spectrum48k

I VPN into the work's LAN from my home office...

I can remote desktop to the domain controller (win2k server)
Problem is, I CANNOT remote desktop to the stand-alone server (Win2k3)

To complicate things, I can remote desktop into the DC, and from there remote desktop into the stand-alone server!

Can someone explain what I need to do to the stand-alone server to allow me to remote desktop straight into it ?

Things I've checked:
1) Remote Desktop users group - it contains the administrator, which is the account I'm trying to log in with via remote desktop.
2) I notice there's no terminal server
3) I notice the stand-alone can't connect to a licencing server
4) There's no routing and remote access setup

ChrisB

Can you ping the stand alone server?

If so, have you enabled Remote Desktop? Right Click My Computer, System Properties tab, "Enable RD on this computer"?

Might be different on yours though, I don't have any non-domain W2K3 boxes about.

mike1210

only other thing i can think of. Can port 3389 TCP be accessed via Hyper Terminal (run netstat -an) to see if its connected. Is the server on a seperate VLAN with ACL's blocking it?

spectrum48k

server is on same LAN

netstat -an reports port 3389 CAN be accessed

spectrum48k

yes

already enabled - I mentioned above I could remote desktop into this stand-alone server, from the DC

I'm sure a user got deleted accidentally from the terminal services snap-in somewhere?

ChrisB

Sorry, missed that bit.

Just to clarify, you can ping the stand-alone remotely through the VPN?

Being able to RDP to the DC, then to stand-alone would suggest it's a routing issue but if you can ping it, it can't be. Hmmm!

judgejules

If you telnet x.x.x.x 3389 from a cmd prompt do you get a blank screen or does it hang they say connection failed?

Do you have a cutom IP security policy on the 2k3 box that stops RDC from any IPs othat than your 2k server?

spectrum48k

"could not telnet to ..... connection failed"

no

I'm sure "dialuser" got deleted by mistake in one of the terminal services snap-ins. Can anyone confirm if thIs user installed automatically in Win2k3 ?

spectrum48k

yes, definitely.

judgejules

Dialuser will have nothing to do with it if you cant even open a telnet port to the waiting RDC port, there is a problem with the networking. Are you able to RDC to the 2k3 box from another machine (other than the 2k box) inside the building? Do you have any other ports open on the 2k3 box that you can test with telnet, like http / ftp ?

judgejules

As you can RDC to the 2k machine, its not a problem with the vpn/firewall/router (unless there is a specific rule regarding the 2k3 machine). You've checked that? If you have checked, then its something on the box itself.

In Start->Administrative Tools->Local Security Policy do you have a Traffic Filter entry in the right pane, and is it policy assigned to Yes/No?

spectrum48k

i'LL CHECK.

I'm pretty sure its a wrong settings on the stand-alone server (win2k3)

Question: Which users by default are in the Remote Desktop Users group ?

judgejules

None, from memory administrator is granted rights through policies somewhere.

spectrum48k

Problem Solved

After messing around with plenty of things, including updating the SonicWall GlobalVPN client to v4x, I finally got things working when I disabled Windows Firewall/ICS service in the Win2k3 stand-alone server.

I also, deleted and then re-inserted the administrator in the remote desktop users group.

BINGO!! ;-)

Thanks for everyone's comments. You're a great bunch.