Questions

RDP into 2 servers not working

+
0 Votes
Locked

RDP into 2 servers not working

tcheche
We have 2 servers. Server A is Windows 2003. Externally are able to connect using 2 different domain names at port 3389. Server number 2 we want to connect using port 3390.

Sever 2 currently has Windows firewall turned off. So there is no reason that port 3390 should be blocked. But I cannot telnet in.

I have used Sonicwall's "Access Rules" to create a new "RDP2" Rule which should send port 3390 to the second server.

It seems that since I cannot telnet into 3390 that the port is blocked on the server. But with windows firewall being turned off, that doesn't make any sense.

Any help would be greatly appreciated.
  • +
    0 Votes
    TobiF

    Have you either made sure that external connections to 3390 are forwarded to 3389 on server2,
    OR
    changed the listening service to port 3390 (would typically involve hacking the register)

    +
    0 Votes

    Yes

    tcheche

    I did make the registry change to look at port 3390. Didn't work.

    +
    0 Votes

    RDP

    christianshiflet

    Just to make sure, on your SonicWall you first created a new Service that is using the TCP protocol on port 3390 and then created a new Access Rule that allows WAN to LAN access to the above created Service.

    Also, on the server from the System Properties console (either from Control Panel, or right-click on My Computer, select Properties) did you verify on the Remote tab that Remote Desktop is enabled? The firewall alone does not enable terminal services connections for the machine.

    Lastly, is the server running in remote administration mode or application server mode?

    +
    0 Votes

    rdp

    tcheche

    I did set up a new access rule for port 3390.

    Remote desktop is enabled. In fact, I. Am able to get a remote. Desktop session locally, using a local ip address. But even locally, when I try to connect by fully qualified domain name port 3390, I am unable to connect.

    Finally, I am using my phone to reply, so I am unable to check right this second. But I am pretty sure that it is configured as remote administration mode.

    +
    0 Votes
    IC-IT

    subnet is wrong. We have a B network divided into many vlans that would be a class C.

    My boss setup a new server and thought that the subnet should be masked at a 255.255.0.0

    But with the routing it actually needed to be 255.255.255.0
    We could only ping/connect with the IP address, the name would not resolve.

    +
    0 Votes
    tcheche

    Nope. Recieves its subnet and ip from dhcp. Subnet is correct.

    But thank you.

    +
    0 Votes
    Mehul Bhai

    Use Static IP for the Servern (one IP from the reserved IPs from your DHCP, if you have reserved for not allocating by DHCP) and route accordingly on Firewall.
    This should be the normal case.
    Try and let us know.

    +
    0 Votes
    tcheche

    I'm sorry, I misspoke. I am using a static IP on the server. I did recheck and the subnet is correct.

    +
    0 Votes
    tcheche

    Still looking for some help on this one, Please.

    +
    0 Votes
    TobiF

    In order to understand whether the problem is within server 2 or somewhere in the transport:

    Temporarily place a client machine in the same subnet as server 2 and try to connect from there.

    Success -- Problem is somewhere in routers, port forwarding etc.

    Failure -- Then we need to go deeper into the servers own firewall, that the daemon service is running etc.

    +
    0 Votes
    TobiF

    In XP and Vista I noted that it's important that the external port number is the same number as the port number on the server.
    So, if external TCP-port 3389 is used for server 1, then you need to

    1. Move the listening port on server 2, say, to 3390.
    2. Make sure that TCP-3390 is open in the firewall
    3. Set up forwarding from external TCP-3390 to server 2 and same port number on the NAT router.

  • +
    0 Votes
    TobiF

    Have you either made sure that external connections to 3390 are forwarded to 3389 on server2,
    OR
    changed the listening service to port 3390 (would typically involve hacking the register)

    +
    0 Votes

    Yes

    tcheche

    I did make the registry change to look at port 3390. Didn't work.

    +
    0 Votes

    RDP

    christianshiflet

    Just to make sure, on your SonicWall you first created a new Service that is using the TCP protocol on port 3390 and then created a new Access Rule that allows WAN to LAN access to the above created Service.

    Also, on the server from the System Properties console (either from Control Panel, or right-click on My Computer, select Properties) did you verify on the Remote tab that Remote Desktop is enabled? The firewall alone does not enable terminal services connections for the machine.

    Lastly, is the server running in remote administration mode or application server mode?

    +
    0 Votes

    rdp

    tcheche

    I did set up a new access rule for port 3390.

    Remote desktop is enabled. In fact, I. Am able to get a remote. Desktop session locally, using a local ip address. But even locally, when I try to connect by fully qualified domain name port 3390, I am unable to connect.

    Finally, I am using my phone to reply, so I am unable to check right this second. But I am pretty sure that it is configured as remote administration mode.

    +
    0 Votes
    IC-IT

    subnet is wrong. We have a B network divided into many vlans that would be a class C.

    My boss setup a new server and thought that the subnet should be masked at a 255.255.0.0

    But with the routing it actually needed to be 255.255.255.0
    We could only ping/connect with the IP address, the name would not resolve.

    +
    0 Votes
    tcheche

    Nope. Recieves its subnet and ip from dhcp. Subnet is correct.

    But thank you.

    +
    0 Votes
    Mehul Bhai

    Use Static IP for the Servern (one IP from the reserved IPs from your DHCP, if you have reserved for not allocating by DHCP) and route accordingly on Firewall.
    This should be the normal case.
    Try and let us know.

    +
    0 Votes
    tcheche

    I'm sorry, I misspoke. I am using a static IP on the server. I did recheck and the subnet is correct.

    +
    0 Votes
    tcheche

    Still looking for some help on this one, Please.

    +
    0 Votes
    TobiF

    In order to understand whether the problem is within server 2 or somewhere in the transport:

    Temporarily place a client machine in the same subnet as server 2 and try to connect from there.

    Success -- Problem is somewhere in routers, port forwarding etc.

    Failure -- Then we need to go deeper into the servers own firewall, that the daemon service is running etc.

    +
    0 Votes
    TobiF

    In XP and Vista I noted that it's important that the external port number is the same number as the port number on the server.
    So, if external TCP-port 3389 is used for server 1, then you need to

    1. Move the listening port on server 2, say, to 3390.
    2. Make sure that TCP-3390 is open in the firewall
    3. Set up forwarding from external TCP-3390 to server 2 and same port number on the NAT router.