RDP access suddenly stopped working

411 views
Skip to first unread message

Brian Watts

unread,
Mar 15, 2016, 11:40:14 AM3/15/16
to gce-discussion
I have a Windows VM that I set up in August 2015.  I worked on it extensively until about 3 weeks ago.  I had no problem connecting to it via RDP in the past.

Yesterday, I tried to connect to it again and was not able to establish an RDP connection.  Here are the details:

1. There was no other instance running in this project
2. The web site inside the VM was still running fine even though I could not connect via RDP.
3. I was unable to (and am still unable to) telnet to port 3389
4. The gcloud firewall settings were open for port 3389 and still are open
5. I had made three snapshots of the VM, spanning three months since August, 2015.  I recreated a new VM with each of these snapshots and each one of them showed the same behavior -- no access to port 3389.
6. As a sanity check, I created a new VM to verify that I could connect to a totally new VM via RDP on the same project.
7. I made a copy of  the boot drive and added it to a new instance in order to look at the physical data on the drive.  I looked quite normal. There was no sign of any break in... I examined the Event Viewer logs and found nothing abnormal.

I am able to recreate the server with the data on the copied drive, but I am very concerned that suddenly and for no apparent reason, RDP access is no longer working. Because this is happening on all restored snapshots I created that previously had no problem, it looks very strange indeed and leads me to the reluctant conclusion that if I can't find an explanation, I will have to move the server elsewhere.  That is unfortunate, because I am a big supporter of gcloud, both personally and for the companies I support who use it.







Faizan (Google Cloud Support)

unread,
Mar 15, 2016, 3:00:52 PM3/15/16
to gce-discussion
Hello Brian,

In order to further investigate the issue can you send me the following information through private message.
1. Your Project ID.
2. Instance name.
3. Error that you receive when trying to RDP or telnet.
4. How are you trying to RDP (ChromeRDP, Windows RDP etc)?

Looking forward for your response. I apologize for any inconvenience this may have caused.

Thanks,

Faizan

Brian Watts

unread,
Mar 17, 2016, 10:40:14 AM3/17/16
to gce-discussion
This problem has been solved.

Here are the factors:
1.  About 7 months ago, I must have restricted RDP access to my remote IP address -- which is fixed.
2. Recently, my cable modem failed and I had to replace it.
3. I didn't realize that my external address had changed when the cable modem was replaced.
4. Because it was so long ago, I had also forgotten that I had restricted the remote address RDP access.

So, it appeared that suddenly, and for no obvious reason I was not able to connect (I hadn't tried connecting for a couple of weeks since changing the cable modem, so the hardware change was not that obvious a factor).

The solution was:
1. See the firewall settings by adding to the startup script, the following Powershell line:  
netsh advfirewall firewall show rule name=all dir=in
and then looking at the Serial Console Output after reboot.

2. I noted that there was an IP address restriction on the TCP-IN rule for Remote Desktop.
3. I added the following line to the Powershell startup script:
netsh advfirewall firewall add rule name="Open Port 3389" dir=in action=allow protocol=TCP localport=3389 

4. After a reboot, I was able to connect using RDP.
5. I removed the new rule in the firewall settings and removed the restriction to the 'Remote Desktop' inbound rule.

Paul Nash

unread,
Mar 17, 2016, 10:05:55 PM3/17/16
to Brian Watts, gce-discussion
Thanks Brian, we're glad you were able to figure it out. Based on this case, we're planning on adding additional troubleshooting information to our docs outlining some of the steps and diagnostic scripts we asked you do to in order to solve this. Hopefully this post and those guides in combination will help the next user.

Thanks for posting the resolution, and for being a GCP customer!

--
© 2014 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/8cbf0493-4d6b-4416-9875-7b5178b7dbf0%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



--

Paul R. Nash | Product Manager, Compute Engine | paul...@google.com | 206-876-1620

Reply all
Reply to author
Forward
0 new messages