Forum Discussion
RDP connection through VPN only to RAS IP not to main IP
Agreed on routing issues. Dual gateways would likely be problematic. I'd hope by "DC-02" you didn't mean a domain controller. Multi-homing a domain controller will always cause no end to grief. If so I'd recommend installing the RASS / VPN roles on a member server.
I was suggesting to tracert from source to target. Obviously tracert on the same subnet is not useful.
I made the tracert on the remote machine (W-05 = source), which is connected via VPN to the server (target). When I establish a VPN connection, W-05 gets an IP address from the subnet.
Here again (due to a server reboot the RAS-dialin IP changed from 192.168.124.30 to 192.168.124.31).
PS C:\WINDOWS\system32> ipconfig /all
Windows-IP-Konfiguration
Hostname . . . . . . . . . . . . : W-05
Primäres DNS-Suffix . . . . . . . : remoteDomain.local
Knotentyp . . . . . . . . . . . . : Hybrid
IP-Routing aktiviert . . . . . . : Nein
WINS-Proxy aktiviert . . . . . . : Nein
DNS-Suffixsuchliste . . . . . . . : remoteDomain.local
myDomain.local
Ethernet-Adapter Ethernet:
Verbindungsspezifisches DNS-Suffix: remoteDomain.local
Beschreibung. . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
Physische Adresse . . . . . . . . : 44-37-E6-81-15-12
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::281e:339e:4aaf:5ce0%5(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 192.168.140.34(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Lease erhalten. . . . . . . . . . : Mittwoch, 22. Mai 2019 14:53:12
Lease läuft ab. . . . . . . . . . : Donnerstag, 30. Mai 2019 16:34:15
Standardgateway . . . . . . . . . : 192.168.140.1
192.168.145.1
DHCP-Server . . . . . . . . . . . : 192.168.140.15
DHCPv6-IAID . . . . . . . . . . . : 71579622
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-16-84-C3-42-44-37-E6-81-15-12
DNS-Server . . . . . . . . . . . : fe80::37af:966a:f63:f586%5
192.168.140.15
192.168.140.1
192.168.145.1
NetBIOS über TCP/IP . . . . . . . : Aktiviert
Suchliste für verbindungsspezifische DNS-Suffixe:
remoteDomain.local
PPP-Adapter myDomain:
Verbindungsspezifisches DNS-Suffix: myDomain.local
Beschreibung. . . . . . . . . . . : myDomain
Physische Adresse . . . . . . . . :
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv4-Adresse . . . . . . . . . . : 192.168.124.30(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.255
Standardgateway . . . . . . . . . :
DNS-Server . . . . . . . . . . . : 192.168.124.16
NetBIOS über TCP/IP . . . . . . . : Aktiviert
Ethernet-Adapter vEthernet (Default Switch):
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
Physische Adresse . . . . . . . . : E2-15-30-C9-DE-52
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::fc9b:4806:cc25:a986%19(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 172.17.76.33(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.240
Standardgateway . . . . . . . . . :
DHCPv6-IAID . . . . . . . . . . . : 333583664
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-16-84-C3-42-44-37-E6-81-15-12
DNS-Server . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS über TCP/IP . . . . . . . : Aktiviert
PS C:\WINDOWS\system32>
PS C:\WINDOWS\system32>
PS C:\WINDOWS\system32> tracert 192.168.124.16
Routenverfolgung zu 192.168.124.16 über maximal 30 Hops
1 59 ms 58 ms 59 ms 192.168.124.31
2 62 ms 60 ms 61 ms 192.168.124.16
Ablaufverfolgung beendet.
PS C:\WINDOWS\system32>
Great news, and you're welcome.
I moved the Routing and RAS role from the DC to the member server. Now everything is ok.
Thanks a lot.
Sounds good, you're welcome.
- Yes it is a domain controller. I will try tomorrow to move the RAS to a member server
I“ll keep you informed.
Thanks for the moment. Agreed on routing issues. Dual gateways would likely be problematic. I'd hope by "DC-02" you didn't mean a domain controller. Multi-homing a domain controller will always cause no end to grief. If so I'd recommend installing the RASS / VPN roles on a member server.
- I tried it from a different laptop. As for W-05 I tried and it failed and for DC-02 it succeeded..
I think it“s a routing problem. I can RDP several server and workstations in the DC-02 LAN through the VPN connection even DC-02 when I use the IP of the RAS-dialin interface (which can change). Just when I use the IP of the LAN interface of DC-02 it fails. Same on DNS requests.
I turned of the firewall and Kaspersky on DC-02. Ok, gotcha. I'd still try from PowerShell
Test-NetConnection -ComputerName "xxx.xxx.xxx.xxx" -CommonTCPPort "RDP" -InformationLevel "Detailed"
From both source (pc you're connecting from) and also on target (pc you're connecting to) If it fails on source and succeeds on target then there appears to either be a firewall issue or possibly a routing issue.
and as mentioned the dual gateways could be problematic so might also try to VPN from a desktop without either Hyper-V or the dual gateways.
- The RAS server DC-02 is the target. W-05 is one of several workstations /laptops connecting via VPN.
W-05 is a developer computer with visual studio. Hyper-V role is installed.
The problem occurs on all computers connecting to DC-02 via VPN. Computers in the LAN of DC-02 don‘t have any problems.