Server 2008 RDP Issues RRS feed

  • Question

  • Server Type: Microsoft Windows 2008 Server Standard Edition
    Clean Install / No Special Software Added
    User Account Control is set to OFF.

    Server Specs:

    Windows 2008 Server Standard Edition
    Fully Licensed Server
    32-Bit Operating System
    Service Pack 2
    Intel Xeon X3220 @ 2.40 GHz
    4 GB DDR2 RAM
    Intel Chip-set Motherboard

    Setup goal was to create a multi-user standard pptp vpn for streaming
    media purposes for clients connecting from remote locations. The setup
    procedure went like this:

    Installed IIS 7.0 and Routing and Remote Access from the Server Manager
    console. Right clicked Routing and Remote Access from within Server
    Manager console and clicked on Configure.


    1.) Selected Virtual Private Network (VPN) and NAT

    2.) Selected primary physical network interface card

    3.) How do you want ip addresses assigned to remote clients? Selected
    "from a specified range of addresses"

    4.) Input to

    5.) Selected "No, use Routing and Remote Access authenticate connection

    6.) End of Setup Wizard

    ***Note*** Routing and Remote Access with NAT requires at least 2 nic
    interfaces. Since only 1 interface (physical) was available, I had to
    create a virtual one. I installed OpenVPN (most current version) and
    used the virtual ethernet adapter to act as the second adapter.

    DHCP is set to relay internal packets but there are no specified
    internal ip addresses for it. There is the option to add internal or
    external addresses but I wasn't sure whether I needed to use it or not.
    So I left it blank.

    The VPN service works at an acceptable level and remote users are able
    to login and access the public (internet) side of the vpn. Remote
    clients are issued internal ip addresses from the range and
    use the public ip address of the server to reach the internet.

    This all works fine for the intended vpn purpose. HOWEVER: When Routing
    and Remote Access is enabled, I lose the ability to RDP into the server
    for remote server management. When Routing and Remote Access is disabled
    and the vpn service cannot be reached, RDP service can easily be reached.

    My question is where have I gone wrong? I'd like to easily have both
    available. I can't have just one or the other.

    Wednesday, June 24, 2009 1:40 AM


All replies

  • Hi,

    I would suggest using TS Gateway + TS Web in this setup.
    Citrix Technology Professional, Founder , Love Microsoft &its people to bits!
    Wednesday, June 24, 2009 8:50 AM
  • This isn't exactly the same situation, but I've finally solved something very similar after beating my head against the wall for several days. Then the problem occured on a second server which was more convenient for testing (it was a much simpler setup, and I had a free Saturday), so I persevered. Setup was as follows:

    Server 2008 w/SP1, AD role install, promoted to DC, then DHCP, RRAS, WSUS, File and Printer Sharing Roles installed

    In RRAS setup, both RAS and NAT were set up. Two NIC's, one on the internet, one internal for NAT clients.

    All installs were as per wizards.

    Basically your bog-standard W2K8 small office setup.

    All worked fine except that RDP into the server only worked from inside the NAT.

    Tested RDP from the server itself
    - into -> works
    - into internal NIC addess ( -> works
    - into external NIC addess -> works

    Tested from laptop (with appropiated changes to its ip config) connected straight into external NIC -> fails.

    Checked with NetMon 3.3 running on server -> RDP requests arrive, but no response returned by server.

    Checked with Firewall logging -> no record of packets (neither accepted nor dropped).

    Turned off firewall -> no change.

    I finally resolved it by enabling the Remote Desktop service in the NAT service mapping table (RRAS console > IPv4 > NAT > right-click external NIC > Properties > Services and Ports tab) and mapping it to the server's loopback NIC ( on the RDP port (3389). I actually did know this table was there but I thought that the Enable Remote Desktop wizard in the setup would have done this for me!
    Saturday, July 25, 2009 10:39 PM
  • Had exactly the same problem here:

    - Clean install "Windows 2008 Server Standard", with 2 NICS
    - No roles installed, just enabled RDP, RDP works fine
    - Disable Firewall, can ping server and RDP still works fine
    - Install RAS with NAT and VPN
    - Cannot ping server, RDP fails on the "outside" NIC, works fine on the "inside NIC"
    - Enable Remote Desktop in "Services and Ports" of the outside NIC, as described above (Alatar)
    - RDP works again, can ping server.

    Monday, July 27, 2009 3:13 PM
  • This should really be more obvious and DONE FOR YOU BY THE WIZARD. I had the exact same problem, who would think PING would be blocked unless REMOTE DESKTOP is enabled on the external interface in the NAT section??
    Thursday, November 12, 2009 12:02 PM