question

Yankee30 avatar image
0 Votes"
Yankee30 asked GaryReynolds commented

Problem with RDP Session behind firewall with trusted Domain ID

internal.com & dmz.com domains have external trust.
Issue - Trying to access Win2k19.dmz.com behind firewall using internal\UserA account.
Server Win2k19.dmz.com - Windows Server 2019
Server Win2k3.dmz.com - Windows Server 2003

The plan is to move the application from Win2k3 to Win2k19 so the access has to be same.

Case A
When trying a RDP session from not behind the firewall to Win2k3.dmz.com using id internal\UserA it let's me log in.

When trying a RDP session from not behind the firewall to Win2k19.dmz.com using id internal\UserA it let's me log in.

From client machine - telnet Win2k3.dmz.com 3389 - Works so the RDP port is working
From client machine - telnet Win2k19.dmz.com 3389 - Works so the RDP port is working

Case B
When trying a RDP session from from behind the firewall to Win2k3.dmz.com using id internal\UserA it let's me log in.

But when trying the RDP session from behind the firewall to Win2k19.dmz.com using id internal\UserA it does not let me log in.

Error - This computer can't connect to the remote computer. Try connecting again...........

From client machine - telnet Win2k3.dmz.com 3389 - Works so the RDP port is working
From client machine - telnet Win2k19.dmz.com 3389 - Works so the RDP port is working

Per the firewall team they've applied same set of rules to Win2k19.dmz.com as Win2k3.dmz.com.

What could be the problem? Is there any other port that should be opened from client machine ? Or is there any other port that I shall check should be opened from Win2k19.dmz.com to DC's in internal.com domain which firewall guys might have missed ?


windows-active-directorywindows-server-2019
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

GaryReynolds avatar image
0 Votes"
GaryReynolds answered GaryReynolds commented

Hi @Yankee30

Windows 2019 has additional security features enabled by default, which might be causing your issues. The Network Level Authentication for remote sessions is enabled by default have a look at this article cc732713(v=ws.11)

Gary.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

NLAS has been disabled and it still doesn’t work.

0 Votes 0 ·

Hi

I would try and get a network trace, to see if this provides any insight to the problem.

Gary.

0 Votes 0 ·