Issues with RDP
403Forbidden
Member Posts: 88 ■■□□□□□□□□
in Off-Topic
Hello everyone and thank you in advance for your help.
I have a slight issue, one that doesn't seem to be wanting to fix itself readily and need someone else to bounce this off of for some ideas.
I have:
1 Windows Server 2008 R2 server.
1 Windows 7 Ultimate x64 Client.
What I am trying to do:
RDP from Client to Server
What I can't do:
RDP from Client to Server
What I can do:
RDP from Server to Client
RDP from Client to DIFFERENT Server on same network/subnet
Use Logmein to access Server from Client
Use Remote MMC Snap In
Some things I've gone through:
Pinged the server from client (IP and Hostname): Good
Pinged the client from server (IP and Hostname): Good
Checked firewall on Server and Client: RDP 3389(TCP) is open for domain on both.
Can not use telnet to open remote terminal, Telnet server and client are enabled on both Server and Client.
RPC Service is running on the Server
Made sure that the Server had the remote settings set properly to accept connections etc.
I am fairly certain this has to do with the configuration on the Server as other servers on the same network can be connected to just fine using RDP.
This is a learning experience for me and I am looking for things to make me think about how to find the answer rather than just giving me the answer. Please don't just tell me how to fix it but point me in a direction and I'll reply as to what I did and what the result was.
Thanks again,
403
I have a slight issue, one that doesn't seem to be wanting to fix itself readily and need someone else to bounce this off of for some ideas.
I have:
1 Windows Server 2008 R2 server.
1 Windows 7 Ultimate x64 Client.
What I am trying to do:
RDP from Client to Server
What I can't do:
RDP from Client to Server
What I can do:
RDP from Server to Client
RDP from Client to DIFFERENT Server on same network/subnet
Use Logmein to access Server from Client
Use Remote MMC Snap In
Some things I've gone through:
Pinged the server from client (IP and Hostname): Good
Pinged the client from server (IP and Hostname): Good
Checked firewall on Server and Client: RDP 3389(TCP) is open for domain on both.
Can not use telnet to open remote terminal, Telnet server and client are enabled on both Server and Client.
RPC Service is running on the Server
Made sure that the Server had the remote settings set properly to accept connections etc.
I am fairly certain this has to do with the configuration on the Server as other servers on the same network can be connected to just fine using RDP.
This is a learning experience for me and I am looking for things to make me think about how to find the answer rather than just giving me the answer. Please don't just tell me how to fix it but point me in a direction and I'll reply as to what I did and what the result was.
Thanks again,
403
Comments
-
sratakhin Member Posts: 818Make sure port 3389 is open on the server. Telnet _server_name_ 3389.
Also, in addition to opening ports on the firewall you have to enable remote connections. Computer -> Properties -> Remote Settings -> Allow Remote Connections -> Select Users -
403Forbidden Member Posts: 88 ■■□□□□□□□□403Forbidden wrote: »Some things I've gone through:
Pinged the server from client (IP and Hostname): Good
Pinged the client from server (IP and Hostname): Good
Checked firewall on Server and Client: RDP 3389(TCP) is open for domain on both.
Can not use telnet to open remote terminal, Telnet server and client are enabled on both Server and Client.
RPC Service is running on the Server
Made sure that the Server had the remote settings set properly to accept connections etc.
I have already tried to open a remote terminal via telnet using: Telnet_192.168.10.29_3389 and Telnet_ServerName_3389.
I have looked at windows firewall and the ports say they are open on there, however Telnet is not showing any ability to connect on that port.
I have made sure that my specific user account is added to the proper groups as well. -
unfbilly11 Member Posts: 100 ■■□□□□□□□□Are you getting any kind of error when trying to connect? Can you remote to this server from other PCs? Maybe check to see if the time is off on either machine?
-
403Forbidden Member Posts: 88 ■■□□□□□□□□unfbilly11 wrote: »Are you getting any kind of error when trying to connect? Can you remote to this server from other PCs? Maybe check to see if the time is off on either machine?
The generic error of:
Remote access to the server is not enabled (It is, I have checked this in the remote settings under computer properties)
The remote computer is turned off (Is not turned off, I can use Logmein to log into the server just fine.)
The remote computer is not available on the network. (I can ping it and it can ping me as well as the DC and all other computers on the network.)
Since the Server can Remote Desktop to my Client but I can't Remote Desktop to the Server I want to think it is on the Server, especially since nobody else can connect to it. -
sratakhin Member Posts: 818Do you use group policy to manage the servers' firewalls? You can have some restrictions put in place, such as ability to connect from certain addresses only.
-
jmritenour Member Posts: 565If you run netstat -a from a command prompt on the server, is it listening on 3389?"Start by doing what is necessary, then do what is possible; suddenly, you are doing the impossible." - St. Francis of Assisi
-
403Forbidden Member Posts: 88 ■■□□□□□□□□Thanks to everyone for their help!
I over looked it before but noticed that it was listening on 3390 instead of 3389.
So I went into: HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP
The "Port Number" key was set to 3390.
Asked network admin if there was a reason why for this that would break anything if I changed it back and he said no, so I changed it back to 3389 and it worked flawlessly.
Again thanks to everyone for their help, I learned a lot from this!
Cheers,
403 -
phoeneous Member Posts: 2,333 ■■■■■■■□□□403Forbidden wrote: »Thanks to everyone for their help!
I over looked it before but noticed that it was listening on 3390 instead of 3389.
So I went into: HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP
The "Port Number" key was set to 3390.
Asked network admin if there was a reason why for this that would break anything if I changed it back and he said no, so I changed it back to 3389 and it worked flawlessly.
Again thanks to everyone for their help, I learned a lot from this!
Cheers,
403
That's actually what I do on some of my boxes for security reasons. That way the client has to know exactly which port to use and port 3389 isnt scanned maliciously. -
403Forbidden Member Posts: 88 ■■□□□□□□□□That is good to know! I should probably do that come to think about it. It is an external facing web server after all. Is there a way to allow clients to use ports other than 3389 for RDP?
-
CodeBlox Member Posts: 1,363 ■■■■□□□□□□Usually, when you specify the server you can use the notation "servername:tcp_port" to use a port other than the default 3389. In your case, it would have been "servername:3390" I still don't see how that's considered a security measure. I see that more so as obscurity.Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
-
Balantine Member Posts: 77 ■■□□□□□□□□It is a lame excuse for security.
Try allowing only specific sourced port packets to RDP to a server.dulce bellum inexpertis -
phoeneous Member Posts: 2,333 ■■■■■■■□□□It is a lame excuse for security.
Try allowing only specific sourced port packets to RDP to a server.
Okay good luck with that