question

EddieO-7343 avatar image
0 Votes"
EddieO-7343 asked SunnyQi-MSFT commented

Outbound External RDP timing out when the Domain Firewall profile is applied

Hello

I am running into an issue where a Windows 10 computer will not allow outbound external RDP connection unless the Domain Firewall profile is turned off. They can RDP locally to computers on the domain OK. This is the first time we have needed this kind of connection as its needed to access a 3rd Party application.



I have been through all the RDP troubleshooting I can find. Changed the firewall rules to allow RDP and ports. Turned off the firewall.

But if the domain profile is applied it just times out.

Any thoughts or suggestions?

windows-10-networkwindows-group-policy
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Just checking in to see if the information provided was helpful.

If yes, you may accept useful reply as answer, if not, welcome to feedback.

Best Regards,
Sunny

0 Votes 0 ·
SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered EddieO-7343 commented

Hi,

Welcome to Q&A platform.

Please make sure that ports 3389 and 443 was enabled from target machine side firstly.

And then please make sure that the rule you created in firewall were applied for domain profile.

112419-image.png

Best Regards,
Sunny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


image.png (34.6 KiB)
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello

Yes the ports are open on the target machine and the rule was applied to the domain profile.

Eddie

0 Votes 0 ·

Hi,

Thanks for your update.

Please check if Remote Desktop was allowed for domain network with the following detailed steps:

  1. Open Windows Security

  2. Click on Firewall and network protection

  3. Click the Allow an app through firewall

  4. Click the Change settings

  5. Check the Remote Desktop

  6. Check on which type of networks an app can access the network: domain
    112796-image.png

  7. Click the OK button

Best Regards,
Sunny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·
image.png (62.6 KiB)

HI SunnyQi-MSFT

Yes we have done this and it still does not work.

Eddie

0 Votes 0 ·
SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered SunnyQi-MSFT commented

Hi,

Thanks for your feedback.

If the issue is related to Domain profile of Windows Firewall, I would suggest you could check which rule in Domain profile will block the traffic----enable Audit Filtering Platform Packet Drop and then reproduce the issue, for more detailed methods, please refer to the following link:

How to tell which windows firewall rule is blocking traffic
Please Note: Since the website is not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information.

Best Regards,
Sunny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I cannot see anything that is blacking it

Still invesitaging

0 Votes 0 ·

Hi,

Many thanks for your feedback.

I's sorry that we haven't find the cause of the issue by now, I think we might need capture some detailed logs to find some clues. However, analysis of logs is beyond our forum support level and due to forum security policy, we have no such channel to collect user log information. So we recommend you open a case with MS Professional tech support service, they will help you open a phone or email case to Microsoft, so that you would get a technical support on a one-to-one basis while ensuring private information.

Here is the link: https://support.microsoft.com/en-us/gp/customer-service-phone-numbers

Appreciate your understanding.

Best Regards,
Sunny

0 Votes 0 ·