[OPLINTECH] RDP Between OPLIN Libraries

Wed Jan 25 10:23:49 EST 2017

Just a quick FYI that this issue has been solved.

The root cause was an invalid class B subnet mask on the machine acting as
the RDP server. This mask made the machine think that the entire 66.213
range was on the local network, thus responses to RDP connections from
66.213 clients were not being routed out through the gateway.

Huzzah for closure! :)

Karl Jendretzky
IT Manager - Ohio Public Library Information Network
(614) 728-1515karl at oplin.ohio.gov

On Mon, Jan 23, 2017 at 12:21 PM, Chad Neeper <cneeper at level9networks.com>
wrote:

> A thought though...
>
> It sounds like you're trying to RDP to a server(s) at one single site.
> You've established it works from outside the OPLIN network, but not from
> three sites within the OPLIN network. Has there been a change to the
> firewall/NAT rules at the RDP server site?
>
> Also, is the connection establishing, but not staying established?
>
> You could enable firewall logging on the firewall exception that permits
> RDP to your server. I'm assuming your RDP server is behind a network
> perimeter firewall. That's the location I'd start with and enable logging.
> You might be able to discern if there is even a RDP connection attempt from
> your three test sites within the OPLIN network. If there is, you might be
> able to discern a reason for the abort. If you're familiar with packet
> tracing, that would be useful here to see exactly what's going on and
> where/when the failure occurs. If a connection has established, the packet
> trace could show you which device broke the connection or failed to respond
> properly, etc.
>
> https://en.wikipedia.org/wiki/Wireshark
> https://www.wireshark.org/
>
>
> ______________________________
> *Chad Neeper*
> Senior Systems Engineer
>
> *Level 9 Networks*
> 740-548-8070 <(740)%20548-8070> (voice)
> 866-214-6607 <(866)%20214-6607> (fax)
>
> *Full IT/Computer consulting services -- Specialized in libraries and
> schools*
>
> On Mon, Jan 23, 2017 at 12:10 PM, Chad Neeper <cneeper at level9networks.com>
> wrote:
>
>> It might be wiser to run RDP over a VPN rather than exposing your RDP
>> servers directly to the world. That seems rather risky to me:
>> https://www.google.com/search?q=rdp+over+the+internet+risks&
>> oq=rdp+over+the+internet+risks&aqs=chrome..69i57.4775j0j7&
>> sourceid=chrome&ie=UTF-8
>>
>> I can't speak towards your particular issue, though. In my own case, I
>> run site-to-site VPNs and my endpoint is outside OPLIN, so I miss your
>> issue on two counts. I just wanted to mention the security risk...(which
>> you may have already considered and mitigated.)
>>
>> ______________________________
>> *Chad Neeper*
>> Senior Systems Engineer
>>
>> *Level 9 Networks*
>> 740-548-8070 <(740)%20548-8070> (voice)
>> 866-214-6607 <(866)%20214-6607> (fax)
>>
>> *Full IT/Computer consulting services -- Specialized in libraries and
>> schools*
>>
>> On Mon, Jan 23, 2017 at 11:50 AM, <jdarby at mrcpl.org> wrote:
>>
>>> Is anyone else having connection issues with RDP from other libraries on
>>> the OPLIN network? We have experienced and inability to connect from Upper
>>> Arlington PL, Crestline PL, and Ashland PL to Mansfield/Richland County PL,
>>> but have had no issues from locations not on the OPLIN network.
>>>
>>>
>>>
>>> R/S
>>>
>>> John R. Darby
>>>
>>> Information Technology Department
>>>
>>> Mansfield /Richland County Public Library
>>>
>>> 419-521-3152 <(419)%20521-3152>
>>>
>>> _______________________________________________
>>> OPLINTECH mailing list
>>> OPLINTECH at lists.oplin.org
>>> http://lists.oplin.org/mailman/listinfo/oplintech
>>>
>>>
>>>
>>
>
> _______________________________________________
> OPLINTECH mailing list
> OPLINTECH at lists.oplin.org
> http://lists.oplin.org/mailman/listinfo/oplintech
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20170125/7a0dd5c8/attachment.html>