Outbound RDP traffic denied

Hello people,

TMG is not allowing my workstation to access computers on external networks using RDP.

i have created a rule allowing RDP protocol from my workstation to external network but it seems useless.

when checking logs, i see that the default rule is blocking me; even if the access rule is enabled.

note that when bypassing TMG , i can acess computers with RDP.

tmg client is installed on my workstation.

June 13th, 2013 1:03pm

Hi,

if your request is denied by the default rule, some element in your access rule is wrong and does not match. First, make sure that you use RDP (Terminal Services) for protocol, e.g. NOT server.

Second, make sure that the source network is correct and that your client is a part of that network and third, make sure that the destination is correct.

To start with, I'd create a rule that looks like this:

Action: Allow

Protocol: RDP (Terminal Services)

From: internal

To: external

Users: All users

Source: internal

Free Windows Admin Tool Kit Click here and download it now
June 13th, 2013 3:25pm

hi Anders,

i have exactly the same rule. On my logs i can see that RDP traffic is denied, my rule should allow that, but it doesn't work.

i'm really confused.

as you can see, rule #2 should allow my computer (mohamed-L) to connect using RDP. but when checking logs:

connections gets denied by the default rule. 

any idea??

June 13th, 2013 4:39pm

For testing purposes, swap out your computer object "Mohamed-L" for the network object "Internal".

Apply and try again.

Free Windows Admin Tool Kit Click here and download it now
June 13th, 2013 5:25pm

i already did that without any effect. It's really getting strange.
June 13th, 2013 5:36pm

Any alerts?

Can you for testing purposes uninstall the FWC from this client?

Free Windows Admin Tool Kit Click here and download it now
June 13th, 2013 5:55pm

Could you post additional details from TMG live log when it denies you?
June 13th, 2013 6:21pm

no alerts related to that problem and uninstalling fwc client didn't solve the the problem :(
Free Windows Admin Tool Kit Click here and download it now
June 13th, 2013 6:25pm

Hi,

Thank you for the post.

what about other client type, like web proxy client, did it work? and please place this rule on the top and have a try.

Regards,

June 19th, 2013 8:04am

As per Nick's suggestion, if it doesn't work with a web proxy request from the same client and it is denied by the default rule, then I'd say that your internal network definition is incorrect.
Free Windows Admin Tool Kit Click here and download it now
June 19th, 2013 2:38pm

by the way, it's a computer hosted on windows azure that i try to access.
June 25th, 2013 12:32pm

Doesn't really matter where destination is if the request is blocked by TMG.

The reason it is blocked is because some element in the rule or in the underlying configuration denies the request. Hence the previous suggestion to try another protocol in order to understand why the request is denied. If that is also denied then your network configuration is incorrect. If it works, then it is something different.

I do see other denied requests in the above screenshot leading me to believe that the network definitions are incorrect. Check the alerts and see if there's something there relating to the actual client or network definitions and correct accordingly.

Free Windows Admin Tool Kit Click here and download it now
July 1st, 2013 5:48pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics