RDP to remote domain doesn't work from specific LAN

I am trying to RDP into my computer at work (running Windows 8 Pro). I can do this from my laptop (running Windows 10 Pro, and also when it was running Windows 8.1 Pro), but I cannot connect from other machines on the same LAN as the laptop (one machine running Windows XP; and one previously running 7 Ultimate and now running Windows 10).

I get the following standard message:

Remote Desktop can't connect to the remote computer for one of the following reasons:

Remote access to the server is not enabled

The remote computer is turned off.

The remote computer is not available on the network.

Make sure the remote computer is turned on and connected to the network, and that remote access is enabled.

I have tried connecting with both the site name (like www.myexample.com) and the IP address. Pinging the remote computer works on all systems. I am logging in with domain credentials (machine\user, instead of just user).

The target machine has Allow remote connections to this computer selected, but the Allow connections only from computers running Remote Desktop with Network Level Authentication checkbox is NOT checked (System -> Remote Settings).

What could be different between the two machines which are unable to connect, and the one machine which can connect?

Edit

It turns out that I cannot connect from the laptop either when it is on the same LAN as the other machines, only when I am connected to a different LAN. This would seem to imply that the router is blocking the RDP traffic, or the router's IP address is blocked on the target domain or machine.

_{I am leaving the question and answer(s) for future reference, but I have no way of verifying any answers or suggestions in the comments.}

Edit 2

On the troublesome LAN, I can ping the domain, but when I try to telnet into the domain with the RDP port (customized) it doesn't work. Telnetting from a different LAN with the specified port is successful. This presumably means that port forwarding from the domain to the target machine inside the target LAN is not an issue.

Zev Spitz

Posted 2015-12-16T16:34:55.320

Reputation: 259

1Is the box configured to accept connections from any version of the Remote Desktop Client? There are some security settings that can't be addressed on older OS versions, so you have to allow all versions. The setting is in the Control Panel -> System -> Remote Settings. – Frank Thomas – 2015-12-16T17:07:22.103

@FrankThomas It is configured to accept connections from any version; edited into the question. – Zev Spitz – 2015-12-16T17:48:06.707

Are you VPN'd into the work LAN before RDP'ing, and does VPN itself work from the other machines? – dxiv – 2015-12-19T19:11:37.063

@dxiv No, there is no VPN. – Zev Spitz – 2015-12-19T19:18:59.330

Check in Settings / Network & Internet / Ethernet / Advanced sharing options, if both Network discovery and File and print sharing are turned on. – harrymc – 2015-12-19T19:25:03.507

@harrymc On the clients, or on the target machine? – Zev Spitz – 2015-12-19T21:36:39.870

So you log into the domain and RDP into your office machine from home, without any VPN whatsoever. That's a less common setup, and one I am not familiar with, sorry. – dxiv – 2015-12-19T22:31:43.570

On the server to start with, and then on at least one such client. – harrymc – 2015-12-20T07:21:10.360

Answers

The error message seems to imply that the port is not available to those systems.

Maybe there is a layer 2 firewall filtering the connections (or a firewall on the server). Check this by using telnet (from the client, open a command window and type telnet <serverip> <rdpport>). If it does not respond with a banner announcing the RDP service, the problem is at the network - i.e. a firewall of some sort) rather than the app.

If your network is more complex, it's also possible that while the computers are on the same LAN, they are on different subnets, and there is a regular firewall blocking connections between the subnets. You may be able to check this using traceroute. If there is more than 1 hop, or the first hop is not the IP of the remote system, then you are going through a router - most likely with a firewall preventing access.

davidgo

Posted 2015-12-16T16:34:55.320

Reputation: 49 152

To add to this, you may unintentionally have them on different subnets if the subnet mask is set incorrectly one one computer, e.g. 255.255.255.0 on one, and 255.255.254.0 on another. This would cause one host to think it was on a larger network than the other. Devices where the two networks overlap would still be able to communicate, while ones with addresses outside of the overlap range would not be able to communicate fully. – GuitarPicker – 2015-12-23T18:44:07.480

"I am leaving the question and answer(s) for future reference, but I have no way of verifying any answers or suggestions in the comments."

You can verify where the problem lies :

Use a free VPN service to connect from the problematic LAN

This will change your IP address and will work as a test on whether the remote server is rejecting your address. If the connection still fails, then the problem is elsewhere.

Check the router

The router might be blocking the connections.

Turn off the firewall (while testing only) to see if it is to blame
Check forwarding rules
Check if the IP address of the router is within the LAN segment
Check if an upgrade to the router's firmware is available from the manufacturer
Try another router

harrymc

Posted 2015-12-16T16:34:55.320

Reputation: 306 093

I tried using a free VPN service; didn't help. I asked the network administrator and he said there isn't any MAC-specific or IP-specific blocking on the remote server. – Zev Spitz – 2015-12-26T19:34:38.063

Per the forwarding rules on the LAN, all outbound traffic is allowed and there are no MAC filtering blocks. – Zev Spitz – 2015-12-26T19:36:58.797

You will need to give us more information about the LAN in question, such as the output of ipconfig when the portable is on the LAN and at work. – harrymc – 2015-12-26T19:48:40.813

I would suggest temporarily turning off Windows Firewall and/or any other firewalls. Are you able to ping the machines you are trying to RDP to? If not, then you are probably looking at a networking related issue.

There are limitations in what versions of Windows can connect to each other. For example, if you have a Windows 7 machine you can RDP to a Windows XP machine - but not vice versa. Also, Windows 7 machines can RDP to another system running Win 7 - but only Enterprise, Ultimate or Professional editions. I understand that you are running Windows 8 Pro, 8.1 Pro and 10 Pro - not Windows 7 - but I am wondering if the issue does not stem from Firewalls or networking related issues, could it be a limitation that Microsoft has imposed?

Gargoyle

Posted 2015-12-16T16:34:55.320

Reputation: 1

Windows XP machines can connect to Windows 7 and later, as long as the NLA checkbox is unchecked, as specified in the question. – Zev Spitz – 2015-12-22T22:46:06.263

I have not found that to always be the case in my own experience and testing, that is why I included that particular example. – Gargoyle – 2015-12-22T23:06:40.470