This one is driving me nuts. I have a Terminal Server at a client’s location (they are an RV park, and have a rather extensive internal network with multiple DSLAM’s). The TS has 2 NIC’s: one connected to the local (office) network, through a router to a DSL modem, then on to the Park network; the other (a USR brand) connected directly to a DSL modem with a public IP through the Park network.
I have RDP bound only to the USR NIC, and I am using Wireshark to monitor the port 3389 traffic on it.
If I use RDC to connect from another computer on the Office LAN, using the public IP address, everything goes fine and I get a login screen; Wireshark shows lots of port 3389 traffic going both ways.
If I try to connect from outside the park (using the same public IP), Wireshark show three successive INBOUND port 3389 packets at 3 to 6 second intervals, with NO outbound ones, then my RDC client gives the old “this computer can’t connect to the remote computer” message.
It is like the computer is refusing to answer any RDP traffic unless it is from a local IP. Windows firewall is turned off (I even went into Services.msc and made sure the service isn’t running), and there are no third-party security products running on this computer.
The most annoying thing is that this used to work fine. About 2 months ago it became intermittent, and now is won’t work at all. I have traded out the NIC I am using (it was an Intel, now a USR), with no change in behavior.
Source: serverfault.com