Announcement

Collapse
No announcement yet.

Cannot use RDP over VPN

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cannot use RDP over VPN

    Hi

    I am having a problem creating a remote desktop connection to our servers over VPN. This has worked for many years. I posted the following on Microsoft's server forum:


    When Windows updates are available for our work servers, I use my Windows 10 Pro home computer (from home) to establish a VPN connection and then use Remote Desktop to log on to the servers, install the updates and restart the servers. After they have restarted I log on again to make sure everything is OK. I use Remote Desktop Connection Manager V2.2 (RDCM) to do this - this allows me to establish a connection to all 4 servers at the same time. I have been doing this for several years using various methods with XP, Vista, Win7 and Win8.1

    I tried this a week last Thursday and although I could establish a VPN connection to my employers network, I was unable to establish a remote desktop connection. For example, I tried to connect to a server and the RDCM tries to connect but after between 5 and 10 seconds a message is displayed:

    Disconnected from server-name (Unable to establish a connection)

    I tried using Windows' built-in Remote Desktop Connection (Desktop App), but it displays an error message saying

    Remote Desktop can't connect to the remote computer for one of these reasons:...

    I have tried connecting using the server name (which is how I normally connect) and via IP address.

    Our work network has Remote Access installed on a member server. Staff can connect remotely only if they are members of a global security group named VPN and NPS has a policy defined that explicitly allows for this (the default NPS policies are disabled). The work network comprises 4 servers and 35 clients and uses a 192.168.0.xxx addressing range. It comprises a single Active Directory domain on a single 255.255.255.0 subnet. There are two domain controllers: 2012 R2 and 2008. Remote access connections to the network are routed via the gateway (a Draytek 2830) router using NAT.

    I have an LMHOSTS file on my home PC that identifies the domain and which maps the name/address of our data server. When connected via VPN I am no longer able to connect to the data server using either its name or IP address via Windows Explorer (nothing happens when I try this, I don't even see an error message).

    I use Emsisoft Internet Security and have disabled the firewall (and all the components as well), but my PC is still unable to establish a Remote Desktop connection.

    I have tried resetting TCP using my admin account but saw the following:

    Microsoft Windows [Version 10.0.10586]
    (c) 2015 Microsoft Corporation. All rights reserved.

    C:\Users\Blood>netsh int ip reset c:\resetlog.txt
    Resetting Interface, OK!
    Resetting , failed.
    Access is denied.

    Resetting , OK!
    Restart the computer to complete this action.

    But it did not help.

    After restarting I enabled the Administrator account, logged on using the Administrator account and tried resetting TCP again but saw the same message and after restarting am still unable to establish a Remote Desktop connection. I have also tried restarting the work’s gateway router.

    VPN connections are handled fine and IMAP connections to our data server that hosts our mail server software (Mercury/32) also work fine.

    The only thing that has changed on my work network is that I have moved a wireless router from one part of the building to another.

    I cannot see any error messages in the event logs on my home computer nor on the remote access server at work or the other servers I was trying to connect to.

    A recent poll suggests that 6 out of 7 dwarfs are not happy

  • #2
    Part 2:

    -------------

    A respondent suggested that I try adding the server details to the hosts file, but:
    Editing the hosts file made no difference. I added

    ip address server-name

    rebooted and tested, and also added

    ipaddress server-name.htlincs.local

    rebooted and tested.

    I see the same error message when trying to RDP.


    It was also suggested that I use telnet to test the port:
    After enabling telnet on Win10 I can start telnet but when I type open janus 3389 it reports that it '...Could not open connection to the host, on port 3389: Connect failed'. Same for open janus.htlincs.local 3389 (Janus is a member server hosting the Remote Access role).

    Pinging any of the server IP's from my home PC fails as well

    ----------------------------------------------------------------------------------------

    Here's the ipconfig from my home PC when connected via the HTL VPN:

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : BLOOD-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : htlincs.local
    home

    Wireless LAN adapter Local Area Connection* 2:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
    Physical Address. . . . . . . . . : 1A-94-F6-10-94-C8
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    PPP adapter HTL VPN:

    Connection-specific DNS Suffix . : htlincs.local
    Description . . . . . . . . . . . : HTL VPN
    Physical Address. . . . . . . . . :
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv4 Address. . . . . . . . . . . : 192.168.0.115(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.255
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : 192.168.0.10
    192.168.0.17
    Primary WINS Server . . . . . . . : 192.168.0.16
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Wireless LAN adapter WiFi:

    Connection-specific DNS Suffix . : home
    Description . . . . . . . . . . . : Qualcomm Atheros AR938x Wireless Network Adapter
    Physical Address. . . . . . . . . : E8-94-F6-10-94-C8
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::90e7:833:336c:9340%6(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.74(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : 24 January 2016 09:09:47
    Lease Expires . . . . . . . . . . : 27 January 2016 19:04:17
    Default Gateway . . . . . . . . . : 192.168.1.254
    DHCP Server . . . . . . . . . . . : 192.168.1.254
    DHCPv6 IAID . . . . . . . . . . . : 82351350
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-AA-EC-84-78-24-AF-42-E0-88
    DNS Servers . . . . . . . . . . . : 192.168.1.254
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.htlincs.local:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : htlincs.local
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:4df:1cf4:3f57:feb5(Preferred)
    Link-local IPv6 Address . . . . . : fe80::4df:1cf4:3f57:feb5%16(Preferred)
    Default Gateway . . . . . . . . . : ::
    DHCPv6 IAID . . . . . . . . . . . : 671088640
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-AA-EC-84-78-24-AF-42-E0-88
    NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter isatap.home:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : home
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    ----------------------------------------------------------------------------------------

    Here's an IPconfig from one of the domain controllers:

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Phobos
    Primary Dns Suffix . . . . . . . : htlincs.local
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : Yes
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : htlincs.local

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client)
    Physical Address. . . . . . . . . : A4-BA-DB-40-2F-79
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::7d4d:4fc3:e724:4ffa%10(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.0.10(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.0.95
    DNS Servers . . . . . . . . . . . : 127.0.0.1
    192.168.0.17
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 12:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : isatap.{B5C37581-11FA-4C75-873D-7050746C634E}
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes




    The configuration seems fine to me


    Does anyone have suggestions I might try to fix this, please?

    Thanks.
    A recent poll suggests that 6 out of 7 dwarfs are not happy

    Comment


    • #3
      This turned out to be a bug. I should have followed Ossian's advice about security software. Disabling it was not enough - when I uninstalled it, everything worked fine. Emsisoft's support staff had me collect some diagnostic info and then asked me to test a beta version. They sorted it out very quickly and released a new version with the bug fixed. Have been using RDP over VPN quite happily for several weeks now.
      A recent poll suggests that 6 out of 7 dwarfs are not happy

      Comment


      • #4
        Excellent work.
        Thanks for posting back with your fix.

        Comment


        • #5
          Big thanks! Before reading this post, I was turned to using mstsn utility, which has some limited capacities over properly configured VPN and cannot support all remote desktop functions effectively in such cases. Now, I can work without problems!

          Comment

          Working...
          X