RDP Access to A Client PC from Outside LAN Environment

Question

Hello there, I realize that this query has been brought up a number of times, yet I am having difficulty connecting to a client machine from outside my LAN. Both Machines are Windows 10 Pro, LAN environment is Windows Domain. I am connecting using a random port number XXXX in lieu of the actual RDP port number and using port translation on my firewall to direct the traffic to the specific machine over port 3389. I have successfully used this configuration with other Windows 10 Pro PC's in my domain, however I now have a PC which I am unable to connect to from an external network, yet the RDP connections to this PC work fine within the LAN environment - using RDP 3389, I'm only using port translation for external connections.

I have checked the windows defender firewall on the PC I'm attmepting to connect to. RDP is enabled over all three networks, public, private and domain. For testing purposes I disabled the "Require computers to use Network Level Authentication to connect" option, which made no difference. The RDP services are running, I can connect to this PC via RDP internally. I've completely disabled the Anti-Virus product for testing and it made no difference, still unable to connect.

The error message I get on the PC I'm using to make the remote connection is "An Internal Error has occurred"

I've looked at the firewall monitor when trying to connect and I can see the traffic is reaching the firewall and is being passed through the firewall and forwarded to the target machine / IP. The rules I created for port translation and forwarding are being activated. It would appear the target machine is rejecting the connection, but I can see no reason why.

Any input or insight would be much appreciated.

***moved from Windows / Windows 10 / Internet and connectivity***

Answer 1

Hello,

There are a few things you can try to troubleshoot this issue:

1. Check if the target PC is reachable from the external network. You can do this by pinging the IP address of the target PC from the external network. And, open Command Prompt as Administrator and run netstat -a -n to check if the machine is listening on the translated port and on the default RDP port (3389) internally.
2. Check if the target PC has a valid IP address and subnet mask. Going to Control Panel > Network and Sharing Center > Change adapter settings and checking the properties of the network adapter.
3. Try disjoining your client PC from the Active Directory domain, rebooting, and then re-joining it. You can use the Remove-Computer cmdlet in PowerShell to accomplish this task.
4. Check if there are any event log entries on the target machine related to Remote Desktop Services or Terminal Services.

Here is an relevant article for your reference: Fixing the "Remote Desktop Connection: An Internal Error Has Occurred" Error (petri.com)

(Note: Since the websites are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information).

I hope this helps.

Best regards

Answer 2

Hi Jacen,

Thanks for your reply.

1. I can reach the PC from outside the network, but this involves creating a separate rule to allow ping traffic to my public IP and forwarding to the client machine, which works fine, when I create such a rule. The Client machine in question is only listening on port 3389 for RDP traffic and not on the translated port. The Port translation means that the RDP traffic is translated by the firewall from the spurious port number XXXX to RDP3389 and the traffic is then forwarded to the client machine on port 3389. The reason for the port translation is so that I'm not advertising port 3389 on the public facing port of my firewall.
2. Everything is in order with the PC's IP address and DNS addresses. It's getting it IP from my DHCP server, same as all the other clients, including the ones I can reach over RDP from outside the LAN.
3. Tried disjoining the problem PC from the domain and rejoined. No changes still unable to reach it from outside the LAN.
4. Checked the logs and there are no specific events relating to remote desktop connections.

Thanks for the link to the article. I went through all the troubleshooting steps listed and no changes, still unable to connect from outside the LAN environment. Within the LAN environment absolutely no issues whatsoever. Extremely puzzling.

Answer 3

Hello, If the following configurations are checked correctly, including: remote access permission (the account used by the external PC that initiates the remote connection has been added to the "Remote Desktop Users" group on the computer in the domain), firewall settings, and remote desktop service startup. You may need to check the stability of the external network. You can test connecting to another network, including using another PC outside the domain for testing.

Answer 4

I've checked the reliability of the external network by successfully remoting into a number of other workstations inside my LAN, using the exact same rules on the firewall for port translation and I experience no issues. It would appear that there is something amiss with this workstation, but for the life of me I cannot get to the root of it.

Answer 5

Sorry to hear that your issue is still not resolved, please check the event log again when the remote fails so that we can analyze the cause. Please enable the options below before viewing.