How to enable RDP to a Server 2008 R2 on another network? VM network

I have a W2008 R2 installed on a different network (I am on 192.168.0.x - new server on 192.168.3.x)

I had trouble ping and RDP to it. I disabled the firewall to test the connection:

enter image description here

and that opened the ping feature

enter image description here

but I still can not RDP to that machine. the allow remote access is enabled

As per sinni80 idea - Here is the error message

enter image description here

The networks are divided by a Fortigate 60-B router - 2ndy interface for the gateway is 192.168.3.254 (and pingable from all)

any to any rule on both networks is in place.

As per Joe Schmoe idea - I am able to RDP to 192.168.3.1 from 192.168.3.3 (which is on the same network)

Data to add: - The servers are on a VM host, each of the servers has 2 nics

one is DHCP enabled into the 192.168.0.x network
2nd is static IP in the 192.168.3.x

-- Further information:

The network 192.168.0.x - are on a domain network (active Directory)
The network 192.168.3.x - are grouped in a workgroup

What should I check more please?

Saariko

Posted 2012-12-02T15:33:39.073

Reputation: 727

1Are those networks divided by router? Or they are sharing same network with different subnets? – week – 2012-12-02T16:04:56.103

1Try to telnet from your computer into remote box on port 3389 (or whatever port remote desktop is running on if you changed it). Does this work? – Joe Schmoe – 2012-12-02T17:28:36.473

yes, telnet works (nothing is shown) but it's a connection – Saariko – 2012-12-02T17:53:04.833

1Maybe, make a screenshot of the error message coming from the RDP client... If it's a generic one, tough luck, but it might have one thats usable. – sinni800 – 2012-12-02T17:59:19.687

1Another shot in the dark: can you try to remote desktop to remote server from remote network (if you have physical access to remote network)? Or ask someone with physical access to remote network give it a try? – Joe Schmoe – 2012-12-02T18:03:29.590

Did you turn off firewall on the server or on your rdp client machine or both? Also check server event log for rdp connection related event. – John Siu – 2012-12-11T03:29:53.910

Disabling the firewall on a Windows Server can have quite the opposite effect of what you're after. Enable the firewall and create an exception for Remote Desktop in all profiles. – Der Hochstapler – 2012-12-17T13:14:23.003

Answers

Please check your VM Host network setting, host firewall/network(public/private/unknown) config may be the issue.

Please test with VM Host firewall turn-off (see PS).

There is a VMware KB related to this issue.

I also solved a very similar issue here. That is for ssh connection to a VM in a Windows host.

PS: Base on comment from Oliver Salzburg, this may not work as intended. I cannot confirm as I am remote from my server now.

John Siu

Posted 2012-12-02T15:33:39.073

Reputation: 4 957

Did you check the Terminal Licenses in your Windows 2008 R2? They should be enabled.

Scorpion99

Posted 2012-12-02T15:33:39.073

Reputation: 1 023

This was checked - it's ok – Saariko – 2012-12-17T14:00:33.987

On the router increase the MTU to 1500 or adjust the maximum frame size on the server.

Fragmentation causes real problems for RDP, and RDP packets are oversized for most network defaults due to the extra header information added to the packets.

Scott Clarke

Posted 2012-12-02T15:33:39.073

Reputation: 66

What is your subnet mask?

It sounds like your need to change your subnet mask from /24 to /22 (you need two binary digits to get to 3) so thats from 255.255.255.0 to 255.255.252.0

ICMP ping is a hardware broadcast request - which means that it gets broadcast-ed to all adapters on the hardware network, and your out of network server will reply. But regular network transport isn't so forgiving.

JERiv

Posted 2012-12-02T15:33:39.073

Reputation: 101

I don't think this has an effect in my case – Saariko – 2012-12-17T14:00:50.353

Try it, it won't hurt your existing setup (unless you want .3. and .0. networks traffic seperated) – JERiv – 2012-12-18T18:04:34.797

(it would create a new broadcast address which would include both subnets) – JERiv – 2012-12-18T19:21:55.093