Remote Desktop on the same network

windows-server-2008 remote-desktop login domain remote

I have a main server set up and staff that use laptops to come into the office and work. We have currently moved everything over onto a server setup in the office that the staff can all remote desktop onto and work on their work. The problem I am facing is that the remote desktop is viewable outside the domain via a domain name, but when in the office you have to access it via an IP address.

Is it possible to access the remote desktop in the office on the same network as the server using the domain name they use to access it at home?

It's not the end of the world if not, but they really aren't the best with computers so it would be a lot less work if they could just use the same address!


It sounds like your firewall / router device doesn't support "NAT hairpin". When the users attempt to access the RDP server while on the LAN the server's name is being resolved, by DNS, to the external-side IP address of your firewall. The PC's RDP connection attempt is being sent to the firewall which isn't routing it back to the server on the LAN.

The easiest "fix" for you would be to:

  • Install the DNS Server role on the Windows Server machine (or another Windows Server machine, if you have one)

  • Create a "Forward Lookup Zone" with the same name being used by users to access the RDP server

  • Create an "A" record in this zone with a blank hostname and resolving to the LAN IP address of the RDP server computer

  • Reconfigure your DHCP server to provide the IP address of the server you installed the DNS Server role as the DNS server for client computers

If you're using the "bare" domain name "domain.com" to access your RDP server you'll find that the technique above will "break" access to Internet sites using your domain (like "www.domain.com"). In that case it would be better to create a DNS record on the Internet for something like "RDP.domain.com" (and the same Forward Lookup Zone on your LAN) so queries for other "domain.com" names can be sent to your Internet DNS server.

Finally, if you're going to expose a Windows Server machine directly to the Internet with RDP please be sure that your users are using complex passwords (that, hopefully, they're not using in other places), implement the Windows Account Lockout policy to disable accounts after consecutive failed logon attempts, and consider rate-limiting new incoming RDP connections to the server with your firewall (or, a third-party script


It sounds like you need to be running an internal DNS server in order to do what you desire. If that is the case please do some research and post questions back on that specific subject.

Failing that you could set up a couple hand made RDP files that folks could just double click on to open a connection to your server.

Related

Overriding the X-Forwarded-For header in haproxy?
Is there any any merit to routinely restore a linux system, even if unnecessary?
Netcat UDP File Transfer?
How is a testing domain useful?
Can't extract tar file on Linux server
fancybox bug with trigger click
JavaScript function binding (this keyword) is lost after assignment
CMake linking against shared library on windows: error about not finding .lib file
Python Socket Flush
How can I call a mutating method while holding a reference to self?
Fancybox stuck loading iframe in IE
Android What permissions required to call PowerManager.goToSleep(n) put device in sleep mode?