1

rdc_error_01.png

I have an employee who works remotely from home. She connects through our sonicwall tz210 firewall via the global vpn client and then remotes into our terminal server using the remote desktop connection application.

Recently,she bought a new desktop computer running Windows 8.1, and after setting her up, she is able to successfully connect through our vpn, but cannot connect to our terminal server via the remote desktop app. I’ve gotten two errors trying to connect:

“An internal error has occurred” and the generic “Remote Desktop can’t connect to the remote computer for one of these reasons: 1) Remote access to the server is not enabled 2)The remote computer is turned off 3) The remote computer is not available on the network”

When I log into our firewall’s configuration dashboard I can see her user successfully logged in. Her husband also works remotely from home and has the same desktop as her, but is running Windows 7, and has his computer connected like hers through their ethernet. He is able to connect and remote into the terminal server with no issues.

I’ve tried the following so far with no luck:

  • Setting an “allow” in the firewall for remote desktop connection.
  • Disabling the firewall entirely.
  • Setting their network connection as a “Home” connection.

Has anyone had this issue before? Any other troubleshooting measures I can try?

12 Spice ups
2

Can she connect to it via IP address?

5 Spice ups
3

When on the VPN can she ping the server?

If IP works, as Merryworks suggested, try FQDN instead of just server name.

3 Spice ups
4

Sounds like a DNS issue, especially if its a new computer. Try connecting via IP address instead.

Chris

1 Spice up
(s-wall) 5

I’ve experienced issues trying to connect with the pc name so I always just have employees connect by IP address, still will not let her connect.

6

Yup, yet another echo of “try the FQDN” (e.g. pcname.domain.com; pcname.domain.local; etc.)

And just for the heck of it, try pinging other resources just to make sure VPN access was successful.

3 Spice ups
7

Was just going to ask if you can ping the device, BirdLaw beat me to it.

2 Spice ups
8

It’s definetly DNS, the home pc has no way to know what is behind say: MYPCNAME, you need the IP adress for sure, not only that, you need to make sure that the remote PC never changes IP adress OR, you can always tell your user to add a third DNS from your workplace. That should take care of it

1 Spice up
9

Okay, I think it would be good to paint a quick picture of what’s happening.

  1. Everyone is connecting to the Terminal Server via IP Address (i.e. there is no DNS problem) through a VPN connection through the FireWall

  2. User gets a new Windows 8.1 PC, enters IP address, and is no longer able to connect as she was before. At this point, according to what was said earlier, the VPN connection works or at least the Firewall specifies that she is connecting.

  3. We have no idea if she is able to ping any resources (i.e. the VPN connection could be having an issue)

My suggestions would be

  1. try pinging devices on the network after establishing VPN connection, including the terminal server (this will tell us if the VPN connection is working properly)

  2. ensure she is using the correct IP address (check and double-check; this will mitigate user-error)

Christian is correct in saying there is a DNS error here. You could easily use the FQDN with some DNS tweaks on your firewall…well…you should be able to. If I had to guess, I’d say this is probably user-error.

2 Spice ups
10

I did not even think to try pinging the server, I will try this to at least rule out the VPN connection itself. I always try to start with ruling out user-error, since those are quite frequent around here, haha. But she was definitely using the correct IP.

What other steps would you take if I were able to successfully ping devices on the network? Since other users are able to connect remotely just fine, I’m weary of changing any configurations on the firewall as far as DNS goes, I also have limited experience when it comes to that.

11

I would check to see what security software may be installed. Some AV software has firewalls as part of the package. Might try disabling all of that and try.

3 Spice ups
12

That would lead me to think that there’s some kind of misconfiguration on her computer. Maybe her local firewall is blocking RDP traffic because her husband, who I assume lives with her, works at the same company, and uses the same internet connection, has no issue whatsoever on a different computer (if I’m understanding you correctly).

If we ping successfully, I would try disabling the Windows Firewall (or any other software firewall she may have) temporarily and try again.

1 Spice up
13

Yeah, her husband and her use the same internet connection, and supposedly have the same exact Asus desktop. They both are using Ethernet, I asked for the heck of it, that they try switching the ports they are plugged into. I might also try having her unplug her desktop from ethernet and then reboot the firewall; I’ve been told that firewalls will sometimes store/keep mac addresses from previous PCs and that it can cause conflicts. I think this problem is ultimately with her computer though.

I did try disabling the firewall completely after setting an “allow” for the RDP app, still no luck there. Being that disabling the firewall entirely didn’t work, would it even be worth the time to try to tweak settings in the firewall?

I also forgot to mention that I uninstalled McAfee (came pre-installed on her computer) before even installing the vpn client, but I did not check to see if there could be some other AV like software preventing RDP. It’s an ASUS desktop, maybe they have some software preventing rdp?

14

Hmm…is the terminal server up-to-date? Is anyone else connecting to the TS with Windows 8.1? Out of curiosity, have you successfully set up people with VPN before or is this the first time you’re trying?

On the TS, right-click Computer, go to properties. On the left, click “Remote Settings”. Towards the bottom of the new screen, there’s an option for determining what versions of RDP are allowed to connect. If it’s not already, try selecting “Allow connections from computers running any version of Remote Desktop (less secure)” and click “apply” or “OK”.

1 Spice up
15

If they were able to connect at one point, I would check DNS by either using the direct IP or use the FQDN to start.

16

I have successfully set up plenty of people before this, and we have a few devices that run windows 8 without any RDP issues. I’ve had RDP issues before but it’s always either been a setup with the ethernet or wireless itself when blocking connection, since her husband is able to RDP on their ethernet connection it rules out the usual issues I’ve come across.

I’m working on her pc right now and was able to connect through the VPN and ping the TS. The TS is definitely up to date, and just to be sure I did check and it is already set to “Allow connections from computers running any version of Remote Desktop”. Checking her installed programs I don’t see any software that would block RDP connections.

I am definitely stumped on this one, haha. Appreciate all the feedback!

17

What about a different Windows profile?

1 Spice up
18

I agree, I think we’ve pretty much ruled out most of the typical issues.

VPN works

DNS is a non-factor

RDP settings seem to be correct (she used to connect via a different computer)

We’ve tried disabling Windows/other firewall.

Server is up-to-date, I assume the client computer is up-to-date

Definitely try another profile. Perhaps try to RDP to a different machine (other than the TS) to see if you continue to have issues. It would at least rule out or confirm the possibility that there’s a PC to TS issue.

Do you think she could have had it long enough to get some malware on that computer?

1 Spice up
19

It may have been mentioned, but when I see this issue, it is because that user isn’t a member of “Remote Dekstop Users” in Local Users and Groups (lusrmgr).

1 Spice up
20

I had considered that too but this user did use to connect, I assume with the same user account, from a different home computer. Besides, it’s not just denying login, it’s stating that it can’t find the TS at all.

Try [ipaddress].domain.com and see if anything different happens. I seem to remember that being suggested on other threads or articles but I’m not entirely sure that’s going to make a difference if you were able to ping it properly. This is kind of stretching my knowledge because I’m not actually sure if it’s ever appropriate to use an “FQDN” in that fashion.

Also, I’ve seen options when setting up VPN connections (I can’t find it right now) that allow you to specify that all traffic should go through the VPN connection. You might want to look into that because if for some reason all the RDP traffic is deciding to route itself locally, you wouldn’t be able to find the server…I’m kind of reaching on these last 2 suggestions but since we haven’t considered them yet, it would be good to look into it.

1 Spice up