Guest Omer Barel Posted September 9, 2008 Posted September 9, 2008 hello all. I have a windows server 2003 enterprise x64 that is used as a dc and another one, a member server, that is used as a terminal server. the terminal server is in the domain. my client computer is a windows vista ultimate. all updates, hot-fixes and latest service-packs are installed on all the machines. my problem is that i can't rdp to the terminal server when I'm outside the office and using VPN connection. inside the LAN everything works great. i can rdp to the dc and then, from within the dc, rdp to the terminal server. i can't to the rdp directly to the terminal. I'm using the same credentials as from within the network, so i don't think it's the issue. i think it's something with the terminal server itself. any ideas? best regards, Omer Barel, NSGroup
Guest jolteroli Posted September 9, 2008 Posted September 9, 2008 Re: can't rdp to a terminal server over vpn check the subnet-mask of the TS ip-interface. if it's halfed (255.255.255.128), the TS may be together with the DC, but foreign to the VPN router. so packets will reach the TS, but no packet will find the route back to the VPN router and hence to you workstation at home. e.g. DC: 192.168.0.1/255.255.255.0 TS: 192.168.0.2/255.255.255.128 VPN: 192.168.0.254/255.255.255.0 our VPN router has reserved as much IP addresses as connection are allowed/possible. if you dial in, u'll probably act as one of this IP addresses. you could use one of this VPN-reserved-addresses for the vista workstation in the office and check if the RDP connect still succeeds. also, the TS might accept only RDP connections from specific IP addresses and not from any IP on the network. the system firewall can be configured this way as well as by the IP-policies. -jolt (out of ideas) "Omer Barel" <Omer Barel@discussions.microsoft.com> schrieb im Newsbeitrag news:CFCE2235-5435-4EB4-8367-CFEE4E5AA7AC@microsoft.com... > hello all. > > I have a windows server 2003 enterprise x64 that is used as a dc and > another > one, a member server, that is used as a terminal server. the terminal > server > is in the domain. > > my client computer is a windows vista ultimate. > > all updates, hot-fixes and latest service-packs are installed on all the > machines. > > my problem is that i can't rdp to the terminal server when I'm outside the > office and using VPN connection. inside the LAN everything works great. > > i can rdp to the dc and then, from within the dc, rdp to the terminal > server. i can't to the rdp directly to the terminal. > > I'm using the same credentials as from within the network, so i don't > think > it's the issue. i think it's something with the terminal server itself. > > any ideas? > > best regards, > > Omer Barel, > NSGroup
Guest Omer Barel Posted September 9, 2008 Posted September 9, 2008 Re: can't rdp to a terminal server over vpn hi jolteroli the subnet is the same for all devices (both servers and the vista client) - a regular class c. the dc is also the dns, dhcp and RRAS server, and handles all connections. the firewall is turned off in the terminal server. when i open the rdp port in the router i can connect to the terminal server directly from outside the network (through NAT) any other ideas? "jolteroli" wrote: > check the subnet-mask of the TS ip-interface. if it's halfed > (255.255.255.128), the TS may be together with the DC, but foreign to the > VPN router. so packets will reach the TS, but no packet will find the route > back to the VPN router and hence to you workstation at home. > > e.g. > DC: 192.168.0.1/255.255.255.0 > TS: 192.168.0.2/255.255.255.128 > VPN: 192.168.0.254/255.255.255.0 > > our VPN router has reserved as much IP addresses as connection are > allowed/possible. if you dial in, u'll probably act as one of this IP > addresses. you could use one of this VPN-reserved-addresses for the vista > workstation in the office and check if the RDP connect still succeeds. > > also, the TS might accept only RDP connections from specific IP addresses > and not from any IP on the network. the system firewall can be configured > this way as well as by the IP-policies. > > -jolt (out of ideas) > > "Omer Barel" <Omer Barel@discussions.microsoft.com> schrieb im Newsbeitrag > news:CFCE2235-5435-4EB4-8367-CFEE4E5AA7AC@microsoft.com... > > hello all. > > > > I have a windows server 2003 enterprise x64 that is used as a dc and > > another > > one, a member server, that is used as a terminal server. the terminal > > server > > is in the domain. > > > > my client computer is a windows vista ultimate. > > > > all updates, hot-fixes and latest service-packs are installed on all the > > machines. > > > > my problem is that i can't rdp to the terminal server when I'm outside the > > office and using VPN connection. inside the LAN everything works great. > > > > i can rdp to the dc and then, from within the dc, rdp to the terminal > > server. i can't to the rdp directly to the terminal. > > > > I'm using the same credentials as from within the network, so i don't > > think > > it's the issue. i think it's something with the terminal server itself. > > > > any ideas? > > > > best regards, > > > > Omer Barel, > > NSGroup > >
Guest thundergod255 Posted September 10, 2008 Posted September 10, 2008 Re: can't rdp to a terminal server over vpn Can you remote to the terminal server across the VPN through a console session? "Omer Barel" wrote: > hi jolteroli > > the subnet is the same for all devices (both servers and the vista client) - > a regular class c. > the dc is also the dns, dhcp and RRAS server, and handles all connections. > > the firewall is turned off in the terminal server. > > when i open the rdp port in the router i can connect to the terminal server > directly from outside the network (through NAT) > > any other ideas? > "jolteroli" wrote: > > > check the subnet-mask of the TS ip-interface. if it's halfed > > (255.255.255.128), the TS may be together with the DC, but foreign to the > > VPN router. so packets will reach the TS, but no packet will find the route > > back to the VPN router and hence to you workstation at home. > > > > e.g. > > DC: 192.168.0.1/255.255.255.0 > > TS: 192.168.0.2/255.255.255.128 > > VPN: 192.168.0.254/255.255.255.0 > > > > our VPN router has reserved as much IP addresses as connection are > > allowed/possible. if you dial in, u'll probably act as one of this IP > > addresses. you could use one of this VPN-reserved-addresses for the vista > > workstation in the office and check if the RDP connect still succeeds. > > > > also, the TS might accept only RDP connections from specific IP addresses > > and not from any IP on the network. the system firewall can be configured > > this way as well as by the IP-policies. > > > > -jolt (out of ideas) > > > > "Omer Barel" <Omer Barel@discussions.microsoft.com> schrieb im Newsbeitrag > > news:CFCE2235-5435-4EB4-8367-CFEE4E5AA7AC@microsoft.com... > > > hello all. > > > > > > I have a windows server 2003 enterprise x64 that is used as a dc and > > > another > > > one, a member server, that is used as a terminal server. the terminal > > > server > > > is in the domain. > > > > > > my client computer is a windows vista ultimate. > > > > > > all updates, hot-fixes and latest service-packs are installed on all the > > > machines. > > > > > > my problem is that i can't rdp to the terminal server when I'm outside the > > > office and using VPN connection. inside the LAN everything works great. > > > > > > i can rdp to the dc and then, from within the dc, rdp to the terminal > > > server. i can't to the rdp directly to the terminal. > > > > > > I'm using the same credentials as from within the network, so i don't > > > think > > > it's the issue. i think it's something with the terminal server itself. > > > > > > any ideas? > > > > > > best regards, > > > > > > Omer Barel, > > > NSGroup > > > >
Guest Omer Barel Posted September 10, 2008 Posted September 10, 2008 Re: can't rdp to a terminal server over vpn i don't know how to do that... i log using normal rdp, and that's a user session i think... how can i log on to the console session? "thundergod255" wrote: > Can you remote to the terminal server across the VPN through a console session? > > "Omer Barel" wrote: > > > hi jolteroli > > > > the subnet is the same for all devices (both servers and the vista client) - > > a regular class c. > > the dc is also the dns, dhcp and RRAS server, and handles all connections. > > > > the firewall is turned off in the terminal server. > > > > when i open the rdp port in the router i can connect to the terminal server > > directly from outside the network (through NAT) > > > > any other ideas? > > "jolteroli" wrote: > > > > > check the subnet-mask of the TS ip-interface. if it's halfed > > > (255.255.255.128), the TS may be together with the DC, but foreign to the > > > VPN router. so packets will reach the TS, but no packet will find the route > > > back to the VPN router and hence to you workstation at home. > > > > > > e.g. > > > DC: 192.168.0.1/255.255.255.0 > > > TS: 192.168.0.2/255.255.255.128 > > > VPN: 192.168.0.254/255.255.255.0 > > > > > > our VPN router has reserved as much IP addresses as connection are > > > allowed/possible. if you dial in, u'll probably act as one of this IP > > > addresses. you could use one of this VPN-reserved-addresses for the vista > > > workstation in the office and check if the RDP connect still succeeds. > > > > > > also, the TS might accept only RDP connections from specific IP addresses > > > and not from any IP on the network. the system firewall can be configured > > > this way as well as by the IP-policies. > > > > > > -jolt (out of ideas) > > > > > > "Omer Barel" <Omer Barel@discussions.microsoft.com> schrieb im Newsbeitrag > > > news:CFCE2235-5435-4EB4-8367-CFEE4E5AA7AC@microsoft.com... > > > > hello all. > > > > > > > > I have a windows server 2003 enterprise x64 that is used as a dc and > > > > another > > > > one, a member server, that is used as a terminal server. the terminal > > > > server > > > > is in the domain. > > > > > > > > my client computer is a windows vista ultimate. > > > > > > > > all updates, hot-fixes and latest service-packs are installed on all the > > > > machines. > > > > > > > > my problem is that i can't rdp to the terminal server when I'm outside the > > > > office and using VPN connection. inside the LAN everything works great. > > > > > > > > i can rdp to the dc and then, from within the dc, rdp to the terminal > > > > server. i can't to the rdp directly to the terminal. > > > > > > > > I'm using the same credentials as from within the network, so i don't > > > > think > > > > it's the issue. i think it's something with the terminal server itself. > > > > > > > > any ideas? > > > > > > > > best regards, > > > > > > > > Omer Barel, > > > > NSGroup > > > > > >
Guest Jeff Pitsch Posted September 10, 2008 Posted September 10, 2008 Re: can't rdp to a terminal server over vpn Can you telnet to port 3389? Can you ping the server? Can you connect to any shares or printers on the server (especially the default admin shares)? In other words, beyond RDP is there any connectivity to this server whatsoever. The telnet will tell you if you are actually able to get to the rdp listener on the server. -- Jeff Pitsch Microsoft MVP - Terminal Services "Omer Barel" <OmerBarel@discussions.microsoft.com> wrote in message news:0FE3EDF2-9F54-4FFE-95DF-9562BD5E9DB6@microsoft.com... >i don't know how to do that... i log using normal rdp, and that's a user > session i think... > > how can i log on to the console session? > > "thundergod255" wrote: > >> Can you remote to the terminal server across the VPN through a console >> session? >> >> "Omer Barel" wrote: >> >> > hi jolteroli >> > >> > the subnet is the same for all devices (both servers and the vista >> > client) - >> > a regular class c. >> > the dc is also the dns, dhcp and RRAS server, and handles all >> > connections. >> > >> > the firewall is turned off in the terminal server. >> > >> > when i open the rdp port in the router i can connect to the terminal >> > server >> > directly from outside the network (through NAT) >> > >> > any other ideas? >> > "jolteroli" wrote: >> > >> > > check the subnet-mask of the TS ip-interface. if it's halfed >> > > (255.255.255.128), the TS may be together with the DC, but foreign to >> > > the >> > > VPN router. so packets will reach the TS, but no packet will find the >> > > route >> > > back to the VPN router and hence to you workstation at home. >> > > >> > > e.g. >> > > DC: 192.168.0.1/255.255.255.0 >> > > TS: 192.168.0.2/255.255.255.128 >> > > VPN: 192.168.0.254/255.255.255.0 >> > > >> > > our VPN router has reserved as much IP addresses as connection are >> > > allowed/possible. if you dial in, u'll probably act as one of this IP >> > > addresses. you could use one of this VPN-reserved-addresses for the >> > > vista >> > > workstation in the office and check if the RDP connect still >> > > succeeds. >> > > >> > > also, the TS might accept only RDP connections from specific IP >> > > addresses >> > > and not from any IP on the network. the system firewall can be >> > > configured >> > > this way as well as by the IP-policies. >> > > >> > > -jolt (out of ideas) >> > > >> > > "Omer Barel" <Omer Barel@discussions.microsoft.com> schrieb im >> > > Newsbeitrag >> > > news:CFCE2235-5435-4EB4-8367-CFEE4E5AA7AC@microsoft.com... >> > > > hello all. >> > > > >> > > > I have a windows server 2003 enterprise x64 that is used as a dc >> > > > and >> > > > another >> > > > one, a member server, that is used as a terminal server. the >> > > > terminal >> > > > server >> > > > is in the domain. >> > > > >> > > > my client computer is a windows vista ultimate. >> > > > >> > > > all updates, hot-fixes and latest service-packs are installed on >> > > > all the >> > > > machines. >> > > > >> > > > my problem is that i can't rdp to the terminal server when I'm >> > > > outside the >> > > > office and using VPN connection. inside the LAN everything works >> > > > great. >> > > > >> > > > i can rdp to the dc and then, from within the dc, rdp to the >> > > > terminal >> > > > server. i can't to the rdp directly to the terminal. >> > > > >> > > > I'm using the same credentials as from within the network, so i >> > > > don't >> > > > think >> > > > it's the issue. i think it's something with the terminal server >> > > > itself. >> > > > >> > > > any ideas? >> > > > >> > > > best regards, >> > > > >> > > > Omer Barel, >> > > > NSGroup >> > > >> > >
Guest James Posted September 10, 2008 Posted September 10, 2008 Re: can't rdp to a terminal server over vpn See if the console session works. If it doesn't work, then you may have a firewall/VPN issue. Go to the command prompt and try typing: -mstsc -v:<Ip address of server> /f -console Here is a walkthrough: http://support.microsoft.com/kb/278845 "Omer Barel" wrote: > i don't know how to do that... i log using normal rdp, and that's a user > session i think... > > how can i log on to the console session? > > "thundergod255" wrote: > > > Can you remote to the terminal server across the VPN through a console session? > > > > "Omer Barel" wrote: > > > > > hi jolteroli > > > > > > the subnet is the same for all devices (both servers and the vista client) - > > > a regular class c. > > > the dc is also the dns, dhcp and RRAS server, and handles all connections. > > > > > > the firewall is turned off in the terminal server. > > > > > > when i open the rdp port in the router i can connect to the terminal server > > > directly from outside the network (through NAT) > > > > > > any other ideas? > > > "jolteroli" wrote: > > > > > > > check the subnet-mask of the TS ip-interface. if it's halfed > > > > (255.255.255.128), the TS may be together with the DC, but foreign to the > > > > VPN router. so packets will reach the TS, but no packet will find the route > > > > back to the VPN router and hence to you workstation at home. > > > > > > > > e.g. > > > > DC: 192.168.0.1/255.255.255.0 > > > > TS: 192.168.0.2/255.255.255.128 > > > > VPN: 192.168.0.254/255.255.255.0 > > > > > > > > our VPN router has reserved as much IP addresses as connection are > > > > allowed/possible. if you dial in, u'll probably act as one of this IP > > > > addresses. you could use one of this VPN-reserved-addresses for the vista > > > > workstation in the office and check if the RDP connect still succeeds. > > > > > > > > also, the TS might accept only RDP connections from specific IP addresses > > > > and not from any IP on the network. the system firewall can be configured > > > > this way as well as by the IP-policies. > > > > > > > > -jolt (out of ideas) > > > > > > > > "Omer Barel" <Omer Barel@discussions.microsoft.com> schrieb im Newsbeitrag > > > > news:CFCE2235-5435-4EB4-8367-CFEE4E5AA7AC@microsoft.com... > > > > > hello all. > > > > > > > > > > I have a windows server 2003 enterprise x64 that is used as a dc and > > > > > another > > > > > one, a member server, that is used as a terminal server. the terminal > > > > > server > > > > > is in the domain. > > > > > > > > > > my client computer is a windows vista ultimate. > > > > > > > > > > all updates, hot-fixes and latest service-packs are installed on all the > > > > > machines. > > > > > > > > > > my problem is that i can't rdp to the terminal server when I'm outside the > > > > > office and using VPN connection. inside the LAN everything works great. > > > > > > > > > > i can rdp to the dc and then, from within the dc, rdp to the terminal > > > > > server. i can't to the rdp directly to the terminal. > > > > > > > > > > I'm using the same credentials as from within the network, so i don't > > > > > think > > > > > it's the issue. i think it's something with the terminal server itself. > > > > > > > > > > any ideas? > > > > > > > > > > best regards, > > > > > > > > > > Omer Barel, > > > > > NSGroup > > > > > > > >
Guest jolteroli Posted September 10, 2008 Posted September 10, 2008 Re: can't rdp to a terminal server over vpn if you netcat # nc -nvz 3.1.33.7 3389 the output should tell you either (o) open: tcp/ip transport ok. syn sent, syn-ack received. packet corrupted on the round trip? bad vpn firmware? (o) timeout: no answer. syn sent, nothing came back. did the syn ever reach the server? firewall/filter silently dropped the packet. (o) blocked/denied: packet filtered. syn sent, icmp error came back. firewall/filter dropped the packet, but told you that. -jolt
Guest OS360_ITMAN Posted September 11, 2008 Posted September 11, 2008 Re: can't rdp to a terminal server over vpn Firstly check all the stuff that Jeff has said below, but do not use the FQDN but rather the normal IP address, I had a similar issue and it was nothing to do with the VPN but more a DNS problem with the DHCP addressing when I came in via the VPN. "Jeff Pitsch" wrote: > Can you telnet to port 3389? Can you ping the server? Can you connect to > any shares or printers on the server (especially the default admin shares)? > In other words, beyond RDP is there any connectivity to this server > whatsoever. The telnet will tell you if you are actually able to get to the > rdp listener on the server. > > -- > Jeff Pitsch > Microsoft MVP - Terminal Services > > "Omer Barel" <OmerBarel@discussions.microsoft.com> wrote in message > news:0FE3EDF2-9F54-4FFE-95DF-9562BD5E9DB6@microsoft.com... > >i don't know how to do that... i log using normal rdp, and that's a user > > session i think... > > > > how can i log on to the console session? > > > > "thundergod255" wrote: > > > >> Can you remote to the terminal server across the VPN through a console > >> session? > >> > >> "Omer Barel" wrote: > >> > >> > hi jolteroli > >> > > >> > the subnet is the same for all devices (both servers and the vista > >> > client) - > >> > a regular class c. > >> > the dc is also the dns, dhcp and RRAS server, and handles all > >> > connections. > >> > > >> > the firewall is turned off in the terminal server. > >> > > >> > when i open the rdp port in the router i can connect to the terminal > >> > server > >> > directly from outside the network (through NAT) > >> > > >> > any other ideas? > >> > "jolteroli" wrote: > >> > > >> > > check the subnet-mask of the TS ip-interface. if it's halfed > >> > > (255.255.255.128), the TS may be together with the DC, but foreign to > >> > > the > >> > > VPN router. so packets will reach the TS, but no packet will find the > >> > > route > >> > > back to the VPN router and hence to you workstation at home. > >> > > > >> > > e.g. > >> > > DC: 192.168.0.1/255.255.255.0 > >> > > TS: 192.168.0.2/255.255.255.128 > >> > > VPN: 192.168.0.254/255.255.255.0 > >> > > > >> > > our VPN router has reserved as much IP addresses as connection are > >> > > allowed/possible. if you dial in, u'll probably act as one of this IP > >> > > addresses. you could use one of this VPN-reserved-addresses for the > >> > > vista > >> > > workstation in the office and check if the RDP connect still > >> > > succeeds. > >> > > > >> > > also, the TS might accept only RDP connections from specific IP > >> > > addresses > >> > > and not from any IP on the network. the system firewall can be > >> > > configured > >> > > this way as well as by the IP-policies. > >> > > > >> > > -jolt (out of ideas) > >> > > > >> > > "Omer Barel" <Omer Barel@discussions.microsoft.com> schrieb im > >> > > Newsbeitrag > >> > > news:CFCE2235-5435-4EB4-8367-CFEE4E5AA7AC@microsoft.com... > >> > > > hello all. > >> > > > > >> > > > I have a windows server 2003 enterprise x64 that is used as a dc > >> > > > and > >> > > > another > >> > > > one, a member server, that is used as a terminal server. the > >> > > > terminal > >> > > > server > >> > > > is in the domain. > >> > > > > >> > > > my client computer is a windows vista ultimate. > >> > > > > >> > > > all updates, hot-fixes and latest service-packs are installed on > >> > > > all the > >> > > > machines. > >> > > > > >> > > > my problem is that i can't rdp to the terminal server when I'm > >> > > > outside the > >> > > > office and using VPN connection. inside the LAN everything works > >> > > > great. > >> > > > > >> > > > i can rdp to the dc and then, from within the dc, rdp to the > >> > > > terminal > >> > > > server. i can't to the rdp directly to the terminal. > >> > > > > >> > > > I'm using the same credentials as from within the network, so i > >> > > > don't > >> > > > think > >> > > > it's the issue. i think it's something with the terminal server > >> > > > itself. > >> > > > > >> > > > any ideas? > >> > > > > >> > > > best regards, > >> > > > > >> > > > Omer Barel, > >> > > > NSGroup > >> > > > >> > > > > >
Recommended Posts