I would greatly appreciate some advice on why I cannot achieve a Remote
Desktop Connection from a remote location yet it works just fine between
computers on my LAN.



Here is my setup, 3 XP Pro computers plus a Windows Home Server (WHS)
running on a LAN with a Linksys BEFSR41 router.



Let’s assume the internal address of one of my computers is 192.168.1.123.
For this computer, I have the “Remote Desktop” box checked in both Windows
Firewall Exceptions and Advanced sections (TCP port 3389). I’m also port
forwarding 3389 for address 192.168.1.123 in the Linksys router. Shouldn’t
things now work from a remote location, what am I missing?



I should also point out that I have no problems accessing my WHS server from
a remote location. When I make a connection to this server I can view all my
LAN computers.



Thanks in advance

Jim <(E-Mail Removed)> wrote:
> I would greatly appreciate some advice on why I cannot achieve a
> Remote Desktop Connection from a remote location yet it works just
> fine between computers on my LAN.
>
>
>
> Here is my setup, 3 XP Pro computers plus a Windows Home Server (WHS)
> running on a LAN with a Linksys BEFSR41 router.
>
>
>
> Let’s assume the internal address of one of my computers is
> 192.168.1.123. For this computer, I have the “Remote Desktop” box
> checked in both Windows Firewall Exceptions and Advanced sections
> (TCP port 3389). I’m also port forwarding 3389 for address
> 192.168.1.123 in the Linksys router. Shouldn’t things now work from a
> remote location, what am I missing?
>
>
> I should also point out that I have no problems accessing my WHS
> server from a remote location. When I make a connection to this
> server I can view all my LAN computers.
>
>
>
> Thanks in advance

In the Windows Firewall, is RDP allowed from any subnet (*)?
Does your ISP block ports?
Are you sure you're using the correct public IP? (I suggest using something
like www.dyndns.com or www.no-ip.com if you have a dynamic public IP).

Hi
In principle you did that correct configuration.
Make sure that port 3389 is Only Used (opened) by 192.168.1.123.
A specific port can be used only by One computer, if you need more computers
available to Outside Remote you need to change the ports so that each one
has a unique port.
Here how-to, http://support.microsoft.com/kb/306759
Software Firewalls on computers blocks ports too, make sure that the ports
are forwarded correctly through the Software Firewalls as well.
Jack (MS, MVP-Networking)

"Jim" <(E-Mail Removed)> wrote in message
news:e5qccMW$(E-Mail Removed)...
>I would greatly appreciate some advice on why I cannot achieve a Remote
>Desktop Connection from a remote location yet it works just fine between
>computers on my LAN.
>
>
>
> Here is my setup, 3 XP Pro computers plus a Windows Home Server (WHS)
> running on a LAN with a Linksys BEFSR41 router.
>
>
>
> Let’s assume the internal address of one of my computers is 192.168.1.123.
> For this computer, I have the “Remote Desktop” box checked in both Windows
> Firewall Exceptions and Advanced sections (TCP port 3389). I’m also port
> forwarding 3389 for address 192.168.1.123 in the Linksys router. Shouldn’t
> things now work from a remote location, what am I missing?
>
>
>
> I should also point out that I have no problems accessing my WHS server
> from a remote location. When I make a connection to this server I can view
> all my LAN computers.
>
>
>
> Thanks in advance
>
>
>
>

Thanks to all who replied.



Let me first review - No problem doing a Remote Desktop Computer (RDC) from
within my LAN using either the computers internal IP address or its name.
However, doing this same thing on an external XP Pro computer does not seem
work. I'm also not sure I understand how the external RDC computer
understands an address such as 192.168.1.xxx.



The problem seems to be that my remote port 3389 is being blocked external
but how/why, is it because of the Windows firewall, my router, or by my ISP?
How can I test this?



I also understand that I can only use port 3389 on one of my LAN computer
and that I will have to edit my XP register to change port 3389 to something
else for the other computers - is this correct? If so, must I then make the
appropriate changes in there Windows firewall as well as my router? What
about HTTP port 80, must it be on?



I would certainly appreciate any follow-up advice, keeping in mind I'm not
an expert in this area.



Jim



"Jim" <(E-Mail Removed)> wrote in message
news:e5qccMW$(E-Mail Removed)...
>I would greatly appreciate some advice on why I cannot achieve a Remote
>Desktop Connection from a remote location yet it works just fine between
>computers on my LAN.
>
>
>
> Here is my setup, 3 XP Pro computers plus a Windows Home Server (WHS)
> running on a LAN with a Linksys BEFSR41 router.
>
>
>
> Let's assume the internal address of one of my computers is 192.168.1.123.
> For this computer, I have the "Remote Desktop" box checked in both Windows
> Firewall Exceptions and Advanced sections (TCP port 3389). I'm also port
> forwarding 3389 for address 192.168.1.123 in the Linksys router. Shouldn't
> things now work from a remote location, what am I missing?
>
>
>
> I should also point out that I have no problems accessing my WHS server
> from a remote location. When I make a connection to this server I can view
> all my LAN computers.
>
>
>
> Thanks in advance
>
>
>
>

Jim wrote:


> Let me first review - No problem doing a Remote Desktop Computer (RDC)
> from within my LAN using either the computers internal IP address or its
> name. However, doing this same thing on an external XP Pro computer does
> not seem work. I'm also not sure I understand how the external RDC
> computer understands an address such as 192.168.1.xxx.

It doesn't. That's why you forward ports. Traffic comes in from the outside
over specific ports for the remote connection. That connection can only be
made to a public IP address. The router (which gets its public IP address
on the WAN side from the ISP) turns around and forwards any traffic over
those specific ports to the private IP address of a designated computer.
This is why it is easiest to do this when you have a static public IP
address. You have to pay your ISP extra for this or have a business account
with them that comes with a number of static IP addresses. The alternative
for people who have dynamic IP addresses is to use a service like the one
from DynDNS.com.

> The problem seems to be that my remote port 3389 is being blocked external
> but how/why, is it because of the Windows firewall, my router, or by my
> ISP? How can I test this?

The port is configured on the router, not the computer.

> I also understand that I can only use port 3389 on one of my LAN computer
> and that I will have to edit my XP register to change port 3389 to
> something else for the other computers - is this correct? If so, must I
> then make the appropriate changes in there Windows firewall as well as my
> router? What about HTTP port 80, must it be on?

No, this is not correct. You don't have to do anything in the registry. You
do port forwarding on the *router*. You set a static private IP address on
the computer that is the target for remote control. You set the IP address
on a computer by going to Control Panel>Network Connections and then
right-click on the Local Area Connection for the network adapter involved
(probably your ethernet card). Left-click on Properties. Double-click the
entry for TCP/IP and change the IP address from "obtain automatically" to a
specific address on the LAN outside of the router's DHCP range.

Example: If the router assigns IP addresses from 192.168.1.100 to
192.168.1.150, use a static IP address for that computer of something like
192.168.1.170.

Of course you also have to set the target computer's firewall to allow
remote desktop connections and/or the software that you're using to do this
(if not using the native XP software and are using something like
pcAnywhere or one of the VNC flavors).

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ

Malke,

Thanks for you detailed response, I just hope I understand.
I've now set the static private IP address on my "target" computer to
192.168.1.170 which is outside of the routers assignments of 192.168.1.100
to 150
In my router, I've forwarded port 3389 to 192.168.1.170.
My ISP is Comcast and my public IP address is usually fixed

If I follow you correctly, when I bring up "Remote Desktop Connection" on my
son's XP Pro computer, I enter my public static address? Expect to try this
later today.

Jim


"Malke" <(E-Mail Removed)> wrote in message
news:emSKh%23i$(E-Mail Removed)...
> Jim wrote:
>
>
>> Let me first review - No problem doing a Remote Desktop Computer (RDC)
>> from within my LAN using either the computers internal IP address or its
>> name. However, doing this same thing on an external XP Pro computer does
>> not seem work. I'm also not sure I understand how the external RDC
>> computer understands an address such as 192.168.1.xxx.
>
> It doesn't. That's why you forward ports. Traffic comes in from the
> outside
> over specific ports for the remote connection. That connection can only be
> made to a public IP address. The router (which gets its public IP address
> on the WAN side from the ISP) turns around and forwards any traffic over
> those specific ports to the private IP address of a designated computer.
> This is why it is easiest to do this when you have a static public IP
> address. You have to pay your ISP extra for this or have a business
> account
> with them that comes with a number of static IP addresses. The alternative
> for people who have dynamic IP addresses is to use a service like the one
> from DynDNS.com.
>
>> The problem seems to be that my remote port 3389 is being blocked
>> external
>> but how/why, is it because of the Windows firewall, my router, or by my
>> ISP? How can I test this?
>
> The port is configured on the router, not the computer.
>
>> I also understand that I can only use port 3389 on one of my LAN computer
>> and that I will have to edit my XP register to change port 3389 to
>> something else for the other computers - is this correct? If so, must I
>> then make the appropriate changes in there Windows firewall as well as my
>> router? What about HTTP port 80, must it be on?
>
> No, this is not correct. You don't have to do anything in the registry.
> You
> do port forwarding on the *router*. You set a static private IP address on
> the computer that is the target for remote control. You set the IP address
> on a computer by going to Control Panel>Network Connections and then
> right-click on the Local Area Connection for the network adapter involved
> (probably your ethernet card). Left-click on Properties. Double-click the
> entry for TCP/IP and change the IP address from "obtain automatically" to
> a
> specific address on the LAN outside of the router's DHCP range.
>
> Example: If the router assigns IP addresses from 192.168.1.100 to
> 192.168.1.150, use a static IP address for that computer of something like
> 192.168.1.170.
>
> Of course you also have to set the target computer's firewall to allow
> remote desktop connections and/or the software that you're using to do
> this
> (if not using the native XP software and are using something like
> pcAnywhere or one of the VNC flavors).
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers - Don't Panic!
> http://www.elephantboycomputers.com/#FAQ
>

Hi
There are here tow parallel processes.
If you need to change the port of the RDT on a computer you follow the
Microsoft page that I pointed to (it is nothing to do with the Router, and
it does entails change in the registry).
Once the port scheme is established, you have to open the correct ports
toward the corresponded computers through the Router.
This page ( pass the middle) describes how to so it with another type of
Remote Control program. The same principle applies to RDT.
http://www.ezlan.net/vnc.html
Jack (MS, MVP-Networking).


"Jack [MVP-Networking]" <(E-Mail Removed)> wrote in message
news:eSdEnHa$(E-Mail Removed)...
> Hi
> In principle you did that correct configuration.
> Make sure that port 3389 is Only Used (opened) by 192.168.1.123.
> A specific port can be used only by One computer, if you need more
> computers available to Outside Remote you need to change the ports so that
> each one has a unique port.
> Here how-to, http://support.microsoft.com/kb/306759
> Software Firewalls on computers blocks ports too, make sure that the ports
> are forwarded correctly through the Software Firewalls as well.
> Jack (MS, MVP-Networking)
>
> "Jim" <(E-Mail Removed)> wrote in message
> news:e5qccMW$(E-Mail Removed)...
>>I would greatly appreciate some advice on why I cannot achieve a Remote
>>Desktop Connection from a remote location yet it works just fine between
>>computers on my LAN.
>>
>>
>>
>> Here is my setup, 3 XP Pro computers plus a Windows Home Server (WHS)
>> running on a LAN with a Linksys BEFSR41 router.
>>
>>
>>
>> Let’s assume the internal address of one of my computers is
>> 192.168.1.123. For this computer, I have the “Remote Desktop” box checked
>> in both Windows Firewall Exceptions and Advanced sections (TCP port
>> 3389). I’m also port forwarding 3389 for address 192.168.1.123 in the
>> Linksys router. Shouldn’t things now work from a remote location, what am
>> I missing?
>>
>>
>>
>> I should also point out that I have no problems accessing my WHS server
>> from a remote location. When I make a connection to this server I can
>> view all my LAN computers.
>>
>>
>>
>> Thanks in advance
>>
>>
>>
>>
>

jim wrote:

> Malke,
>
> Thanks for you detailed response, I just hope I understand.
> I've now set the static private IP address on my "target" computer to
> 192.168.1.170 which is outside of the routers assignments of 192.168.1.100
> to 150

Did you check this on the router? I was just giving you examples.

> In my router, I've forwarded port 3389 to 192.168.1.170.
> My ISP is Comcast and my public IP address is usually fixed

That's fine although Comcast does give you a dynamic IP address. It tends
not to change much but it can so you might want to look at DynDns.com's
services.

> If I follow you correctly, when I bring up "Remote Desktop Connection" on
> my son's XP Pro computer, I enter my public static address? Expect to try
> this later today.

Yes. When you are at your son's house you aren't on your own LAN. You need
to connect to the public IP address (which you would have gotten before
leaving home and written down).

Don't forget that the firewalls on both machines must have exceptions set to
allow this traffic. If you have a more elaborate router it might come with
its own firewall too, so make sure you check in its configuration before
you leave home.

BTW, there are easier ways such as using LogMeIn instead. I use TeamViewer
to support family and friends but the free version needs both parties to be
involved. The professional version is very expensive. I don't think LogMeIn
requires this but I don't know if you have to pay for it. With services
like LogMeIn you are actually connecting through *their* server so you
don't need to mess about with port forwarding, static IPs, knowing your
public IP and whether it has changed, etc. If you're going to want to do
this a lot, it might be easier.

https://secure.logmein.com/solutions/homeuser/personal/

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ

Hi Malke,

Won't get to my son's till tomorrow to try this, will let you know the
results.

I did have my internal IP address set to 192.168.1.060 on the target PC but
changed it to 192.168.1.170 per your example. Then changed the port
forwarding for ...170 in my Linksys router.

Yes I did look at LogMeIn some time ago, maybe I'll consider it again if
this doesn't work.

Must double check both firewalls.

Thanks again

Jim



"Malke" <(E-Mail Removed)> wrote in message
news:u03q1ll$(E-Mail Removed)...
> jim wrote:
>
>> Malke,
>>
>> Thanks for you detailed response, I just hope I understand.
>> I've now set the static private IP address on my "target" computer to
>> 192.168.1.170 which is outside of the routers assignments of
>> 192.168.1.100
>> to 150
>
> Did you check this on the router? I was just giving you examples.
>
>> In my router, I've forwarded port 3389 to 192.168.1.170.
>> My ISP is Comcast and my public IP address is usually fixed
>
> That's fine although Comcast does give you a dynamic IP address. It tends
> not to change much but it can so you might want to look at DynDns.com's
> services.
>
>> If I follow you correctly, when I bring up "Remote Desktop Connection" on
>> my son's XP Pro computer, I enter my public static address? Expect to try
>> this later today.
>
> Yes. When you are at your son's house you aren't on your own LAN. You need
> to connect to the public IP address (which you would have gotten before
> leaving home and written down).
>
> Don't forget that the firewalls on both machines must have exceptions set
> to
> allow this traffic. If you have a more elaborate router it might come with
> its own firewall too, so make sure you check in its configuration before
> you leave home.
>
> BTW, there are easier ways such as using LogMeIn instead. I use TeamViewer
> to support family and friends but the free version needs both parties to
> be
> involved. The professional version is very expensive. I don't think
> LogMeIn
> requires this but I don't know if you have to pay for it. With services
> like LogMeIn you are actually connecting through *their* server so you
> don't need to mess about with port forwarding, static IPs, knowing your
> public IP and whether it has changed, etc. If you're going to want to do
> this a lot, it might be easier.
>
> https://secure.logmein.com/solutions/homeuser/personal/
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers - Don't Panic!
> http://www.elephantboycomputers.com/#FAQ
>

Malke,

Unfortunately I was not able to do a Remote Desktop Connection from my son's
PC, the connection just timed out. No luck even if I diabled the my son's
Windows firewall. I really don't understand this, any other suggestions!!

However, I have no problems connecting to my Windows Home Server. WHS gives
me full remote access to all my LAN computers, just like RDC. The main
reason I wanted Remote Desktop to work is because there is an iPhone
application which is supposed to "simulate" Windows Remote Desktop. This
would then be a way to access my home computer via my iPhone.

Jim



"Malke" <(E-Mail Removed)> wrote in message
news:u03q1ll$(E-Mail Removed)...
> jim wrote:
>
>> Malke,
>>
>> Thanks for you detailed response, I just hope I understand.
>> I've now set the static private IP address on my "target" computer to
>> 192.168.1.170 which is outside of the routers assignments of
>> 192.168.1.100
>> to 150
>
> Did you check this on the router? I was just giving you examples.
>
>> In my router, I've forwarded port 3389 to 192.168.1.170.
>> My ISP is Comcast and my public IP address is usually fixed
>
> That's fine although Comcast does give you a dynamic IP address. It tends
> not to change much but it can so you might want to look at DynDns.com's
> services.
>
>> If I follow you correctly, when I bring up "Remote Desktop Connection" on
>> my son's XP Pro computer, I enter my public static address? Expect to try
>> this later today.
>
> Yes. When you are at your son's house you aren't on your own LAN. You need
> to connect to the public IP address (which you would have gotten before
> leaving home and written down).
>
> Don't forget that the firewalls on both machines must have exceptions set
> to
> allow this traffic. If you have a more elaborate router it might come with
> its own firewall too, so make sure you check in its configuration before
> you leave home.
>
> BTW, there are easier ways such as using LogMeIn instead. I use TeamViewer
> to support family and friends but the free version needs both parties to
> be
> involved. The professional version is very expensive. I don't think
> LogMeIn
> requires this but I don't know if you have to pay for it. With services
> like LogMeIn you are actually connecting through *their* server so you
> don't need to mess about with port forwarding, static IPs, knowing your
> public IP and whether it has changed, etc. If you're going to want to do
> this a lot, it might be easier.
>
> https://secure.logmein.com/solutions/homeuser/personal/
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers - Don't Panic!
> http://www.elephantboycomputers.com/#FAQ
>