SBS 2008 – Cannot RDP to machines via VPN or from other sites

KB ID 0000193

Problem

The firewall policy that Server 2008 uses out of the box only allows RDP connections from the local LAN. This is great in an office environment, but it you have remote VPN clients (On a different IP range) that can’t get access to your client PC’s or member servers via RDP, not so good. If you have a member server running terminal services for example, then having RDP blocked will stop it working.

You would think that, to fix the problem you would change the policies either at..

Windows Firewall: Allow inbound remote administration exception.
or
Windows Firewall: Allow inbound Remote Desktop exceptions.

But I did that and it still didn’t work!

Solution

1. Assuming the affected machines are in the My Business > Computers > SBSComputers OU in Active Directory. (If not either move them or change policies accordingly).

2. On the SBS Server, Click Start > Administrative Tools > Group Policy Management > Navigate to Computer Configuration > Policies > Administrative Templates >Network > Network Connections > Windows Firewall > Domain Profile > Locate “Windows Firewall: Define inbound Port Exceptions” > Double Click it > Click Enabled > Click Show

3. CLick Add > In the “Enter the Item to be added” box type the following,

3389:TCP:*:enabled:RDP

Note: the asterisk denotes accept traffic from any IP, you can enter a range of IP addresses i.e. 192.168.1.0/24 or a single IP address like 172.16.3.1, or the word localsubnet, or a combination, seperated by commas e.g.

3389:TCP:192.168.1.0/24,172.16.3.1.localsubnet:enabled:RDP

4. Click OK > Apply > OK.

5. On the machine you are trying to get to Click Start > In the run/search box type cmd {enter} > At command line issue the gpupdate /force command.

 

Related Articles, References, Credits, or External Links

NA