RDP to Windows 7 PC from Remote Office - VPN

markbrooks9599 · 2013-03-18T09:21:57.000Z

Hi all,

We have a remote office that is connected to us via vpn. They use Win 7 and XP and can RDP to machines here at HQ.

They’re unable to rdp to a new PC I setup at HQ last week. I’ve enabled RDP and switched off the Windows firewall. I can ping the machine from the remote site by name and ip. They can still rdp to other machines in Poole. I tried several at random. I can rdp to the machine from hq.

Any idea as to what may be the issue. I’m currently awaiting the password to the vpn/firewall box that connects the sites.

Thanks

adamsharif · 2013-03-18T09:33:50.000Z

Try telnetting to port 3389 on the remote machine to confirm that RDP traffic is getting through - if it is then it will be some kind of authentication issue I’d imagine, such as the user(s) not being members of the Remote Desktop Users group on the local machine perhaps?

markbrooks9599 · 2013-03-18T09:48:44.000Z

I can telnet to the machine 3389 locally but fails from the remote site. I can connect to several other machines via 3389 from the remote site.

The network guy has sent me the juniper vpn/firewall config and all ports appear to be open

adamsharif · 2013-03-18T09:50:28.000Z

That’s odd! Is the machine itself able to reach any remote resources?

adamsharif · 2013-03-18T09:52:05.000Z

One thing I wonder - do the other machines using the VPN have any routes assigned locally to allow them to communicate with the remote network?

markbrooks9599 · 2013-03-18T10:19:14.000Z

I’ve just performed a ‘route print’ and the only addresses are local, pointing their local dg, which is the firewall/router/vpn box.

adamsharif · 2013-03-18T12:32:18.000Z

When you try to telnet to the workstation remotely, does the connection initiate at all or do you see something along the lines of:

Connecting To blah...Could not open connection to the host, on port 3389: Connect failed

markbrooks9599 · 2013-03-18T13:04:36.000Z

I see the information you’ve pasted in.

I’ve also rebooted the juniper boxes at both ends

adamsharif · 2013-03-18T13:24:43.000Z

Can the workstation get to remote resources itself? Also, are you 100% sure that Windows Firewall is the only firewall running on that workstation, try temporarily disabling the Windows Firewall service from services.msc

markbrooks9599 · 2013-03-18T13:44:24.000Z

Yes, the pc can access the remote PC’s via RDP.

I’ve fully disabled the firewall now and Sophos AV. No other firewall installed apart from Windows

Thanks for your help with this btw

adamsharif · 2013-03-18T13:54:02.000Z

No problem Hmm, it is very odd… Try this command via Command Prompt and post the results if you’re happy to do so:

netstat -an |find /i "listening"

markbrooks9599 · 2013-03-18T14:03:42.000Z

C:\Users\mab>netstat -an | find /i “listening”
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3050 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49166 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49167 0.0.0.0:0 LISTENING
TCP 192.168.10.159:139 0.0.0.0:0 LISTENING
TCP [::]:135 [::]:0 LISTENING
TCP [::]:445 [::]:0 LISTENING
TCP [::]:3389 [::]:0 LISTENING
TCP [::]:49152 [::]:0 LISTENING
TCP [::]:49153 [::]:0 LISTENING
TCP [::]:49154 [::]:0 LISTENING
TCP [::]:49155 [::]:0 LISTENING
TCP [::]:49166 [::]:0 LISTENING
TCP [::]:49167 [::]:0 LISTENING

C:\Users\mab>

adamsharif · 2013-03-18T14:18:56.000Z

Ok, that all looks good - can you telnet to port 135 on that machine remotely and see if you can connect?

markbrooks9599 · 2013-03-18T14:33:46.000Z

no, it fails in in the same way as 3389

adamsharif · 2013-03-18T15:01:29.000Z

Strange! One thing, is the new PC on the same subnet as the rest of the machines which are remotely accessed in a similar way?

I’m thinking that there must be a firewall rule on one of your devices between the two sites which is blocking traffic in either direction for this machine

The good thing is that it doesn’t seem to be an issue with the workstation itself, which narrows things down a little!

chuckbayless7482 · 2013-03-18T15:48:39.000Z

Try this

I did as follows on the Windows 7 machine;
Control Panel
Security & Systems
Windows Firewall
Advanced Settings (on the left bar).
Select Inbound Rules
Select Action, New Rule
Select the Predefined radio button
Select Remote Desktop
Select the Tick-box to Ticked
Select the Allow the Connection radio button
Finish

markbrooks9599 · 2013-04-11T09:12:39.000Z

The firewall is completely disabled.

We’re moving over to the mpls in the coming weeks, which should negate this problem.

Thanks for your time with this Adam, much appreciated

garyadkins4385 · 2013-04-11T13:52:07.000Z

Hey MB, like Adam said is the computer on the same subnet as the ones with RDP working. if not it might be a router settings if not a firewall setting. or some strange rule might be setup for that computers IP address. you may want to give this trouble PC the same IP address as a known good PC for testing to see if thats the issue, then you would know firewall/router rule or PC setting. but i think Adam is right it doesnt sound like something on the PC.