Remote Desktop is hosed

[astralbaby]

I have a Windows Server 2012 r2 Essentials box that is running AD, remote web access, and application server. I have about 15 machines joined. I am only trying to connect to the built in administrator RDP session. I am not running Remote Desktop Services other than what is required to use RWW. All my firewall points are open. Forwarded TCP/UDP to port 3389 to it, and made sure Windows Firewall had the correct rules. I have ESET File Security running also. 

 

I am unable to connect. Not even from RWW.

 

Please help. 

[sc302 Veteran]

I have a Windows Server 2012 r2 Essentials box that is running AD, remote web access, and application server. I have about 15 machines joined. I am only trying to connect to the built in administrator RDP session. I am not running Remote Desktop Services other than what is required to use RWW. All my firewall points are open. Forwarded TCP/UDP to port 3389 to it, and made sure Windows Firewall had the correct rules. I have ESET File Security running also. 
 
I am unable to connect. Not even from RWW.
 
Please help. 

Sounds like either Remote Desktop isn't enabled properly or a windows/eset firewall issue.

[bledd]

Tried connecting via the IP instead of the hostname?

 

What happens when you try to connect?

[+John Teacake MVC]

Are you in the UK using Virgin Media? There is a strange issue at the moment (Ongoing I think) Where services like RDP/VPN just simply don't work in very odd occasions. Last I heard they were working with the equipment vendors to resolve it. We need more information though....

[xendrome]

Can you connect locally over the LAN, if so, then RDP isn't hosed. Then you've got a AV/Firewall/Router/ISP issue going on. Double check your static IP and port match in the router forwarding.

[TheReaperMan]

can you connect using a local desktop and also try using the ip instead of the host

 

Are you sure the remote connection is enabled in "System Properties" > Remote tab on the server?

[astralbaby]

8 hours ago, sc302 said:

Sounds like either Remote Desktop isn't enabled properly or a windows/eset firewall issue.

I disabled ESET, and dropped the Firewall.

[astralbaby]

8 hours ago, bledd said:

Tried connecting via the IP instead of the hostname?

 

What happens when you try to connect?

Yes. I tried connecting by IP. Same error I get when using HOSTNAME.

Quote

Remote Desktop Cant connect to the remote computer for one of these reasons:

1) Remote access to the server is not enabled
2) The remote computer is turned off
3) The remote computer is not available on the network

Make sure the remote computer is turned on and connected to the network, and that remote access is enabled

 

 

 

8 hours ago, John Teacake said:

Are you in the UK using Virgin Media? There is a strange issue at the moment (Ongoing I think) Where services like RDP/VPN just simply don't work in very odd occasions. Last I heard they were working with the equipment vendors to resolve it. We need more information though....

No, I am firstly trying to connect locally. 

 

 

8 hours ago, xendrome said:

Can you connect locally over the LAN, if so, then RDP isn't hosed. Then you've got a AV/Firewall/Router/ISP issue going on. Double check your static IP and port match in the router forwarding.

 

No, not locally. I am only trying to connect locally before attempting to connect remotely. I dropped the Firewall and all AV. Still no joy.

 

8 hours ago, TheReaperMan said:

can you connect using a local desktop and also try using the ip instead of the host

 

Are you sure the remote connection is enabled in "System Properties" > Remote tab on the server?

Cant connect locally. Tried IP and HOSTNAME

Remote access is checked in the system properties. Administrator has automatic access

[astralbaby]

Other employees are able to use RWW and connect to their respective machine. I cant even use RWW to connect to the server. 

[Brandon H Supervisor]

not to doubt you but have the basics been checked?

 

IP hasn't been changed on the server for some reason?

router has not lost any port forwarding entries?

 

odd that you're having trouble connecting on the local network too

[astralbaby]

21 minutes ago, Brandon H said:

not to doubt you but have the basics been checked?

 

IP hasn't been changed on the server for some reason?

router has not lost any port forwarding entries?

 

odd that you're having trouble connecting on the local network too

ip is static and has not changed. I am just trying to connect locally. THIS IS CRAZY!!!!!

[sc302 Veteran]

Would you be willing to allow me to take a look?  If you are pm me TeamViewer Id and pass.  I am confident I can get you working. 

[astralbaby]

LEts do it

 

[astralbaby]

sc302 is my hero of the day. 

 

I changed the listening port in the past.. and when I changed it back to 3389, I entered it into the wrong box in the regedit editor..

 

Just went down for a reboot.. lets see. Thanks so much again sc302

 

 

----------

RDP IS NOT HOSED ANYMORE

Edited March 15, 2017 by astralbaby

[sc302 Veteran]

[+John Teacake MVC]

Yeah see if you changed the port with Regedit, Alot of people would have overlooked that. Fair one though. Well done. 

[goretsky Supervisor]

Hello,

 

Don't forget to re-enable your anti-malware software.

 

Regards,

 

Aryeh Goretsky

 

[TheReaperMan]

that was my next port of call with the port, nice catch

[Jason S. Global Moderator]

maybe i missed something here, but why did you change the listening port from 3389?

 

What's RWW?

[astralbaby]

15 hours ago, Jason S. said:

maybe i missed something here, but why did you change the listening port from 3389?

 

What's RWW?

Initially, I deployed a single server where I changed the listening port for RDP. It is an obscure way of keeping outsiders from brute-forcing the login. I used this session to perform remote maintenance on this server. 

 

RWW = Remote Web Workplace, or, Remote Web Access

[bledd]

You should have mentioned that in the opening post.

[xendrome]

6 hours ago, astralbaby said:

Initially, I deployed a single server where I changed the listening port for RDP. It is an obscure way of keeping outsiders from brute-forcing the login. I used this session to perform remote maintenance on this server. 

 

RWW = Remote Web Workplace, or, Remote Web Access

You could just use port triggering (whatever port outside - forwards to internal 3389 when accessed)

 

But it literally takes 5 minutes to use a port scanner on an outside IP to scan 1-65536 so it does nothing for brute-force. You really should have your network behind a VPN and not open-facing to internet connections.

 

EDIT: Actually if you can't do a VPN right now, you'd probably be more secure using TeamViewer on that server with 2FA turned on, at least that's an extra layer.

[Jason S. Global Moderator]

Right, so perhaps im confused, but you said "All my firewall points are open" which, to me, means that you dont really have a firewall. as Xendrome said, a port scanner would take care of that pretty fast, so why change the RDP port at all?

[sc302 Veteran]

I didn't go into his router/Asa to determine what was or wasn't open at that level, software firewall is enabled.

 

But anytime you have a port open on the firewall and a service listening it can be scanned. The next part is a little harder, identifying exactly what is communicating across esp if the transmission is encrypted.

[astralbaby]

Once again, thanks sc302. 

I made a mistake restoring port 3389 to direct to mstsc. I should have included this. My apologies.