RDP to Desktop -- Discoveries & Challenges

[R0bR]

6 - Win7-1 is on ASUS P9X79 Deluxe, Intel I7 3820, with 16GB Memory. It has two network connections, and I have tried both. (Win7-2&4 are also on Asus motherboards, with slightly lesser CPUs.)

Are you sure the gateway and subnet mask are correct on this Win7-1?

 

[Russ]

Are you sure the gateway and subnet mask are correct on this Win7-1?

R0bR --

Yes, they are correct -- same as all other systems on my network. I tried comparing the outputs from "ipconfig /all" on the four machines to see if I could find a clue, but, within the confines of my understanding, couldn't find anything.

Thanks,
Russ

 

[ArnoldC]

<snip>
What I am going to do right now is take my dogs and go down by the creek to see what yesterday's rain added. At least that is something I know how to do.
<snip>

How did this turn out? It would have been a nice stroll I suppose?

 

[Russ]

How did this turn out?

Arnold --

It's always good. We (the dogs & I) make at least one trip out there every day. Sometimes I take a book and read while the dogs explore and hunt. I'm still a country boy at heart.

Take care,
Russ

 

[R0bR]

R0bR --

Yes, they are correct -- same as all other systems on my network. I tried comparing the outputs from "ipconfig /all" on the four machines to see if I could find a clue, but, within the confines of my understanding, couldn't find anything.

Thanks,
Russ

hmmm....how about your Windows firewall, is it allowing RDP inbound?

 

[Russ]

hmmm....how about your Windows firewall, is it allowing RDP inbound?

R0bR --

Yes, Remote Desktop is allowed by Firewall.

Thanks,
Russ

 

[J515OP]

I can't help with your particular issue but I finally got around to doing this myself. I remoted into my Win8 laptop and was then able to log into my work VPN from there as well as use Google Chrome browser. Now I only have to take my Surface when traveling

Chances are there is one small thing you are over looking. All of a sudden one day you will probably figure it out and go "d'oh!" Good luck.

 

[Russ]

All of a sudden one day you will probably figure it out and go "d'oh!" Good luck.

J --

Yeah, that happens to me a lot. I think it's called "a blinding flash of the obvious."

What is more likely to happen is that the problem will be resolved by some seemingly unrelated change: Windows Update, etc. That also happens to me occasionally.

I've been doing this computer stuff way too long to be surprised by anything anymore.

Take care,
Russ

 

[R0bR]

Do you have any static routes on that PC that you may not be aware of? Or entries in your hosts file? If no to either then you may want to run WireShark on Win7-1 then try to RDP to it and see if the request is reaching it and if it is what's happening to it.

 

[Russ]

Do you have any static routes on that PC that you may not be aware of? Or entries in your hosts file? If no to either then you may want to run WireShark on Win7-1 then try to RDP to it and see if the request is reaching it and if it is what's happening to it.

R0bR --

Before I begin, I need to say that I really appreciate the efforts you have put into this, but I fully recognize that you have a life, and, as we say here in the South, "You didn't take me to raise." If you have had enough of this tar-baby, just disengage. I will fully understand and still be appreciative of what you have taught me already.

So, having said that:

1. Static routes -- To my knowledge at present, I know of none. Neither do I know how to find one that I didn't know about.

2. "entries in your hosts file" -- I do not have a "hosts" file other than a sample file that is lurking down in the \winsxs\amd64 . . .\ folder. This is also true of my other 64-bit machine, Win7-2.

3. WireShark:

Wow, that is like trying to get a drink of water from a fire hose! I ran it a couple of times for practice, then disconnected the modem from DSL to cut down unrelated traffic and ran it again. I tried three times to RDP from Surface, without success. Some observations: [Note: .73 = Win7-1; .126 = Surface; .254 = Router]

* There were nine instances of a Source .126 with a Destination .73. They looked like this:

19	6.099731000	192.168.1.126	192.168.1.73	TCP	66	53599 > ms-wbt-server [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
20	6.999555000	Spanning-tree-(for-bridges)_01	Broadcast	0x8874	60	Ethernet II
26	9.468112000	192.168.1.126	192.168.1.73	TCP	66	53599 > ms-wbt-server [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
140	18.985001000	192.168.1.126	192.168.1.73	TCP	62	53599 > ms-wbt-server [SYN] Seq=0 Win=8192 Len=0 MSS=1460 SACK_PERM=1
215	37.552677000	192.168.1.126	192.168.1.73	TCP	66	53602 > ms-wbt-server [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
224	40.562836000	192.168.1.126	192.168.1.73	TCP	66	53602 > ms-wbt-server [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
252	46.563165000	192.168.1.126	192.168.1.73	TCP	62	53602 > ms-wbt-server [SYN] Seq=0 Win=8192 Len=0 MSS=1460 SACK_PERM=1
387	66.323444000	192.168.1.126	192.168.1.73	TCP	66	53604 > ms-wbt-server [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
399	69.344286000	192.168.1.126	192.168.1.73	TCP	66	53604 > ms-wbt-server [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
429	75.344792000	192.168.1.126	192.168.1.73	TCP	62	53604 > ms-wbt-server [SYN] Seq=0 Win=8192 Len=0 MSS=1460 SACK_PERM=1
430	75.995551000	Spanning-tree-(for-bridges)_01	Broadcast	0x8874	60	Ethernet II

In no instance did the next event appear to resemble a response. Mostly they were "Spanning-tree, etc." or other unrelated business by the router, such as "Who has ... ?

* Many, if not most, of the instances involving .73 have red letters on a black background (most) or yellow letters on a red background. A pop-up window tells me that this indicates something invalid, but I know not what. The recited events above were all black letters on gray background.

* Almost all (maybe one exception) events with .73 as a Source were red letters (majority) or yellow letters (a few). Events with .73 as a Destination were a mixed bag of mostly green and blue, with a smattering of the other colors. Most of the .73 Source events have a .254 Destination.

* Here are the initial exchanges between .73 and .254, as it appears that they didn't get off to a good start:

32	11.729055000	192.168.1.73	192.168.1.254	DNS	84	Standard query 0x3594  A cn1.redswoosh.akadns.net
33	11.754539000	192.168.1.254	192.168.1.73	DNS	207	Standard query response 0x3594  A 192.168.1.254
34	11.755048000	192.168.1.73	192.168.1.254	TCP	66	49722 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
35	11.756235000	192.168.1.254	192.168.1.73	TCP	66	https > 49722 [SYN, ACK] Seq=0 Ack=1 Win=32768 Len=0 MSS=1460 SACK_PERM=1 WS=1
36	11.756266000	192.168.1.73	192.168.1.254	TCP	54	49722 > https [ACK] Seq=1 Ack=1 Win=65700 Len=0
37	11.756347000	192.168.1.73	192.168.1.254	TLSv1	182	Client Hello
38	11.770113000	192.168.1.254	192.168.1.73	TLSv1	184	Server Hello, Change Cipher Spec, Encrypted Handshake Message
39	11.770254000	192.168.1.73	192.168.1.254	TLSv1	105	Change Cipher Spec, Encrypted Handshake Message
40	11.770434000	192.168.1.73	192.168.1.254	TLSv1	83	Encrypted Alert
41	11.771743000	192.168.1.254	192.168.1.73	TCP	60	https > 49722 [ACK] Seq=131 Ack=210 Win=32768 Len=0
42	11.776145000	192.168.1.254	192.168.1.73	TLSv1	83	[TCP ZeroWindow] Encrypted Alert
43	11.776170000	192.168.1.73	192.168.1.254	TCP	54	49722 > https [RST, ACK] Seq=210 Ack=160 Win=0 Len=0
44	11.999260000	Spanning-tree-(for-bridges)_01	Broadcast	0x8874	60	Ethernet II

I saved the output file (544 events), if there is something specific I should look for, just let me know.

Thanks for everything and take care,

Russ

 

[R0bR]

R0bR --

Before I begin, I need to say that I really appreciate the efforts you have put into this, but I fully recognize that you have a life, and, as we say here in the South, "You didn't take me to raise." If you have had enough of this tar-baby, just disengage. I will fully understand and still be appreciative of what you have taught me already.

No worries Russ, I work in IT and this is the kind of stuff that keeps my job interesting.

For static route launch a command prompt as administrator and type route print, copy the IPv4 route table (both active and persistent if there any) and paste back here.

Your host file will be located in c:\windows\system32\drivers\etc and it will be just hosts with no extension.

Now for WireShark, too little info soooo..... run it again with the following tests:

1. PING from Win7-4 to Win7-1
2. PING from Win7-1 to Win7-4
3. Telnet from Win7-1 to Win7-4 with telnet 192.168.1.XX 3389 (XX being the IP of Win7-4)
4. Telnet from Win7-4 to Win7-1 with same command, other IP obviously.
5. RDP from Win7-1 to Win7-4
6. RDP from Win7-4 to Win7-1

You can pause the capture between tests if you need setup time or just let it run, up to you. When you've completed the tests in that order stop the capture and save the file. I'll give you my email in a private message, zip the output and send to me and I'll load it up on WireShark on my end to analyze it. Don't worry about extra garbage, the view can be filtered by IP.

This is your data so up to you if you want to post any of it in this thread openly, you can email me the info if you prefer. I'm travelling for work tomorrow and won't be back until after the weekend so I won't have time to analyze until then.

 

[Russ]

Rob --

Thanks for the reply and instructions. I'll run it tomorrow and send you the file. I don't care about posting it openly, but that's a lot of data, so emailing it seems preferable.

re: "host file will be located in c:\windows\system32\drivers\etc " -- Neither of the Win7 64-bit systems has a "\drivers\etc" folder. The 32-bit system does have it, with just a sample hosts file in it. That's just FYI, as I'm pretty sure it isn't a hosts problem.

Take care,
Russ