RDP to remote domain doesn't work from specific LAN
I am trying to RDP into my computer at work (running Windows 8 Pro). I can do this from my laptop (running Windows 10 Pro, and also when it was running Windows 8.1 Pro), but I cannot connect from other machines on the same LAN as the laptop (one machine running Windows XP; and one previously running 7 Ultimate and now running Windows 10).
I get the following standard message:
Remote Desktop can't connect to the remote computer for one of the following reasons:
- Remote access to the server is not enabled
- The remote computer is turned off.
- The remote computer is not available on the network.
Make sure the remote computer is turned on and connected to the network, and that remote access is enabled.
I have tried connecting with both the site name (like www.myexample.com
) and the IP address. Pinging the remote computer works on all systems. I am logging in with domain credentials (machine\user
, instead of just user
).
The target machine has Allow remote connections to this computer selected, but the Allow connections only from computers running Remote Desktop with Network Level Authentication checkbox is NOT checked (System -> Remote Settings).
What could be different between the two machines which are unable to connect, and the one machine which can connect?
Edit
It turns out that I cannot connect from the laptop either when it is on the same LAN as the other machines, only when I am connected to a different LAN. This would seem to imply that the router is blocking the RDP traffic, or the router's IP address is blocked on the target domain or machine.
I am leaving the question and answer(s) for future reference, but I have no way of verifying any answers or suggestions in the comments.
Edit 2
On the troublesome LAN, I can ping the domain, but when I try to telnet into the domain with the RDP port (customized) it doesn't work. Telnetting from a different LAN with the specified port is successful. This presumably means that port forwarding from the domain to the target machine inside the target LAN is not an issue.
The error message seems to imply that the port is not available to those systems.
Maybe there is a layer 2 firewall filtering the connections (or a firewall on the server). Check this by using telnet (from the client, open a command window and type telnet <serverip> <rdpport>
). If it does not respond with a banner announcing the RDP service, the problem is at the network - i.e. a firewall of some sort) rather than the app.
If your network is more complex, it's also possible that while the computers are on the same LAN, they are on different subnets, and there is a regular firewall blocking connections between the subnets. You may be able to check this using traceroute. If there is more than 1 hop, or the first hop is not the IP of the remote system, then you are going through a router - most likely with a firewall preventing access.
"I am leaving the question and answer(s) for future reference, but I have no way of verifying any answers or suggestions in the comments."
You can verify where the problem lies :
- Use a free VPN service to connect from the problematic LAN
This will change your IP address and will work as a test on whether the remote server is rejecting your address. If the connection still fails, then the problem is elsewhere.
- Check the router
The router might be blocking the connections.
- Turn off the firewall (while testing only) to see if it is to blame
- Check forwarding rules
- Check if the IP address of the router is within the LAN segment
- Check if an upgrade to the router's firmware is available from the manufacturer
- Try another router