One person cannot rdp into my server but everyone else can.



  • I have a situation where one of my clients cannot remote into their server from outside the network, but I tried 10 different locations remoting into the same server and it works perfectly.

    What could cause this issue? They tried multiple computers from the same ip on their network so it's not a single computer issue.

    I have a advanced firewall rule with the options max number of established connections = 2, and maximum new connections per second = 2 / 30.

    If this rule were to have banned their IP from connecting, where would it be listed and how would I unban it? I removed the advanced portion of the rule, and that person could still not connect.

    Help. Thanks!


  • LAYER 8 Global Moderator

    Can they ping you?  Are you seeing his packets hit pfsense wan interface?



  • Are you able to take a known working machine form another address and use it to connect from the suspect address? This would rule out their firewall / RDP software setup if you got the same problem.



  • Is this user allowed to login with rdp-connection to that server? is (s)he in correct group?



  • Anybody is allowed to connect to this server from the internet. For some reason this one person cannot. They were able to earlier this morning then for whatever reason now they cannot.

    I see 7 packets in the server logs from them trying to connect to rdp, but it doesn't show packets for the recent connections while I was trying to troubleshoot the issue. Only packets shown from before they called me.



  • Well if you can't see packets from them anymore, then the packets don't get to you.
    I would make sure they are actually using the correct information to connect. (Maybe the other side changed something in the configuration by accident?)
    Or it might be something upstream.



  • Ask them to run a tracert to your WAN ip/ hostname to ensure that it is not a routing issue for their service provider.

    If it is not a routing issue, check that their Windows version is allowed to connect to your server.  Newer Windows versions require newer authentication methods used in Vista and after (it is possible they only have XP machines and your server only allows newer versions of MSTSC to connect).



  • I have seen similar wierd things before. If you are sure your config is correct, try asking the user to connect via a different firewall (at their side), for example if it is a lap top, ask the user to connect via a smart phone, the WLAN service in the cafeteria or the local Internet café or similar. If it works I would suspect that the firewall does something that your firewall(s) does not like, such as silently dropping some tcp packets or similar that results in the client (software) not beeing able to connect. Could be a bad port in a switch or a "broken" switch as well but not as likely. Try replacing one thing at a time and you'll probably find what causes this. If it does not work, try using a dirrefent client software or similar service such as VNC etc at the client side (temporarily disabling software firewalls could be worth trying as well).

    If all other clients can connect it should be something this client does differently and the explanation is probably hidden in there somewhare.

    If you find what causes the problem, please write it here for future referenses.

    cheers,
    /e


Log in to reply