Remote Desktop outbound connection fails

pts.
Tags:
Firewalls
Forensics
Incident response
Intrusion management
Network security
VPN
Wireless
I have an ISA Server 2000 and Windows 2000 Small Business Server Edition. I can connect to a external (Internet) Terminal Server from the ISA firewall computer, but I can not connect from the internal Workstations, which have the Firewall Client installed. I already enabled the RDP (Terminal Services) protocol in the ISA firewall and have a Site Rule to Allow All. The firewall log (all selected) shows: (Notice that for each RDC intent it creates three for rows, and the forth row gives error code 20000, or 20001) 192.168.0.53 Jose E. Torres mstsc.exe:3:5.1 Y 2005-09-12 19:26:36 fwsrv MAILSERVER - 206.242.150.111 206.242.150.111 - 16 - - - - GHBN - - - 0 - HTTP Allow rule 7373 0 192.168.0.53 Jose E. Torres mstsc.exe:3:5.1 Y 2005-09-12 19:26:36 fwsrv MAILSERVER - - 206.242.150.111 3389 16 - - 3389 TCP Connect - - - 0 - A Remote Desktop Allow rule 7373 8677 192.168.0.53 Jose E. Torres mstsc.exe:3:5.1 Y 2005-09-12 19:26:36 fwsrv MAILSERVER - - 206.242.150.111 3389 16 - - 3389 TCP Connect - - - 0 - A Remote Desktop Allow rule 7373 8677 192.168.0.53 Jose E. Torres mstsc.exe:3:5.1 Y 2005-09-12 19:27:10 fwsrv MAILSERVER - - 206.242.150.111 3389 34703 457 7357 3389 TCP Connect - - - 20001 - A Remote Desktop Allow rule 7373 8677

Answer Wiki

Thanks. We'll let you know when a new response is added.

I don’t have any answers offhand, but I am curious about a couple of things – maybe we can make this dialog entertaining enough to elicit some more knowledgeable responses (grin).

On the 4th line, I see a different pattern in the logs…
3389 34703 457 7357 3389 where I assume the 3389 at the beginning and end of that fragment are the inner destination port and the outer destination port.
On the earlier lines, it just shows:”3389 16 – – 3389 ”

Any idea what the significance of those other numbers are?

Also wondering, does the internal workstation see the connection attempt as a timeout, or a connection refusal?

I’m assuming that the logs you’ve shown are from the firewall/ISA server. Are there any relevant logs on the external Terminal Server?

Bob

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Jet10520
    The log fields are explained in this link: http://www.microsoft.com/resources/documentation/isa/2000/enterprise/proddocs/en-us/isadocs/m_s_c_loggingfields.mspx http://support.microsoft.com/default.aspx?scid=kb;en-us;284818 I do not have access to the Terminal Server Logs of the Internet server I am connecting to. I ask for help to them but they refused $$$$. But any way I can connect from the ISA server itself, so I guess the connection is not being denied. I get RDC error messages randomly (20000 , 20001 errors produce two different error messages in RDC) One gives a timeout error, and the other gives "Remote connections might not be enable or the computer might be too busy ..."
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following