Networks·41,417 discussions

RDP over VPN not working

Locked

So here is the deal, we now have four users that from time to time access our server remotely through the VPN. Two of them almost exclusively access us remotely. Everyone can connect in to the VPN just fine, access their Exchange mailbox, update Trend Micro, access our ACT database, see network shares, & browse the Internet. However, they cannot Remote Desktop into any workstation or the server. In fact they can?t even ping the server nor can the server ping them. Remote Desktop works fine when on the LAN.

I have done searches all over the Internet trying to find someone with the same problem & a solution to go with it. I have found cases with very similar symptoms, but none of their cures work for me. I have looked through TechRepublic, Microsoft, & random articles from Google searches & nothing seems to work. Many people refer to un-checking the ?use default gateway on remote network? option, which has been done. If I do check that option though, no one has network access to ANYTHING. Internet & LAN resources are totally unavailable.

Someone with a similar problem suggested trying to execute the command ?route delete 192.168.100.0? which I did on one of the remote users laptops, but no luck. Someone else mentioned they figured out the VPN wasn?t providing a DNS server for workstations connecting in. When I do an ipconfig /all it does list our server as the DNS server. Here is an ipconfig /all from a workstation:

Windows IP Configuration

Host Name . . . . . . . . . . . . : RemoteSalesDell
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Dell Wireless 1505 Draft 802.11n WLA
N Mini-Card
Physical Address. . . . . . . . . : 00-23-4D-B2-CD-A7
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.2.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
Lease Obtained. . . . . . . . . . : Friday, June 25, 2010 8:25:44 AM
Lease Expires . . . . . . . . . . : Monday, January 18, 2038 11:14:07 PM

PPP adapter FRS:

Connection-specific DNS Suffix . : FRS-SOLUTIONS.COM
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.100.18
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.100.10
192.168.100.10
Primary WINS Server . . . . . . . : 192.168.100.10

Here is an ipconfig /all from the server:

C:\Documents and Settings\administrator.FRS-SOLUTIONS>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : frs-server
Primary Dns Suffix . . . . . . . : frs-solutions.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : frs-solutions.com

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.100.19
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client) #2
Physical Address. . . . . . . . . : 00-13-72-60-55-68
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.100.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DNS Servers . . . . . . . . . . . : 192.168.100.10

I have also tried turning off Trend Micro on both the client & server with no change.

We have been using Teamviewer to allow users to connect in to desktops in the meantime, but the problem with that is that the two exclusively remote users connect into the same machine & while Remote Desktop allows them to both remote in at the same time on two different sessions, Teamviewer does not. Plus I would just like to get this problem solved because I?m unsure what other problems it may cause in the future.

Any help would be greatly appreciated!

Topic

Clarifications

In reply to RDP over VPN not working

Clarifications

What’s providing the VPN?

In reply to RDP over VPN not working

You don’t mention what you’re using to deliver VPN services: Windows? Cisco? D-Link? That information would be handy to have while troubleshooting. In any case, it seems you have a configuration issue; you might want to make sure that port 3389 (standard RDP port) is not blocked or that traffic on that port is being directed to the proper ip range.

Netgear VPN

In reply to What’s providing the VPN?

First off, thanks so much for the reply.

I guess that admittedly I’m not certain what is providing the VPN simply because I’m not a VPN expert. This VPN was established before I even started working here & the “contractor” that set it up has since left town. I can tell you there are VPN settings on our Netgear router but certainly there are settings on our Windows 2003 server as well. Is it possible that the answer is both VPN & Windows?

We have a VPN tunnel set up between 2 Netgear routers that are at two different locations.

I have made sure port 3389 is open on the Netgear router (which also serves as our hardware firewall) & I have tried turning off Trend Micro (which serves as our software firewall) on both the server & one of the client machines & that hasn’t made a difference. Is there anywhere else port 3389 could be getting blocked?

How can I check that the traffic on the port is being directed to the proper ip range?

So it’s not the rdp port

In reply to Netgear VPN

…it appears port 3389 is not blocked. After a closer look at your ipconfig results, however, I noticed that NetBIOS over tcpip is disabled on the RAS connection; does enabling that have any effect? In addition, have you tried connecting the RDP session to the ip address of the server (once the VPN connection is established) rather than by using the server name?

Would the DNS suffix on the client be a problem?

In reply to So it’s not the rdp port

It certainly is in a lot of other situations, where routers or an ISP add their useless DNS suffixes into the mix.

How can I check that?

In reply to Would the DNS suffix on the client be a problem?

Can you tell me how I can confirm if a DNS suffix might be the problem?

Enable NetBIOS on server?

In reply to So it’s not the rdp port

I was able to remote in to one of the user’s machines today & confirmed that NetBIOS is enabled on at least his client side. Is there somewhere on the server I need to enable it as well? We use Windows Server 2003. It does not seem to matter if we use the computer name or IP address for the RDP connection. I did notice today that the user I was connected into can remote into our main server at 192.168.100.10, but can’t connect into any workstations on the network. I believe the other user I’ve been working with can’t even remote desktop into the server, let alone any workstations.

couple of things to consider

In reply to RDP over VPN not working

when the vpn connection is established, that’s all it is, a connection. the remote users then use that connection to access resouces.

however, basic networking rules apply. remote clients have to be on the same subnet as the resources they are trying to access. So something has to provide remote clients with local network addressing, default gateway[router] DNS servers and the lot. If the netgear router does that, then all is great. There should be no reason why remote VPN connection could not use remote desktop to hosts, provided that the remote desktop feature is enabled on the hosts, users are added to the list of users who can remote desktop, and the local machine firewall allows remote desktop through it.

you do not need to forward port 3389 through the router because there is a vpn tunnel created. That tunnel allows all traffic [no firewall] but if the hosts have firewall, then you have to allow it.

note: to find hosts on the remote network, you need either the ip address or computer name. If you don’t have the name or do not have resources that can resolve the name to an address, try the address when you use the Remote Desktop client program.

RE:couple of things to consider

In reply to couple of things to consider

Well the odd thing is that when users are in our office they can remote into the machines they are assigned to just fine, it is when they are outside the office & have to connect via VPN that the Remote Desktop no longer works. I have even tried turning off the software firewall on both the client & server.

It doesn’t seem to matter if I try to connect using the IP address or computer name either.

Thanks for the ideas!

while our setup is a bit different than yours, we have no problem

In reply to RE:couple of things to consider

we use a Windows box for remote VPN connection eg RRAS, and none of our people have trouble with remote desktop once connected to the Windows box.

Now the Windows box uses DHCP relay agent and is directly connected to the internet, but with filtering so only VPN connections are accepted.

So somewhere in your configuration, either on the netgear perimeter router or on clients[remote or local, I would think there’s a config problem.

VPN to server

In reply to while our setup is a bit different than yours, we have no problem

What do you make of the fact some users can RDP in to the server but can’t RDP or even PING any workstations on the LAN?

Trend Micro firewall

In reply to RDP over VPN not working

Ok, so I swear I had tried this before, but I just found out that if I turn off the Trend Micro firewall on the server, as in our main server listed above as 192.168.100.10, I can ping & RDP from a VPN connected station to another workstation on the network. The thing is, on the firewall I have ports 1723,1701 for VPN allowed, 500 for isakmp, & 3389 for Remote Desktop. Any ideas what I’m missing here?

Problem Solved

In reply to RDP over VPN not working

Ok, so I noticed that port 3389 was accidentally put in as a TCP port on the allowed list for the firewall. I changed the firewall to allow UDP on 3389 & everything is fine again.

Thanks everyone for their help.

Fix for this isue

In reply to RDP over VPN not working

1. Foward vpn:port # & RDP:3389

2. Vpn client side uncheck use local gateway.

[Author]

Replies