RDP Issues with server2003

So i am having a issue remoting into my server with my external ip. This is a DC as well which is connected to a cisco router and switch. So I can remote fine to the server using its static ip of 192.168.1.119. So i tried to look at the firewall under the server and got the following message "Windows FIrewall cannot run because another program or service is running that might use the network address translation component(Ipnat.sys).

Then i looked at Routing and remote access and looked under ports. Hit configure and noticed that the remote access box is unchecked but no capabilities.

This is what was listed in it as well.
WAN Miniport (PPOE) Routing PPPoE
WAN Miniport (PPTP) RAS/Routing PPTP
WAN Miniport (L2TP) RAS/Routing L2TP
Direct Parallel Routing

My cisco router has the following line as well.
ip nat inside source static tcp 192.168.1.119 3389 interface Ethernet1/0 3389

Not sure why i am stumped on this. Usually just opening a port and allowing the os to accept rdp connections.

Any help here is appreciated.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

dynamik

RDP isn't considered remote access; that's for VPN and dial-up connections.

My guess is that the problem exists on the firewall/router since you can RDP to the server locally (unless you configured packet filtering that only allowed local traffic).

Honestly, you'd be better off configuring a VPN on your firewall/router and RDPing to the server via that connection.

ULWiz

Yeah i am not sure what the deal is. Here is the routers sh run.

Current configuration : 1797 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname moborouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$R6mJ$301VO0cgez2pPWlFMkefa1
enable password
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
!
!
!
!
interface Ethernet0/0
description interface connected to switch
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.1.119
ip nat inside
no ip mroute-cache
full-duplex
!
interface BRI0/0
no ip address
encapsulation hdlc
shutdown
!
interface Ethernet1/0
description Comcast Cable
ip address dhcp
ip access-group 101 in
ip nat outside
no ip mroute-cache
half-duplex
no cdp enable
!
ip nat pool ovrld x.x.x.x x.x.x.x netmask 255.255.255.128
ip nat inside source list 1 pool ovrld overload
ip nat inside source static tcp 192.168.1.119 3389 interface Ethernet1/0 3389
no ip http server
ip classless
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 101 deny icmp any any echo
access-list 101 deny tcp any any eq telnet log
access-list 101 permit ip any any
!
line con 0
line aux 0
line vty 0 4
password
login
!
!
end

ULWiz

So i just opened up one of the Client machines and added the ip to the router and tried to remote from my phone over 3g. Connection was established instantly. So my issue must be somewhere on the server itself.

ULWiz

Anyone have any ideas. If my router accepts the connection for the client with the external ip then it must be something on the server itself. I took of the client ip address off the router again so the only thing the router is accepting on port 3389 shoots it directly to the .1.119. which is the server. And since i can remote to it internally there must be something else.

dynamik

What do you mean you opened up a client? You gave it a public IP address?

ULWiz

What i was trying to say is that i turned rdp on one of my machines upstairs and gave it a static address that ended in .101 Allowed it on the cisco router with "ip nat inside source static tcp 192.168.1.101 3389 interface Ethernet1/0 3389".

Attempted the same rdp entry in my iphone to my external ip and i connected to my vista machine instantly. Therefore i was pointing to the server as the issue. I can remote to its internal ip which is .119. That same entry was previously in the router for .119 and did not allow me to remotely connect.

Hope this makes sense now

ULWiz

Ahh the joy.

Well apparently i screwed something up on the server. Now i cant internally remote to it either. Not sure exactly what i changed but i am getting this error now when i remote internally "Because of a protocol error, this session will be disconnected. Please try connecting to the remote computer again."

At least i can still login downstairs. Anyone have any idea on either. I Assumed uninstalling Terminal Services from the server and reloading would have fixed that issue but i was wrong.

Any help is appreciated

dynamik

Weird. Have you checked the event logs for more information?

hypnotoad

I got the same error and it was something corrupt in the registry...causing it not to be able to negotiate security. I dont recall how we fixed it but as I recall it was pretty severe.

ULWiz

I did read something along the lines of this. Something about the TSLicense being removed from the registry.

Is this what you are talking about?

hypnotoad

I wish I could tell you for certain, but im not sure. If it makes any difference, the error happened on XP machines for us (RDPing to XP that is). Ill do a little digging.

ULWiz

Wiped The server itself promoted it again to a AD server. DHCP and Terminal Services where added.

I can again remote into the server internally but still no luck with the external ip.

ULWiz

Got it working with the external ip finally.

dynamik

What was the issue? Don't leave us hanging

ULWiz

Ahhh sorry. Well i decided to just change the rdp port in the registry in the server from 3389 to something else. Opened that port up on the cisco router and it worked. So i still dont know exactly why it did not work but found a acceptable workaround.

Dynamik take a look at my other off topic issue. Its a VPN issue.