Meraki

Community

Cannot RDP to WIndows 10 machines over client VPN

Solved
Gork
Conversationalist
‎Apr 7 2020 12:20 PM
‎Apr 7 2020 12:20 PM

Cannot RDP to WIndows 10 machines over client VPN

We recently moved to an MX84 device. The client VPN is set up and works well.  However I have the following issue.  No one can access a Windows 10 machine via RDP.

 

RDP to WIndows 7 machines work

RDP to Windows Server 2012 machines work

RDP to Windows 10 Pro machines does not work. (Not by name or ip address)

These machines do not respond to the ping cmd by name or IP address

These machines were previously accessible via our old firewall and a windows Remote Access Server

 

I can RDP to a Windows 7 or Server 2012 machine and then RDP to any Windows 10 machine.  Any ideas what might be going on?

 

Thanks in advance.

 

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 7 2020 12:47 PM
‎Apr 7 2020 12:47 PM

The number #1 reason is Windows Firewall blocking remote connections.  If you turn off Windows firewall on one of the remote machines can you then RDP in?

View solution in original post

15 Replies 15
DHAnderson
Head in the Cloud
‎Apr 7 2020 12:28 PM
‎Apr 7 2020 12:28 PM

Are all machines on the on the same subnet?

 

Also, can you ping the windows 10 machines from Dashboard (Security & SD Wan\Appliance Status\Tools) then enter an IP address of a Windows 10 machine and press the ping button.

Dave Anderson
0 Kudos
In response to DHAnderson
Gork
Conversationalist
‎Apr 7 2020 12:34 PM
‎Apr 7 2020 12:34 PM

All machines are on the same subnet.  I certainly can from here in the office.  I will have to try the ping from the dashboard when I am home and connected only via VPN..

 

Thanks

0 Kudos
In response to Gork
DHAnderson
Head in the Cloud
‎Apr 7 2020 1:04 PM
‎Apr 7 2020 1:04 PM

You can try pinging from the dashboard from anywhere. It caused the MX to ping the device on the local lan. That makes sure the MX can actually see the Windows 10 boxes. This is just a debugging step.
Dave Anderson
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 7 2020 12:47 PM
‎Apr 7 2020 12:47 PM

The number #1 reason is Windows Firewall blocking remote connections.  If you turn off Windows firewall on one of the remote machines can you then RDP in?

In response to PhilipDAth
QLSteve
Getting noticed
‎Apr 7 2020 7:45 PM
‎Apr 7 2020 7:45 PM

For us its always been the firewall!

0 Kudos
In response to PhilipDAth
Gork
Conversationalist
‎Apr 8 2020 6:23 AM
‎Apr 8 2020 6:23 AM

First of all, thanks for the many replies.  This is truly the best response I've gotten when using an online forum.  I followed the trail of the Windows Firewall and I found there is a group policy that was controlling the network addresses allowed to access Remote Desktop on certain PCs.  Not sure why that was applied to Windows 10 machines only but that appears to be the case right now.  A small adjustment to this and I am away to the races.

 

Thanks.

In response to PhilipDAth
WWWolf
Here to help
‎Apr 8 2020 8:28 AM
‎Apr 8 2020 8:28 AM

I highly recommend AGAINST turning off Windows Firewall unless you have an alternative firewall in place.

It is far better to adjust your firewall rules to allow RDP through it. (Windows Firewall has built-in rules for RDP - you just need to check the boxes to allow the traffic.  I also recommend checking more than just the "Domain" checkbox as Windows sometimes can have difficulties identifying the network.)

0 Kudos
JimmyPhelan
Getting noticed
‎Apr 7 2020 2:24 PM
‎Apr 7 2020 2:24 PM

It is likely to be some kind of firewalling. It would be a good opportunity to run and see the Packet Capture facility on your Meraki equipment and using it to diagnose in more detail

 

Are you doing any deeper security inspection? are you blocking any udp traffic?

0 Kudos
cwf
Getting noticed
‎Apr 7 2020 4:02 PM
‎Apr 7 2020 4:02 PM

Here is a link to a good video on troubleshooting RDP. There are several different things that could be tripping things up.

https://youtu.be/z_IbWKuWFyc

Mayur_Gadhvi
Meraki Alumni (Retired)
Meraki Alumni (Retired)
‎Apr 7 2020 5:57 PM
‎Apr 7 2020 5:57 PM

As you said, you are also not able to ping to window-10  client, you first need to narrow down the issue, start by taking the packet capture on client VPN and lan interface on MX and see how ICMP traffic looks like, if the firewall is passing the traffic then the troubleshooting should be focused on lan side.

 

Start checking from windows firewall and the services, and you should be able to resolve it and if the issue is with the tunnel building with MX 84 from windows 10, then please refer below document,

 

 https://documentation.meraki.com/MX/Client_VPN/Client_VPN_Overview

 

 

0 Kudos
Pulkit_Mittal
Getting noticed
‎Apr 7 2020 7:26 PM
‎Apr 7 2020 7:26 PM

Make sure that windows firewall allow RDP, would suggest to try and remote login prior to connecting via Meraki to confirm if issue exists within windows 10 RDP prerequisites. Ideally, if the vlan subnet is same then it shouldn't be a problem over client vpn.

I have the same config done and works perfectly fine!

0 Kudos
SopheakMang
Building a reputation
‎Apr 7 2020 9:04 PM
‎Apr 7 2020 9:04 PM

Have you checked on Firewall policy ? any block ?
0 Kudos
nikiwaibel
Getting noticed
‎Apr 7 2020 10:23 PM
‎Apr 7 2020 10:23 PM

this must be the win10 firewall, or RDP is turned off on win10.

0 Kudos
In response to nikiwaibel
Pulkit_Mittal
Getting noticed
‎Apr 7 2020 10:32 PM
‎Apr 7 2020 10:32 PM

Yep, probably, the issue with the system config. If vpn client is working fine and part of same subnet then it shouldn;t be an issue. Check rdp default ports on firewall at the edge as well for TCP port 3389 and UDP port 3389.
0 Kudos
In response to Pulkit_Mittal
Pulkit_Mittal
Getting noticed
‎Apr 7 2020 10:33 PM
‎Apr 7 2020 10:33 PM

Capture packets to confirm as well.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.