Hello, I work for a school system and I’m trying to setup a Windows 7 Pro x64 bit machine for some central office staff to be able to remote into this particular computer because the office and the schools are not on same network. I have a couple of server 2012s already on my firewall that I can rdp with, but for some reason I can’t with this desktop. The strange thing is that if I am logged into the machine locally with my login (or remotely via a computer on the same network) , then try to remote in from remote off network location, I can get in then. So I know that my firewall settings are fine. I have windows firewall disabled through default domain GPO. Something on the desktop is preventing me from remotely accessing it though and I seem to be missing something. Anybody have any ideas? Let me know if you need anymore info
4 Spice ups
I’m confused. You have a Windows 7 machine on network 1. You want to RDP into it from network 2?
How are you trying to get to it - is there a VPN?
2 Spice ups
bnoga
(Brian_Noga)
3
You can Remote Desktop in but not the user? Is the user in the Remote Desktop users group on the machine?
1 Spice up
bnoga
(Brian_Noga)
4
Good point! OP, can you give more info, like the steps taken?
1 Spice up
I have multiple external ip address from my ISP, I’ve got a /24 and /23 bit subnets for my external ip addresses. The Windows 7 machine is on the same network as the servers that I can currently rdp with. I am using an Iboss enterprise firewall series. I am getting to the servers via remote desktop in windows and trying to and should be able to do the same on the windows 7 machine.
You can’t RDP into more than one machine via the same external IP unless you’ve changed the port so your firewall knows where to send the connection.
Also, allowing RDP to directly connect from the Internet is a bad idea. It’s very insecure.
2 Spice ups
Silly question, but is that machine set to allow remote connections?
The windows 7 machine is located on network 1. I am trying to remote desktop into the windows 7 machine from network 2, but unable to. If, however, I am on network 1 and remote into or physically go to that particular computer and login as myself, which is as a system admin for the domain, then go to network 2, I can then login as well as others that I have added as users to be able to remote into this machine. The problem is, is that this will only last for so long and usually by the next day when someone tries to remote into the machine it will not allow them to do so. My servers that I can remote desktop with are also on network 1 and I have no issues setting up a brand new instance in my firewall and remoting in from network 2, just on the windows 7 desktop. Is there something that I am missing going from doing it on a server vs a desktop?
Larry, I’ve got around 700 ip address to chose from, I know that I can’t use the same ip address for the same port. I’m using different ip addresses for the different rdps
Any chance the issue is with the particular IP you are using?
Also, just to be clear, these are externally accessible IPs? And you have them open to port 3389 for RDP?
1 Spice up
Capnsplody, I can remote into it if I’m on the same LAN, so yes it is set to allow remote access.
1 Spice up
capnsplody
(Capnsplody)
13
Ok, upon further reading, I’m fairly certain that you’re being haunted by a poltergeist, because I can’t see a reason that should happen. I’ll keep my thinking cap on though and see if anything else occurs to me, but man is that weird.
1 Spice up
davidr4
(davidr4)
14
Is it going to sleep or have a setting to put the nic to sleep when not logged into?
2 Spice ups
Yes Larry, these are externally accessible IPs that are set to port 3389. I have tried to use different ip addresses. I’ve setup one of the servers just as a test and then went back and used that address for the windows 7 machine and no go.
1 Spice up
Ok, well that leaves out the IP then. How about software on the Windows 7 machine? Any chance there’s an AV program or local firewall that’s doing something weird.
I know I said it before, but I just want to say one more time that having RDP open to the outside world is a huge security risk. There are much safer ways to do this.
1 Spice up
David, the computer is set to high performance in the power plan, never turn off display and never go to sleep. I’m looking in the nic properties, but not seeing anything about nic being asleep when not being logged into. I also think that if that were the case that I wouldn’t be able to log into it locally.
1 Spice up
davidr4
(davidr4)
18
I found this on the google machine
Here’s what I did:
First, if you do not have the Remote Server Administration Tools installed, you can get them for Windows 7 SP1 from this link: http://www.microsoft.com/en-us/download/details.aspx?id… .
Next, go to Programs and Features and click on “turn Windows Features on or off” (You will need to run the standalone installer downloaded in the previous step first) Browse to Remote Server Administration Tools>>Role Administration Tools>>Remote Desktop Services Tools. Check the box next to the “Remote Desktop Services Tools” entry and then click “OK”
Next, Click start, then Run, type in “MMC” (no quotes) and click OK. Then click File > Add or Remove Snap-ins. Select “Group Policy Object” and click “Add,” “Finish,” and then OK.
Now, browse to Console Root\Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
(Note: the following will undoubtedly be heralded as the worst troubleshooting practice possible since I changed multiple things at a time, but it did work, so if someone wants to point out what helped and what probably didn’t I have no problems with that at all)
Finally, double click on each of the following entries and set them as specified:
Always prompt for password upon connection => Disabled
Require user authentication for remote connections by using Network level authentication => Disabled
You may also modify other settings, such as encryption and specific security layers
Now when you boot the machine, so long as all other settings mentioned further up the page are properly set, you will be able to Remote Desktop into the remote PC without someone logging into it locally first.
davidr4
(davidr4)
19
That looked better when I pasted it
davidr4
(davidr4)
20
But do you really have 3389 open on a bunch of external IP’s? That is a terrible idea. Setup a VPN tunnel between the networks or use an RD Gateway
1 Spice up
