RDP remote desktop, XP works ,Win7 fails



  • Hello All,

    pfSense1.2.3-RELEASE

    1. Windows XP pro  machines    #test
      3 ) Windows 7 Pro    machines    #test

    Have been using pfSense in our school for about 1 1/2 years now and works great by the way!
    Problem: Trying to allow a remote tech to get into one of our Windows 7 Pro workstations to troubleshoot a admin software,come to find out I could not get a NAT to work for the WIndows 7 Pro machine(s).

    I made sure that "Allow Remote Desktop from any version of RDP",,radio button was checked on the Windows 7 machine(s).
    Made sure ALL of the Windows firewall was disabled,,as we disable this at image time.

    I can set up a NAT through one of the available CARP's  to work without any problem to an XP workstation.
    As soon as I point the Ip address to one of the three test Windows 7 Pro workstation(s), the remote desktop fails remotely.
    I have changed the ip address(s) as well in the firewall rule that the NAT setup auto-creates. FYI.
    I can remote desktop fine to any one of the three Windows 7 Pro workstations via the lan.
    I have done a packet capture of both an RDP session to the Windows XP Pro workstation,and an RDP session to one of the Windows 7 Pro workstations. The packet captures looks identical between the two sessions,even though one fails,and one is successful.
    On the Windows 7 Pro RDP session the remote machine does very briefly see the connection screen,,just for a second,,then it disappears.
    Has anyone else experienced this behaviour,by chance?

    I done a search here,,,and never found anything referencing this scenario.

    Thank You,
    Barry



  • Remote Desktop through NAT was working for me in the past. If it works for you to a WinXP machine than NAT should be ok.

    In Windows 7 you can change the Remote Desktop Version the other client is allowed to use. This is for security reasons. Make sure you allow all versions to connect on you Win7 machine.

    Than go to firewall and allow "Remote Desktop" and "Remote Desktop FX" for all profiles (private and public).
    The Option should be "Allow applications through the firewall".

    Further check if you have AntiVirus apps which secure you LAN connection and disable them or allow Remote Desktop.



  • I just tested this and it worked with port forward with no problem.

    When you adjusted the NAT rule, did you go and adjust the firewall rule?



  • (private and public).

    This got me in the past on one of my machines…  We have a mix of XP and Win7 machines here and works fine.



  • Wouldn't each of the PCs needing to be remote desktop'd to need to be configured for different ports. Use one on default 3389 port & try other on 3390 port?



  • Thank You to all that have made constructive suggestions.
    I still cannot get RDP to work remotely to Windows 7 pro workstations.
    This is the procedure I do on the pfSense-1.2.3-RELEASE  box,,from a Windows XP Pro machine setup that works fine.

    1. In the NAT configuration page a simply change the internal ip address to one of the Windows 7 pro workstation ip addresses, Save and Apply. ( the carp / public ip address i leave the same)
    2. I then go to the firewall setting,>WAN tab( the rule that is auto-generated by the RDP NAT rule), and change the internal ip address to reflect the Windows 7 pro machine,Save and Apply.

    When trying RDP from a remote machine the Windows 7 pro machine session, blinks just for a second and disappears. I have tried this on three different freshly imaged Windows 7 Pro machines, FYI.

    I do have  the "Allow remote desktop from any version of RDP client machine" is in fact selected.
    I have the Windows Firewall on the Windows 7 Pro machine disabled on all three possibilities here. The Windows Firewall is totally disabled in other words.

    Also,I can in fact remote desktop to the Windows 7 Pro machine fine within or lan,so it does appear something is not getting two way communcation between our lan and the Nat'ted ip address.

    As soon as I change the internal ip address to one of our Windows XP Pro machines the very same Nat'ted connection will work fine remotely.

    Thanks,
    Barry


Locked