The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.

Rebuilt My Domain - Broke Remote Desktop

TL DRTL DR Not at all confident in his reflexive opinions of thingsRegistered User regular
edited April 2010 in Help / Advice Forum
Hi, and thanks in advance.

Recently I solved a recurring disconnect problem that was due to DHCP being handled by the network's router and not the server (Windows Small Business 2008). This involved re-adding all the client PCs to the domain.

Previously, I had the router set up to forward ports to the client PCs for Remote Desktop. Now, I'm unable to connect to the clients remotely but can still RDP into the server. I'm sure it's something simple, but I've been poking around for quite awhile and haven't found what I'm looking for. Any tips?

TL DR on

Posts

  • TL DRTL DR Not at all confident in his reflexive opinions of thingsRegistered User regular
    edited April 2010
    Is it possible to just forward ports on a domain, or am I going to have to use VPN or something?

    TL DR on
  • DjeetDjeet Registered User regular
    edited April 2010
    It's probably a router setting.

    I had a client who had this shitty router/modem device. It would only port forward to a machine in its ip/routing tables, and it didn't populate these tables from activity on the LAN side. It only populated those tables from the DHCP leases it was handing out, or by manual static entries. So when we disabled DHCP on it we had to manually add the ips of the machines we wanted published to the Internet which meant static IPs, and DHCP on the windows server, while available, was useless to all machines that needed to be accessed from the Internet.

    There shouldn't be any port forwarding restrictions just because you're running a domain. All the port forwarding logic should be somewhere on the router, and then you just need to make sure the target machine isn't blocking the activity with a firewall. Publishing multiple machines for RDP depends on your assets: router logic and available number of public IPs. We have a lot more users who want to RDP then public IPs available so I made them all connect to a terminal server first, and from there they can RDP into their desktop. Alternatively I could've had them each hack their registry so their RDP client connects to a non-standard port and then done custom port forwarding rules that would forward traffic from that non-standard port to 3389 on their dektop, but that would interfere with their ability to RDP into other machines.

    Djeet on
  • NailbunnyPDNailbunnyPD Registered User regular
    edited April 2010
    You'll need to set those port forwards up in the router again. Basically, this needs to happen at the firewall (or your router,) and not the server. If you were tinkering with the router to disable DHCP, its possible the forwarding was reset.

    Djeet, there is a way in 2008 to set a server as a Remote Desktop Gateway. If you look at the latest RDP client, its under the Advanced tab. That way, you only publish your TS server, but clients can use it to connect directly to their PC, instead of hitting the TS desktop first. I haven't used this, so I can't speak for how you setup the server.

    NailbunnyPD on
    XBL: NailbunnyPD PSN: NailbunnyPD Origin: NailbunnyPD
    NintendoID: Nailbunny 3DS: 3909-8796-4685
    steam_sig-400.png
  • runethomasrunethomas Registered User regular
    edited April 2010
    I was going to ask why you had to rejoin the pc's in the domain to set up dhcp but I saw you had SBS2008, lol. With any SBS things need to be done using the wizards or you will have problems, also make sure you are fully patched up.
    Your problem is probably the sbs routing and remote access needs to be set up again, if it worked before then there is probably a setting that was messed up when you removed the pc's from the computer wizard and readded them. There should be a wizard for that, and I think it’s under the network wizard somewhere.

    So I assume you are going to the remote office space, and using that to remote into a specific desktop? What error message are you getting specifically?

    runethomas on
  • TL DRTL DR Not at all confident in his reflexive opinions of thingsRegistered User regular
    edited April 2010
    After re-configuring the router as it was as far as port forwarding is concerned, I am still unable to connect. Where should I be looking?

    TL DR on
  • DjeetDjeet Registered User regular
    edited April 2010
    When you unjoined and re-joined all the machines to the domain, did you make sure that remote desktop access is enabled and any client firewalls are disabled (or exceptions put into place to allow RDP in)?

    The SBS2008 server is your DHCP server right? What is it handing out as the default gateway to DHCP clients (it should be giving out the internal IP of the router, not its own IP, unless it's also acting as a router). Are you using the SBS2008 server as a firewall/router?

    Are you trying to make RDP connections to IPs or DNS hostnames?

    Djeet on
  • RuckusRuckus Registered User regular
    edited April 2010
    After re-configuring the router as it was as far as port forwarding is concerned, I am still unable to connect. Where should I be looking?

    Your clients may have had their Windows Firewalls enabled and set to default settings, which exclude default as well as custom RDP ports. It's also possible that the client workstations may have RDP disabled all of a sudden for the same reason. Check to see if you can RDP to the workstations from the server or another local workstation. I've had both of these situations occur when adding (or re-adding) workstations to a domain.

    Ruckus on
  • TL DRTL DR Not at all confident in his reflexive opinions of thingsRegistered User regular
    edited April 2010
    Djeet wrote: »
    When you unjoined and re-joined all the machines to the domain, did you make sure that remote desktop access is enabled and any client firewalls are disabled (or exceptions put into place to allow RDP in)?

    The SBS2008 server is your DHCP server right? What is it handing out as the default gateway to DHCP clients (it should be giving out the internal IP of the router, not its own IP, unless it's also acting as a router). Are you using the SBS2008 server as a firewall/router?

    Are you trying to make RDP connections to IPs or DNS hostnames?

    The SBS is acting as DHCP server, yes. Both the office PCs that I'm trying to RDP into have IP address reservations, and those IP addresses match the target IP addresses configured in the router.

    The network is running DYNDNS, which is still how I'm able to RDP into the server.

    TL DR on
  • runethomasrunethomas Registered User regular
    edited April 2010
    I had a moment to work some stuff up.

    Your network should look vaguely like this
    pennyarcade.jpg

    [Can you remote into the workstations from the server using workstation names, and IPs?]
    Yes - Then there is a issue with your router/firewall settings, and/or SBS settings.
    No - Then your problem is internal only.
    *If you can remote into them using the IP's only and not workstation names then there is an internal DNS issue, check your dns settings in DHCP and make sure they are pointing to your SBS servers ip address. ("ipconfig/flushdns" will clear your dns cache after you make any changes to your internal dns)

    [Try using a laptop that is connected to your internal network (pref xp sp3), can you RDP into them from the laptop?]

    [Can you ping the PCs from the server using the workstation names, and IPs?]
    yes - There is no issue with internal network switches, or nic cards.
    no - Start troubleshooting your network switches / nic cards.


    Questions:

    Did remote desktop work before you moved DHCP to your server?

    What os is on the workstations?

    What version of RDP is on the workstations

    What type of router / firewall are you using?

    Make sure you are using the builtin windows RDP client, and not the RDP client used in the SBS internal Website when troubleshooting.


    This is exactly the kind of stuff I do for a living; if you want me to help out I can try.

    runethomas on
  • TL DRTL DR Not at all confident in his reflexive opinions of thingsRegistered User regular
    edited April 2010
    So after dicking around in Group Policy for hours to no effect and preparing to beat my head against the wall, I was able to work out a solution. SBS2008 wants you to use the SBS Console, and after an earlier issue with not being able to adjust the Windows Update settings I should have remembered this.

    Thank you all so much for your help, it is really useful to be able to bounce ideas off such informed and bright individuals.

    TL DR on
Sign In or Register to comment.