1

We have a server with Remote Desktop enabled, but we can only access the server from inside the LAN. Port forwarding on port 3389 is set up on the gateway/modem (Comcast SMCD3G) and canyouseeme.org says the port is open, but when I try connect with the WAN ip it says "Remote desktop cannot access the specified computer". The only thing between the server and the Gateway is a Netgear ProSafe GS716T, but I do not see any settings that would interfere with remote desktop, so I am at a loss as to why its not working.

Dirk37
  • 21
  • 1
  • 1
  • 2
  • 1
    Does your RDP server has correct default gateway? – Serhiy Mar 03 '13 at 05:01
  • (Since I can't leave comments yet I have to post this as an answer) Do you use the same network adapter for LAN and WAN? RDP has potentially seperate settings for each network adapter, so you'd have to make sure the settings for the WAN nic are correct. – LordOfTheRats Mar 02 '13 at 21:37
  • In my case, Windows 10 Pro, when I telnet into the server I get "Resource Temporarily Unavailable". I've checked the firewall as per Ed's answer, and both for TCP and UDP the "Profile" is "All". A couple of Qs: 1. Could there be other services for which an Inbound Rule is necessary? Beyond RDP via TCP and UDP? 2. Could this be related to reverse DNS? I use a dynamic DNS server. I've also already tried t – Leo Nov 03 '18 at 11:32

1 Answers1

1

Three common possibilities:

  1. The network port forwarding & firewall rules are incorrect, we would need more details to help.

  2. Firewall Issue on the Server

    Some Windows OS's (SBS 08 R2 at least) by default deny RDP packets from networks other then the LAN. Check the server firewall settings:
    Administrative Tools, Windows Firewall w/ Advanced Settings, Inbound. If it's a problem then and you can't edit the rule or it comes back then it's probably coming from a Group Policy that needs to be changed.

    On a server with Group Policy Management installed, run GP Results Wizard, select the Server computer, Computer Settings only. In the results window, Settings tab, click Show All to see what settings are being applied and what policy they come from. In particular look at policies effecting RDP.
    -Backup the policy
    -Edit the policy.
    -On the server run: "GPUpdate /force"
    -Test RDP remotely

    The setting is under: Computer Configuration > Policies > Administrative Templates > Network/Network Connections/Windows Firewall/Domain Profiles > "Windows Firewall: Allow inbound Remote Desktop exceptions"
    An entry of "" would allow RDP from any remote subnet.

  3. Network Level Authentication requirement on the server is set higher then the RDP client is set to or can use.

    See http://technet.microsoft.com/en-us/library/cc732713.aspx
    Turn NLA off for testing, if it's an issue either leave it disabled or enable/upgrade the clients. Older RDP clients have limited or no NLA capabilities.

    If you reply then please be specific about: Server OS, client OS, RDP version and provide any relevant Event log entries on the Server relating to RDP.

Ed Fries
  • 1,621
  • 2
  • 11
  • 14