RDP Firewall Rules Not Working

hey guys
i have a terminal 2008 r2 server all of a sudden rdp firewall rules are broken
unless i specify the local ip range in the scope i cannot rdp locally which makes no sense if they are set to any. any ip should work. and the other wierd thing is if i changed the rdp port number in the registry and add the firewall rule for said port and leave range to any it works perfectly fine and ive compared it to another server everything is the same. this server just rejects all local traffic on 3389 even though netstat says its listing and will work externally just not internally. and ive tried turn firewall off creating a new rule and disabling the default one and turn off antivirus etc not luck any other ideas would be greatly appreciated thanks

Hi Dan,

What does the rule look like exactly?

Seeing as it is 2008 R2, have you tried… turning it off and on again? Well more explicitly disabling RDP, remove the firewall, reboot and then re-enable RDP.

Are you aware of any other services that may start before RDP that may potentially want the port its using?

(Also be aware that 2008 R2 does go out of support January 2020 so consider your upgrade paths)

its just the default rdp rule built into windows 3389 domain profile local ip any remote address any etc . yeah ive tried all that already made no change. and there is no other services if i specify my external ip from home rdp works but wont work locally. and yeah im aware support ends soon i am trying to convince my client they need to upgrade but they never want to spend the $$ on IT

Using powershell from another Windows machine you can test that the servername is resolving and that the port is listening with:

test-netconnection -port [port_number] -computername [servername]

This command will then try to connect to the server on that port, if that fails it falls back to a ping; You can also substitute the -computername with an IP address.

Ahhh the bane of all IT jobs.

To connect externally have you punched a hole in the firewall or are you using Terminal Gateway services?