Remote Desktop Connection not working on office network

gilesitis

gilesitis

Member
Reaction score
1
Hi all,

This may be something simple I'm overlooking, but I'm out of ideas. I have a client who likes to use RDP to view a database located on their server. They've not been able to connect to it after some recent changes by their ISP. Went over today and found out that the IP address pointing to the server had changed. Ok, easy fix: changed to the new IP in the RDP settings, but still could not connect. Keep in mind these laptops that access the server are on their office network. Next, I try to connect with my iPhone using RDP app--and it works great. I go home and can access it too. The client said they can also access from the same laptop when it is at their home (not on the office network). So basically, they can access the server via RDP anywhere except when they are at their office...what could it be?
 
So you are trying to access the server on the LAN via RDP using a public IP address? Why not just use the LAN IP address? That's what I do on my LAN.
 
markverhyden said:
So you are trying to access the server on the LAN via RDP using a public IP address? Why not just use the LAN IP address? That's what I do on my LAN.
Click to expand...
The reason they use their public IP is in order to access the server via RDP when they are out of the office, such as at the courthouse.
 
Also, why not just configure DNS? If you do it right, it will be accessible internally and externally...so it stays the same. no matter where they are.
 
gilesitis said:
The reason they use their public IP is in order to access the server via RDP when they are out of the office, such as at the courthouse.
Click to expand...

I understand that. But my point is why not use the LAN address when they are back in the office. And what WAN IP are you using and do they have a static IP? The gateway or the first usable?

Also, are they just using straight RDP from outside of the office? That is not a recommended practice. While RDP does create an encrypted connection it is not as robust as other options. RDP should be done over VPN for security reasons.
 
What ISP is he using?

With Telus in Canada, I've encountered this problem. You cannot come inbound on a connection that is the same as the outbound IP. The second you leave the premises it works fine. Even from another Telus IP... it just has to be different.

Eastlink in Canada also used to do this... but much worse... two Eastlink systems couldn't talk to each other.

They've done away with this, however.

Mark is right... RDP over VPN or setup RDP-Internal and RDP-External; two icons on his desktop isn't a big deal.
 
@gilesitis: NAT loopback is what you're looking for.

I suspect NAT loopback is disabled. Did they get a new router, or was the router reset? If it's a new router, it may not have the feature. It's also possible that the ISP is blocking loopback.


Like others have said though, there are better (and more secure) ways to do this. I would consider setting up VPN, as Mark suggests. In the meantime, if they're using the standard RDP port (3389) externally, I would change that at the very least.
 
Moltuae said:
@gilesitis: NAT loopback is what you're looking for.
Click to expand...

Thanks. That's the term I'd been trying to remember. Happened to me but not much I can do about it since I have a residential account at my home office. I host all my stuff and every thing used to work perfectly until they changed something. So now none of the stuff works with the FQDN or public IP from inside my LAN.
 
Thanks for all the responses. I did have the client try to access it using the local IP of the server, and it does allow her to connect to the remote server. It is running Windows Server 2008 R2. When she goes to log in, it tells her the username or password is incorrect, even though she is typing in correct information. This doesn't make much sense. It rejects her log in if she is on the same network?
 
Mokester said:
Also, why not just configure DNS? If you do it right, it will be accessible internally and externally...so it stays the same. no matter where they are.
Click to expand...
Apparently the previous tech did set up DNS as I noticed in the configuration of the network connections. They had been working with him for years, but he was not available to help them now, and I pretty much had to step in the same day without knowing hardly anything about their network or what the prior tech had done.
 
Yeah loopback is another reason to install your own router at the edge, and disable typically neutered ISP supplied modem/routers/brouters/gateways into bridged mode to pass on the real firewall work (and public IPs) to your own router.
 
NJW said:
Put the service provider's modem in bridge mode and add your own router?
Click to expand...

That's the way I've had it setup for years. That loopback is a routing thing they control on their end. I'm even using my own Toshiba docsis3 modem.

gilesitis said:
Thanks for all the responses. I did have the client try to access it using the local IP of the server, and it does allow her to connect to the remote server. It is running Windows Server 2008 R2. When she goes to log in, it tells her the username or password is incorrect, even though she is typing in correct information. This doesn't make much sense. It rejects her log in if she is on the same network?
Click to expand...

Are they using the built in RDP or do they have TS enabled? As I mentioned I use it on my LAN on my WD DX4000 (Storage Server '08). But it is not on a domain and I am using the built in RDP.
 
markverhyden said:
That's the way I've had it setup for years. That loopback is a routing thing they control on their end. I'm even using my own Toshiba docsis3 modem.



Are they using the built in RDP or do they have TS enabled? As I mentioned I use it on my LAN on my WD DX4000 (Storage Server '08). But it is not on a domain and I am using the built in RDP.
Click to expand...
I'm fairly certain it is the built-in RDP; I don't think the TS role has been added.
 
markverhyden said:
That loopback is a routing thing they control on their end. I'm even using my own Toshiba docsis3 modem.
Click to expand...
? Not if your router has a loopback rule – it never touches the ISP's network. I have the same arrangement here (different ISP, of course, and a TP-Link router). Are you sure you're not seeing a DNS problem? The DNS request will still go out to the Internet to be resolved, before being directed back to your router. Fixed IP address or dynamic? What happens if you include your FQDN and public IP address in the hosts file?
 
Loopback is a process in NAT...thus at the edge router that is doing the NAT. If the ISPs gateway is properly bridged and your own router is pulling the public IP on its red interface...loopback happens (or not if your router can't do it) on your router. If the ISPs gateway is in the usual NAT router mode...it's done on its part. If you're double NAT'ing..well...here's yet another reason to avoid double NAT'ing.
 
Some routers will not allow a public connection back to itself redirected in that manner. If your doing what I think. Why not make 2 RDP shortcuts one called Inside other Outside or something similar? This is assuming everything is on the same lan at the same office which is how I read it.
 
You must log in or register to reply here.

Similar threads

thecomputerguy
Is this a case use for mass HyperV guest deployment?
Replies
13
Views
832
YeOldeStonecat
YeOldeStonecat
HCHTech
Local printers over RDP
Replies
3
Views
561
trevm999
trevm999
C
Edge web searches show on a user's computer, who is doing this?
Replies
17
Views
1K
Howie Johnson
Howie Johnson
HCHTech
RDP over VPN into AzureAD-joined machine
Replies
10
Views
5K
Sky-Knight
Sky-Knight
Velvis
Ubiquiti question
Replies
16
Views
1K
Velvis
Velvis
Back
Top