Terminal Server and VPN

Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

I am trying to troubleshoot a strange problem for one of my clients and
having some problems figuring out what's going on.

They have a Windows 2000 Server, running Terminal Services in Remote
Administration mode. We have VPN setup on the server (using Windows built
in VPN feature - RRAS). From any remote machine, I can connect to the
server with VPN, I can ping the server, telnet into the server, even access
PCAnywhere on the server over the VPN using the servers private IP.
However, when I try to connect with Remote Desktop, I get the following
message:

"The Client Could not Connect to the Remote Computer. Remote connections
might not be enabled or the comptuer may be too busy... etc."

There is a Sonicwall TZ 170 in front of the server, but port 3389 is open
going both ways. In fact, I can connect using Remote Desktop to the public
IP when I am not connected to the VPN, which means that the firewall is
definitely letting the traffic through, but once I connect to the VPN I
cannot connect using Remote Desktop to the private IP. We are hoping to
resolve the issue with the VPN so we can close off Terminal Service access
to the public IP.

Any advice is greatly appreciated.

Thank you!

Sincerely,
Matt Schwartz
3 answers Last reply
More about terminal server
  1. Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

    Can you, after the VPN is established, do a TELNET TS_INTERNAL_IP 3389? Does
    it connect?
    Any errors on the TS event log at the time you try to connect to it?

    --
    Cláudio Rodrigues

    Microsoft MVP
    Windows Technologies - Terminal Services
    http://www.terminal-services.net
    "Matt Schwartz" <matt@nelix.com> wrote in message
    news:Xns956E6A6D9BC47mattnelixcom@216.196.97.142...
    >I am trying to troubleshoot a strange problem for one of my clients and
    > having some problems figuring out what's going on.
    >
    > They have a Windows 2000 Server, running Terminal Services in Remote
    > Administration mode. We have VPN setup on the server (using Windows built
    > in VPN feature - RRAS). From any remote machine, I can connect to the
    > server with VPN, I can ping the server, telnet into the server, even
    > access
    > PCAnywhere on the server over the VPN using the servers private IP.
    > However, when I try to connect with Remote Desktop, I get the following
    > message:
    >
    > "The Client Could not Connect to the Remote Computer. Remote connections
    > might not be enabled or the comptuer may be too busy... etc."
    >
    > There is a Sonicwall TZ 170 in front of the server, but port 3389 is open
    > going both ways. In fact, I can connect using Remote Desktop to the
    > public
    > IP when I am not connected to the VPN, which means that the firewall is
    > definitely letting the traffic through, but once I connect to the VPN I
    > cannot connect using Remote Desktop to the private IP. We are hoping to
    > resolve the issue with the VPN so we can close off Terminal Service access
    > to the public IP.
    >
    > Any advice is greatly appreciated.
    >
    > Thank you!
    >
    > Sincerely,
    > Matt Schwartz
    >
    >
    >
  2. Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

    "Cláudio Rodrigues" <Claudio.Rodrigues@NOSPAM-Terminal-Services.NET>
    wrote in news:#CxxNwloEHA.2380@TK2MSFTNGP14.phx.gbl:

    > Can you, after the VPN is established, do a TELNET TS_INTERNAL_IP
    > 3389? Does it connect?
    > Any errors on the TS event log at the time you try to connect to it?
    >


    Claudio,

    Thank you for your help! I can telnet to the internal IP at 3389.

    I have also learned that the person who originally setup the server set it
    up in application mode NOT remote administration mode as I had originally
    been told. They do have an activated TS license server setup on their PDC
    (which is not the server I'm working with). They have not added any TS
    CAL's to it, but they are using XP Pro on all of their workstations (and I
    am using XP Pro on my machine as well) so that shouldn't be an issue,
    correct?

    I have done some further work with this, and it is very strange. When I
    connect to the server over the VPN I can't use remote desktop to access the
    server. When I try a message pops up in the event log on the server saying
    that it was unable to issue a client license. BUT if I wait for about 15
    minutes, I can access it with remote desktop with no problem. As I
    mentioned, my machine is Windows XP Pro, and I access other Terminal
    Servers using Remote Desktop without any problem (including this one using
    it's public IP when not connected with VPN). I've reproduced this behavior
    multiple times. There is a 15 minute delay from the time I connect with
    the VPN to the time I am able to connect with remote desktop.

    Any ideas what is going on with that delay?

    Thanks again for your help!

    Matt
  3. Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

    Set the licensing server on the TS registry.

    --
    Cláudio Rodrigues

    Microsoft MVP
    Windows Technologies - Terminal Services
    http://www.terminal-services.net
    "Matt Schwartz" <matt@nelix.com> wrote in message
    news:Xns9572E2EEEA3BCmattnelixcom@216.196.97.142...
    > "Cláudio Rodrigues" <Claudio.Rodrigues@NOSPAM-Terminal-Services.NET>
    > wrote in news:#CxxNwloEHA.2380@TK2MSFTNGP14.phx.gbl:
    >
    >> Can you, after the VPN is established, do a TELNET TS_INTERNAL_IP
    >> 3389? Does it connect?
    >> Any errors on the TS event log at the time you try to connect to it?
    >>
    >
    >
    > Claudio,
    >
    > Thank you for your help! I can telnet to the internal IP at 3389.
    >
    > I have also learned that the person who originally setup the server set it
    > up in application mode NOT remote administration mode as I had originally
    > been told. They do have an activated TS license server setup on their PDC
    > (which is not the server I'm working with). They have not added any TS
    > CAL's to it, but they are using XP Pro on all of their workstations (and I
    > am using XP Pro on my machine as well) so that shouldn't be an issue,
    > correct?
    >
    > I have done some further work with this, and it is very strange. When I
    > connect to the server over the VPN I can't use remote desktop to access
    > the
    > server. When I try a message pops up in the event log on the server
    > saying
    > that it was unable to issue a client license. BUT if I wait for about 15
    > minutes, I can access it with remote desktop with no problem. As I
    > mentioned, my machine is Windows XP Pro, and I access other Terminal
    > Servers using Remote Desktop without any problem (including this one using
    > it's public IP when not connected with VPN). I've reproduced this
    > behavior
    > multiple times. There is a 15 minute delay from the time I connect with
    > the VPN to the time I am able to connect with remote desktop.
    >
    > Any ideas what is going on with that delay?
    >
    > Thanks again for your help!
    >
    > Matt
Ask a new question

Read More

Connection vpn Servers Windows