[SOLVED] Unable to ping but can RDP conditionally into a machine

[botha.erich]

Okay, so I have a weird one.

Our network is divided into different subnets were a VM (Windows 7 vm) is located for example on 10.15.2.x and the network from where I work from is on 10.15.5.x. Before a few days ago Windows and Linux machines were able to RDP to the VM on 10.15.2.x with no issue, also you could ping it before.

Now Linux and Windows machines are unable to ping or connect to this specific VM. I can ping any device from one network to the other but this VM cannot ping specific computers. I cannot ping the vm from my side (windows 10 pc) anymore and vise versa.

However I was able to find a work around for Windows devices to RDP to the VM again. On the VM I changed the "Allow connections only from computers running Remote Desktop with Network Level Authentication" to "Allow connections from computers running any version of Remote Desktop". It works for now but I still cannot ping the vm from Windows or Linux.

I'm sure it's something small but I'm unable to find the problem. Any advise would be appreciated.

I have checked if ICMP was blocked on the firewall but that does not change anything.

 

[popatim]

Win7 needs a few fixes to work with win10.
A hotfix (KB2574819) followed by RDC version 8.0 (KB2592687) {reboot!}

And then registry fixes . One to enable TLS1.1 & 1.2 and the other to enable the WinHTTP Authentication model.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000a00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\Passport Test]
"ConfigVersion"=dword:00000000
"LoginServerRealm"="Passport.NET"

{reboot}

You might be able to just get away with the first two KB's.

 

[botha.erich]

Win7 needs a few fixes to work with win10.
A hotfix (KB2574819) followed by RDC version 8.0 (KB2592687) {reboot!}

And then registry fixes . One to enable TLS1.1 & 1.2 and the other to enable the WinHTTP Authentication model.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000a00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\Passport Test]
"ConfigVersion"=dword:00000000
"LoginServerRealm"="Passport.NET"

{reboot}

You might be able to just get away with the first two KB's.

I will try your solution when I am in office again. What I don't understand is that everything used to work perfectly fine. The last Friday I worked on the VM from my side with 0 issues but when I came back on Monday, another employee reported that he cannot login via linux so I triedf on my Win10 machine and got the same issue. Although I can login again with Windows 10, the problem is not fully resolved for the linux side.

I tested remmina on a few linux machines with a bunch of different recommendations I found online but none seem to work, just get a message that says the machine is unable to RDP into that location. Even used other Remote Desktop software on Linux.
What I havn't done is running basic updates on the Linux machines.

 

[popatim]

Sounds like someone applied the patches on the server side finally. We ran into the issue last month with our servers.