in the terminal server.

> > >

> > > when i open the rdp port in the router i can connect to the terminal server

> > > directly from outside the network (through NAT)

> > >

> > > any other ideas?

> > > "jolteroli" wrote:

> > >

> > > > check the subnet-mask of the TS ip-interface. if it's halfed

> > > > (255.255.255.128), the TS may be together with the DC, but foreign to the

> > > > VPN router. so packets will reach the TS, but no packet will find the route

> > > > back to the VPN router and hence to you workstation at home.

> > > >

> > > > e.g.

> > > > DC: 192.168.0.1/255.255.255.0

> > > > TS: 192.168.0.2/255.255.255.128

> > > > VPN: 192.168.0.254/255.255.255.0

> > > >

> > > > our VPN router has reserved as much IP addresses as connection are

> > > > allowed/possible. if you dial in, u'll probably act as one of this IP

> > > > addresses. you could use one of this VPN-reserved-addresses for the vista

> > > > workstation in the office and check if the RDP connect still succeeds.

> > > >

> > > > also, the TS might accept only RDP connections from specific IP addresses

> > > > and not from any IP on the network. the system firewall can be configured

> > > > this way as well as by the IP-policies.

> > > >

> > > > -jolt (out of ideas)

> > > >

> > > > "Omer Barel" <Omer Barel@discussions.microsoft.com> schrieb im Newsbeitrag

> > > > news:CFCE2235-5435-4EB4-8367-CFEE4E5AA7AC@microsoft.com...

> > > > > hello all.

> > > > >

> > > > > I have a windows server 2003 enterprise x64 that is used as a dc and

> > > > > another

> > > > > one, a member server, that is used as a terminal server. the terminal

> > > > > server

> > > > > is in the domain.

> > > > >

> > > > > my client computer is a windows vista ultimate.

> > > > >

> > > > > all updates, hot-fixes and latest service-packs are installed on all the

> > > > > machines.

> > > > >

> > > > > my problem is that i can't rdp to the terminal server when I'm outside the

> > > > > office and using VPN connection. inside the LAN everything works great.

> > > > >

> > > > > i can rdp to the dc and then, from within the dc, rdp to the terminal

> > > > > server. i can't to the rdp directly to the terminal.

> > > > >

> > > > > I'm using the same credentials as from within the network, so i don't

> > > > > think

> > > > > it's the issue. i think it's something with the terminal server itself.

> > > > >

> > > > > any ideas?

> > > > >

> > > > > best regards,

> > > > >

> > > > > Omer Barel,

> > > > > NSGroup

> > > >

> > > >

Guest jolteroli

Guest jolteroli

Posted
Posted

Re: can't rdp to a terminal server over vpn

 

if you netcat

 

# nc -nvz 3.1.33.7 3389

 

the output should tell you either

 

(o) open: tcp/ip transport ok. syn sent, syn-ack received.

packet corrupted on the round trip? bad vpn firmware?

 

(o) timeout: no answer. syn sent, nothing came back.

did the syn ever reach the server?

firewall/filter silently dropped the packet.

 

(o) blocked/denied: packet filtered. syn sent, icmp error came back.

firewall/filter dropped the packet, but told you that.

 

-jolt

Guest OS360_ITMAN

Guest OS360_ITMAN

Posted
Posted

Re: can't rdp to a terminal server over vpn

 

Firstly check all the stuff that Jeff has said below, but do not use the FQDN

but rather the normal IP address, I had a similar issue and it was nothing to

do with the VPN but more a DNS problem with the DHCP addressing when I came

in via the VPN.

 

"Jeff Pitsch" wrote:

> Can you telnet to port 3389? Can you ping the server? Can you connect to

> any shares or printers on the server (especially the default admin shares)?

> In other words, beyond RDP is there any connectivity to this server

> whatsoever. The telnet will tell you if you are actually able to get to the

> rdp listener on the server.

>

> --

> Jeff Pitsch

> Microsoft MVP - Terminal Services

>

> "Omer Barel" <OmerBarel@discussions.microsoft.com> wrote in message

> news:0FE3EDF2-9F54-4FFE-95DF-9562BD5E9DB6@microsoft.com...

> >i don't know how to do that... i log using normal rdp, and that's a user

> > session i think...

> >

> > how can i log on to the console session?

> >

> > "thundergod255" wrote:

> >

> >> Can you remote to the terminal server across the VPN through a console

> >> session?

> >>

> >> "Omer Barel" wrote:

> >>

> >> > hi jolteroli

> >> >

> >> > the subnet is the same for all devices (both servers and the vista

> >> > client) -

> >> > a regular class c.

> >> > the dc is also the dns, dhcp and RRAS server, and handles all

> >> > connections.

> >> >

> >> > the firewall is turned off in the terminal server.

> >> >

> >> > when i open the rdp port in the router i can connect to the terminal

> >> > server

> >> > directly from outside the network (through NAT)

> >> >

> >> > any other ideas?

> >> > "jolteroli" wrote:

> >> >

> >> > > check the subnet-mask of the TS ip-interface. if it's halfed

> >> > > (255.255.255.128), the TS may be together with the DC, but foreign to

> >> > > the

> >> > > VPN router. so packets will reach the TS, but no packet will find the

> >> > > route

> >> > > back to the VPN router and hence to you workstation at home.

> >> > >

> >> > > e.g.

> >> > > DC: 192.168.0.1/255.255.255.0

> >> > > TS: 192.168.0.2/255.255.255.128

> >> > > VPN: 192.168.0.254/255.255.255.0

> >> > >

> >> > > our VPN router has reserved as much IP addresses as connection are

> >> > > allowed/possible. if you dial in, u'll probably act as one of this IP

> >> > > addresses. you could use one of this VPN-reserved-addresses for the

> >> > > vista

> >> > > workstation in the office and check if the RDP connect still

> >> > > succeeds.

> >> > >

> >> > > also, the TS might accept only RDP connections from specific IP

> >> > > addresses

> >> > > and not from any IP on the network. the system firewall can be

> >> > > configured

> >> > > this way as well as by the IP-policies.

> >> > >

> >> > > -jolt (out of ideas)

> >> > >

> >> > > "Omer Barel" <Omer Barel@discussions.microsoft.com> schrieb im

> >> > > Newsbeitrag

> >> > > news:CFCE2235-5435-4EB4-8367-CFEE4E5AA7AC@microsoft.com...

> >> > > > hello all.

> >> > > >

> >> > > > I have a windows server 2003 enterprise x64 that is used as a dc

> >> > > > and

> >> > > > another

> >> > > > one, a member server, that is used as a terminal server. the

> >> > > > terminal

> >> > > > server

> >> > > > is in the domain.

> >> > > >

> >> > > > my client computer is a windows vista ultimate.

> >> > > >

> >> > > > all updates, hot-fixes and latest service-packs are installed on

> >> > > > all the

> >> > > > machines.

> >> > > >

> >> > > > my problem is that i can't rdp to the terminal server when I'm

> >> > > > outside the

> >> > > > office and using VPN connection. inside the LAN everything works

> >> > > > great.

> >> > > >

> >> > > > i can rdp to the dc and then, from within the dc, rdp to the

> >> > > > terminal

> >> > > > server. i can't to the rdp directly to the terminal.

> >> > > >

> >> > > > I'm using the same credentials as from within the network, so i

> >> > > > don't

> >> > > > think

> >> > > > it's the issue. i think it's something with the terminal server

> >> > > > itself.

> >> > > >

> >> > > > any ideas?

> >> > > >

> >> > > > best regards,

> >> > > >

> >> > > > Omer Barel,

> >> > > > NSGroup

> >> > >

> >> > >

>

>

>

 Share
Go to topic listing
×
×
  • Create New...