Forum Discussion
Solved
RDP connection through VPN only to RAS IP not to main IP
I have the following scenario:
I configured a Windows 2012R2 Server as RAS server. When I connect per VPN, I can RDP to the server only by the RAS IP (which comes from DHCP) not by the main IP. I can reach all other clients in the remote network.
Why isn't it possible to RDP the server over the main IP?
Regards
Jan
Agreed on routing issues. Dual gateways would likely be problematic. I'd hope by "DC-02" you didn't mean a domain controller. Multi-homing a domain controller will always cause no end to grief. If so I'd recommend installing the RASS / VPN roles on a member server.
15 Replies
I guess by "main IP" you mean public? Might try from PowerShell from source and target to see if its listening.
Test-NetConnection -ComputerName "192.168.49.142" -CommonTCPPort "RDP" -InformationLevel "Detailed"
or also try;
Please excuse my unclear expression.
The server has one ethernet connection (main IP) and through the RAS dial-in a RAS interface. Here is the ipconfig result:
Windows-IP-Konfiguration
Hostname . . . . . . . . . . . . : DC-02
Prim„res DNS-Suffix . . . . . . . : myDomain.local
Knotentyp . . . . . . . . . . . . : Broadcast
IP-Routing aktiviert . . . . . . : Ja
WINS-Proxy aktiviert . . . . . . : Nein
DNS-Suffixsuchliste . . . . . . . : myDomain.local
PPP-Adapter RAS (Dial In) Interface:
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : RAS (Dial In) Interface
Physische Adresse . . . . . . . . :
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv4-Adresse . . . . . . . . . . : 192.168.124.30(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.255
Standardgateway . . . . . . . . . :
NetBIOS ber TCP/IP . . . . . . . : Aktiviert
Ethernet-Adapter Ethernet:
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Gigabit-Netzwerkverbindung Intel(R) 82574L
Physische Adresse . . . . . . . . : 00-0C-29-AB-15-DA
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::603a:6364:2baa:fff3%11(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 192.168.124.16(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Standardgateway . . . . . . . . . : 192.168.124.21
DHCPv6-IAID . . . . . . . . . . . : 335547433
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-24-63-71-63-00-0C-29-AB-15-DA
DNS-Server . . . . . . . . . . . : 192.168.124.16
127.0.0.1
NetBIOS ber TCP/IP . . . . . . . : Aktiviert
Tunneladapter isatap.{CA9379ED-7C5E-4220-9155-2DCB041ECD2A}:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #2
Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
Tunneladapter isatap.{6E06F030-7526-11D2-BAF4-00600815A4BD}:
Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #3
Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : JaI can ping the server trough the VPN connection, but neither can I RDP nor will I get any DNS results.
PS C:\WINDOWS\system32> Test-NetConnection -ComputerName "192.168.124.16" -CommonTCPPort "RDP" -InformationLevel "Detailed"
WARNUNG: TCP connect to (192.168.124.16 : 3389) failed
ComputerName : 192.168.124.16
RemoteAddress : 192.168.124.16
RemotePort : 3389
NameResolutionResults : 192.168.124.16
MatchingIPsecRules :
NetworkIsolationContext : Internet
InterfaceAlias : Statcontrol
SourceAddress : 192.168.124.25
NetRoute (NextHop) : 192.168.124.30
PingSucceeded : True
PingReplyDetails (RTT) : 60 ms
TcpTestSucceeded : False
PS C:\WINDOWS\system32> nslookup www.google.de 192.168.124.16
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.124.16
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Zeitüberschreitung bei Anforderung an UnKnown.
PS C:\WINDOWS\system32>
When I use the RAS-dialin IP I can RDP and get DNS results.PS C:\WINDOWS\system32> Test-NetConnection -ComputerName "192.168.124.30" -CommonTCPPort "RDP" -InformationLevel "Detailed"
ComputerName : 192.168.124.30
RemoteAddress : 192.168.124.30
RemotePort : 3389
NameResolutionResults : 192.168.124.30
MatchingIPsecRules :
NetworkIsolationContext : Internet
InterfaceAlias : Statcontrol
SourceAddress : 192.168.124.25
NetRoute (NextHop) : 192.168.124.30
TcpTestSucceeded : True
PS C:\WINDOWS\system32> nslookup www.google.de 192.168.124.30
Server: UnKnown
Address: 192.168.124.30
Nicht autorisierende Antwort:
Name: www.google.de
Addresses: 2a00:1450:4001:818::2003
172.217.21.195Any hints?
Looks like 192.168.124.16 is not listening on 3389 or firewall issues when using the VPN. Also try;
Test-NetConnection -ComputerName "192.168.124.16" -CommonTCPPort "RDP" -InformationLevel "Detailed"
on target machine. tracert from source to target by both connections may also provide something useful.
