A
Anahaym
Hi,
I have one domain with one site but two networks:
10.254.1.0/24
10.255.9.0/24
Each network belongs to a branch office and defined in "AD sites and services". Each network has a domain controller.
There are two site-to-site VPNs between branches: production VPN (based on Mikrotik) and test VPN (based on RRAS 2016).
There is a host "tools.domain.local" with IP address 10.255.9.13.
I'm connecting to this host via RDP from 10.254.1.75 through Mikrotik's VPN, which is NATed my address to 172.16.111.25.
2017-11-02 15:16:23 ALLOW TCP 172.16.111.25 10.255.9.13 8757 3389 0 - 0 0 0 - - - RECEIVE
When I switch my computer to use RRAS VPN I can't connect to the server via RDP any more, although I can ping and tracert it.
I found out that Firewall on the server blocks my connections:
2017-11-02 12:47:20 DROP TCP 10.254.1.75 10.255.9.13 49305 3389 48 S 1985911991 0 8192 - - - RECEIVE
here are firewall rules on the server:
PS C:\Windows\system32> get-netfirewallrule -DisplayGroup "Remote Desktop" | ft
Name DisplayName DisplayGroup Enabled Profile Direction Action
---- ----------- ------------ ------- ------- --------- ------
RemoteDesktop-UserMode-In-TCP Remote Desktop - User Mode (TCP-In) Remote Desktop False Public Inbound Allow
RemoteDesktop-UserMode-In-UDP Remote Desktop - User Mode (UDP-In) Remote Desktop False Public Inbound Allow
RemoteDesktop-Shadow-In-TCP Remote Desktop - Shadow (TCP-In) Remote Desktop False Public Inbound Allow
{41770B16-725C-4D9B-900C-6EB0EDF107EA} Remote Desktop - Shadow (TCP-In) Remote Desktop True Domain Inbound Allow
{70C3C55A-4F05-4F9C-ABE9-A6507C2ACAB6} Remote Desktop - User Mode (UDP-In) Remote Desktop True Domain Inbound Allow
{81EA1134-0D36-4DE9-AE3F-1C531251DED7} Remote Desktop - User Mode (TCP-In) Remote Desktop True Domain Inbound Allow
There are two questions:
1) why I can connect from 172.16.111.25 address despite that it wasn't defined as a domain network in "AD Site and services"?
2) why I cannot connect from 10.254.1.0 network, although it was defined as a domain network in "AD site and services"?
Thank you in advance!
Continue reading...
I have one domain with one site but two networks:
10.254.1.0/24
10.255.9.0/24
Each network belongs to a branch office and defined in "AD sites and services". Each network has a domain controller.
There are two site-to-site VPNs between branches: production VPN (based on Mikrotik) and test VPN (based on RRAS 2016).
There is a host "tools.domain.local" with IP address 10.255.9.13.
I'm connecting to this host via RDP from 10.254.1.75 through Mikrotik's VPN, which is NATed my address to 172.16.111.25.
2017-11-02 15:16:23 ALLOW TCP 172.16.111.25 10.255.9.13 8757 3389 0 - 0 0 0 - - - RECEIVE
When I switch my computer to use RRAS VPN I can't connect to the server via RDP any more, although I can ping and tracert it.
I found out that Firewall on the server blocks my connections:
2017-11-02 12:47:20 DROP TCP 10.254.1.75 10.255.9.13 49305 3389 48 S 1985911991 0 8192 - - - RECEIVE
here are firewall rules on the server:
PS C:\Windows\system32> get-netfirewallrule -DisplayGroup "Remote Desktop" | ft
Name DisplayName DisplayGroup Enabled Profile Direction Action
---- ----------- ------------ ------- ------- --------- ------
RemoteDesktop-UserMode-In-TCP Remote Desktop - User Mode (TCP-In) Remote Desktop False Public Inbound Allow
RemoteDesktop-UserMode-In-UDP Remote Desktop - User Mode (UDP-In) Remote Desktop False Public Inbound Allow
RemoteDesktop-Shadow-In-TCP Remote Desktop - Shadow (TCP-In) Remote Desktop False Public Inbound Allow
{41770B16-725C-4D9B-900C-6EB0EDF107EA} Remote Desktop - Shadow (TCP-In) Remote Desktop True Domain Inbound Allow
{70C3C55A-4F05-4F9C-ABE9-A6507C2ACAB6} Remote Desktop - User Mode (UDP-In) Remote Desktop True Domain Inbound Allow
{81EA1134-0D36-4DE9-AE3F-1C531251DED7} Remote Desktop - User Mode (TCP-In) Remote Desktop True Domain Inbound Allow
There are two questions:
1) why I can connect from 172.16.111.25 address despite that it wasn't defined as a domain network in "AD Site and services"?
2) why I cannot connect from 10.254.1.0 network, although it was defined as a domain network in "AD site and services"?
Thank you in advance!
Continue reading...