Click here to get back home

Can't access W2003R2 Servers with RDP via VPN
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Can't access W2003R2 Servers with RDP via VPN Bob Stolzman 06-15-2006
Posted by Bob Stolzman on June 15, 2006, 2:07 pm
Please log in for more thread options
 I am running several servers on Win2003 Server, R2 SP1 and can access
them with RDP when I am on the network, but am unable to do this when I
VPN into the network using a Cisco PIX VPN. I can access all the other
computers and servers on the network in this fashion, including other
servers running Win2003 Server SP1, but none of the servers running R2.
The internal addresses of the network are 192.168.42.x and when I VPN
in, I am assigned an IP address of 10.0.0.x. The servers return a ping
when I am on the network, but not when I VPN in.

One server is running Exchange 2003, one is running NAT, and the third
SMTP. I have been through the security config wizard on the Exchange
Server with a fine tooth comb, and have turned off the Windows
firewall, but to no avail. The other two servers are not running a
Firewall.

Any help would be greatly appreciated.

Bob


Posted by Pegasus \(MVP\) on June 15, 2006, 6:10 pm
Please log in for more thread options
> I am running several servers on Win2003 Server, R2 SP1 and can access
> them with RDP when I am on the network, but am unable to do this when I
> VPN into the network using a Cisco PIX VPN. I can access all the other
> computers and servers on the network in this fashion, including other
> servers running Win2003 Server SP1, but none of the servers running R2.
> The internal addresses of the network are 192.168.42.x and when I VPN
> in, I am assigned an IP address of 10.0.0.x. The servers return a ping
> when I am on the network, but not when I VPN in.
>
> One server is running Exchange 2003, one is running NAT, and the third
> SMTP. I have been through the security config wizard on the Exchange
> Server with a fine tooth comb, and have turned off the Windows
> firewall, but to no avail. The other two servers are not running a
> Firewall.
>
> Any help would be greatly appreciated.
>
> Bob
>

I have never used the Cisco VPN client but I cannot see how
you can set up a Remote Desktop session to a machine in the
192.168.42 subnet when your own subnet is 10.0.0. I suggest
you try to resolve this addressing issue before attempting to
launch a Remote Desktop session.

You don't really need a VPN for an RDP session. You could
just as well set a specific RDP port number on each internal
PC, then create an appropriate set of tunnels on your firewall
in order to assign to each port number a fixed internal IP
address.



Posted by Bob.Stolzman on June 15, 2006, 7:23 pm
Please log in for more thread options

Pegasus (MVP) wrote:
> > I am running several servers on Win2003 Server, R2 SP1 and can access
> > them with RDP when I am on the network, but am unable to do this when I
> > VPN into the network using a Cisco PIX VPN. I can access all the other
> > computers and servers on the network in this fashion, including other
> > servers running Win2003 Server SP1, but none of the servers running R2.
> > The internal addresses of the network are 192.168.42.x and when I VPN
> > in, I am assigned an IP address of 10.0.0.x. The servers return a ping
> > when I am on the network, but not when I VPN in.
> >
> > One server is running Exchange 2003, one is running NAT, and the third
> > SMTP. I have been through the security config wizard on the Exchange
> > Server with a fine tooth comb, and have turned off the Windows
> > firewall, but to no avail. The other two servers are not running a
> > Firewall.
> >
> > Any help would be greatly appreciated.
> >
> > Bob
> >
>
> I have never used the Cisco VPN client but I cannot see how
> you can set up a Remote Desktop session to a machine in the
> 192.168.42 subnet when your own subnet is 10.0.0. I suggest
> you try to resolve this addressing issue before attempting to
> launch a Remote Desktop session.
>
> You don't really need a VPN for an RDP session. You could
> just as well set a specific RDP port number on each internal
> PC, then create an appropriate set of tunnels on your firewall
> in order to assign to each port number a fixed internal IP
> address.

The subnet issue is handled in the router behind the PIX. I connect to
other computers using VNC and RDP all the time, even to other Win2003
Servers, just not R2. It seems to be an issue with R2.


Posted by Roger Abell [MVP] on June 15, 2006, 7:18 pm
Please log in for more thread options
All you have said seems reasonable, as is.
What do you get when attempting RDP connect within the VPN ?
Any response at all (ex. prompting by failed login, no screen at all, etc.)?
Within the VPN session can you connect in any way at all with those R2s ?
(ex. map a share? remote mgmt with an mmc tool?)
AFAIK there is no particularly different port reqs for R2, but the ports
being used could have been redefined (I guess you would know that as
you RDP with them outside of VPN use).
PS. R2 is currently at gold release level, not SP1

>I am running several servers on Win2003 Server, R2 SP1 and can access
> them with RDP when I am on the network, but am unable to do this when I
> VPN into the network using a Cisco PIX VPN. I can access all the other
> computers and servers on the network in this fashion, including other
> servers running Win2003 Server SP1, but none of the servers running R2.
> The internal addresses of the network are 192.168.42.x and when I VPN
> in, I am assigned an IP address of 10.0.0.x. The servers return a ping
> when I am on the network, but not when I VPN in.
>
> One server is running Exchange 2003, one is running NAT, and the third
> SMTP. I have been through the security config wizard on the Exchange
> Server with a fine tooth comb, and have turned off the Windows
> firewall, but to no avail. The other two servers are not running a
> Firewall.
>
> Any help would be greatly appreciated.
>
> Bob
>



Posted by Bob Stolzman on June 15, 2006, 9:09 pm
Please log in for more thread options

Roger Abell [MVP] wrote:
> All you have said seems reasonable, as is.
> What do you get when attempting RDP connect within the VPN ?
> Any response at all (ex. prompting by failed login, no screen at all, etc.)?
> Within the VPN session can you connect in any way at all with those R2s ?
> (ex. map a share? remote mgmt with an mmc tool?)
> AFAIK there is no particularly different port reqs for R2, but the ports
> being used could have been redefined (I guess you would know that as
> you RDP with them outside of VPN use).
> PS. R2 is currently at gold release level, not SP1
>
> >I am running several servers on Win2003 Server, R2 SP1 and can access
> > them with RDP when I am on the network, but am unable to do this when I
> > VPN into the network using a Cisco PIX VPN. I can access all the other
> > computers and servers on the network in this fashion, including other
> > servers running Win2003 Server SP1, but none of the servers running R2.
> > The internal addresses of the network are 192.168.42.x and when I VPN
> > in, I am assigned an IP address of 10.0.0.x. The servers return a ping
> > when I am on the network, but not when I VPN in.
> >
> > One server is running Exchange 2003, one is running NAT, and the third
> > SMTP. I have been through the security config wizard on the Exchange
> > Server with a fine tooth comb, and have turned off the Windows
> > firewall, but to no avail. The other two servers are not running a
> > Firewall.
> >
> > Any help would be greatly appreciated.
> >
> > Bob
> >
When I attempt to connect with RDP via VPN I get the following message:

"The client could not connect to the remote computer. Remote
connections might not be enabled or the computer might be too busy to
accept new connections. It is also possible that network problems are
preventing your connection. Please try connecting again later. If the
problem continues to occur, contact your administrator."

I cannot map a share, and when I attempt \servername in Windows
Explorer, I get no response. When I attempt to manage the server via
MMC, it resolves the server name, but it will not connect. These
features all work on all our other computers and servers, including
servers running Win2003, not R2. I have not modified the ports. As I
said, they all work when I am on the LAN.

Also, how can I upgrade from R2 to Gold Release? Thanks.
Bob


Similar ThreadsPosted
Access Denied after changing Servers September 25, 2006, 8:03 pm
How to give “View” access to all my servers in my domain? October 3, 2005, 5:11 am
Local Logon Access to Production Servers September 13, 2007, 12:04 pm
Single Server access to stand alone servers within domain June 26, 2008, 6:49 pm
There are currently no logon servers available to service the logon request - how to fix this error? i get it when trying to access a share one hop away. April 12, 2007, 6:03 pm
Servers in two Vlans October 26, 2005, 8:00 am
using web enrollment for servers etc. February 11, 2008, 2:44 pm
Affordable Antivirus for servers? August 23, 2005, 10:11 am
deleting cached servers/IPs from RDP? April 12, 2006, 11:01 am
Antispyware Software - Necessary on Servers? May 23, 2006, 10:19 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap