![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 49%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,613 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 34%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
If you can reach internal resources from a remote connected device over the device tunnel, they should be able to manage out to that endpoint. There are a few things that need to be considered, however.
First, the device tunnel is typically only configured to route to specific internal hosts. Ensure that you are trying to manage out to the VPN client from a host listed in the device tunnel's routing table.
Also, ensure the Windows Firewall on the endpoint is configured to allow traffic from the internal network.
You may have to enable firewall logging and look through the logs to see if any traffic is being allowed or denied. You might also want to take a network trace on the management server/workstation and the endpoint at the same time to see what's happening on the wire.
Hope that helps!
