If you define a Program rule in Symantec Firewall, allowing access to
the Remote Desktop application, the rule will not apply when there is no
logged in user and the traffic will be denied. This caused us big
headaches with the Tivoli scheduler service until we figured it out. If
you define the rule under the General section, as a packet filter rule
allowing connections to port 3389, it will work when there is no logged
in user.
-- Allison Henry Communication and Network Services University of California, Berkeley David Lee wrote: > We are having the same problem and I have isolated it down to the > firewall. We use Symantec Security Client. One of the built-in > defaults, which I have not figured out how to modify, is when there is > no logged-in user, everything is denied. And I also need a way around > this, as more and more of my suers are remoting in. > > At 10:07 AM 2/24/2006, you wrote: > >> Hi Steve, >> >> What firewall software are you using? >> >> I am using SCS 3, and have not run into the problem you describe. >> >> To be clear, is this what you have set up right now? >> >> 1. Users are connecting to XP Pro desktops from remote locations. >> 2. Users are either local admins or have been entered into the "allow >> remote >> control" group >> 3. Firewall is allowing either all IP addresses to connect to TCP 3389 >> OR >> 3b. Firewall is only allowing the campus VPN address range to connect to >> 3389 >> >> Is that accurate so far? >> >> Sounds like there might be some service that is not starting on system >> startup, but is starting after a user logs into that machine. >> >> ~R >> >> >> On 2/24/06 10:01 AM, "Steven Longenbohn" <drsteve@berkeley.edu> wrote: >> >> > Greetings, >> > >> > in our department we have a large percentage of the staff who access >> > their work computer from home using Remote Desktop in Windows XP Pro. >> > >> > The Windows Automatic Updates often require a reboot at 3am. >> > After the reboot, remote desktop will not reconnect. >> > The message is that the machine is not available or receptive for >> connections. >> > >> > Currently someone (at the office) has to go to the comptuer at work, >> > logon, call the user at home, have them use Remote Desktop and bump >> > off the person at work. Then they can logon and logoff and logon as >> > many times as they want ... until the next windows update and >> > reboot. Then we start all over again. >> > >> > Please please please does anyone know if there is some adjustment >> > that can be made to the computer settings that will make this problem >> > go away and enable Remote Desktop to connect after a reboot without >> > the need for a second staff person to logon to re-enable Remote >> Desktop???? >> > >> > Thanks ! >> > >> > >> > >> > >> > >> ****************************************************************************** >> > ********** >> > * Steve "DrSteve" Longenbohn IS&T: Administrative >> Systems Dept >> > * >> > * CalNet Deputy System Administrator >> > * CalAgenda Admin PC Doctor & Troubleshooter >> > * >> > * Office: 510-643-9777 Cell: 510-812-0256 >> > * 2111 Bancroft Way, Room 409D (Banway Bldg) >> > >> ****************************************************************************** >> > ********** >> > >> > >> > ------------------------------------------------------------------------ >> > The following was automatically added to this message by the list >> server: >> > >> > For information about Micronet, including subscribing to >> > or unsubscribing from its mailing list and finding out >> > about upcoming meetings, please visit the Micronet Web site: >> > < http://micronet.berkeley.edu/>. >> >> ******************************************************************* >> Robert Hiramoto >> IT Manager >> Institute of Industrial Relations >> University of California, Berkeley >> 2521 Channing Way >> Berkeley, CA 94720-5555 >> >> >> Phone: (510) 643-3903 >> Fax: (510) 642-6432 >> >> >> Office Hours: >> Monday - Friday: 8:00 am to 4:00 pm >> >> >> >> ------------------------------------------------------------------------ >> The following was automatically added to this message by the list server: >> >> For information about Micronet, including subscribing to >> or unsubscribing from its mailing list and finding out >> about upcoming meetings, please visit the Micronet Web site: >> < http://micronet.berkeley.edu/>. > > David D. Lee > Computer Resource Specialist II > Office of Undergraduate Admissions > ouarshlp@uclink4.berkeley.edu > 2-6417 > ------------------------------------------------------------------------ The following was automatically added to this message by the list server: For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.berkeley.edu/>.Received on Fri Feb 24 10:48:29 2006
This archive was generated by hypermail 2.1.8 : Fri Feb 24 2006 - 10:48:29 PST