How to connect to more than one machine using RDP ??

  • Thread starter Synapse Syndrome
  • Start date
S

Synapse Syndrome

I have used Small Business Server's Remote Web Workplace facility and I
find it very good. All connected desktop machines on the network can be
easily accessed through the server.

But can something like this be done at all when not using SBS? As the RDP
port can only be forwarded to one machine, what is the solution when you
want to connect to more than one? And yes, obviously I have one IP address
and am using NAT.

ss.
 
M

Miha Pihler [MVP]

Hi,

In this case you could use different port number. E.g. 3389 is default TCP
port. You can use 3390 for another RDP session, 3391 for another session
etc. Of course when user wants to connect to his computer he has to specify
name of the computer and correct TCP port number in the MSTSC client.

On your NAT device you have to configure forwarding. E.g. if connection
comes to TCP port 3390 you know that it has to be forwarded to PC10 (with
e.g. IP address 192.168.1.10) and if connection comes to TCP port 3391 it
has to be forwarded to PC15 (with e.g. IP address 192.168.1.15).

This article might also help you out...

How to change the listening port for Remote Desktop
http://support.microsoft.com/?kbid=306759
 
S

Synapse Syndrome

Miha Pihler said:
Hi,

In this case you could use different port number. E.g. 3389 is default TCP
port. You can use 3390 for another RDP session, 3391 for another session
etc. Of course when user wants to connect to his computer he has to
specify name of the computer and correct TCP port number in the MSTSC
client.

On your NAT device you have to configure forwarding. E.g. if connection
comes to TCP port 3390 you know that it has to be forwarded to PC10 (with
e.g. IP address 192.168.1.10) and if connection comes to TCP port 3391 it
has to be forwarded to PC15 (with e.g. IP address 192.168.1.15).

This article might also help you out...

How to change the listening port for Remote Desktop
http://support.microsoft.com/?kbid=306759
Click to expand...


Hi Mike/Miha

Thanks, that's great. But how do I choose which computer to connect to on
the RDP client? In the Computer: field would I type something like
my.domain.com:3390 for example?

ss.
 
M

Miha Pihler [MVP]

Hi

Hi Mike/Miha

Thanks, that's great. But how do I choose which computer to connect to on
the RDP client? In the Computer: field would I type something like
my.domain.com:3390 for example?
Click to expand...

Yes, that is correct. You can also use command line option. E.g.

mstsc /v:my.domain.com:3390.

Note that I have run into some problems on same networks. While they allowed
3389 for RDP ports they blocked other ports like 3390 etc... So in this case
these clients would not be able to connect to RDP.
 
S

Sooner Al [MVP]

A safer way is to setup a Virtual Private Network (VPN) and access all PCs
through the VPN tunnel. That way you only need one port open on the firewall
versus multiple ports. I would post to the
microsoft.public.windows.server.sbs news group for help with that...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
 
M

Miha Pihler [MVP]

Hi,

Can you explain a bit more why would VPN be safer then RDP connection?

Actually for VPN you do need more then one port open and few protocols
compared to RDP where you actually do have one TCP port open (3389).
 
S

Sooner Al [MVP]

It depends on what VPN package you use...

I use RDP through an OpenVPN tunnel which uses one port, ie. UDP Port 1194
is the default although I use another obscure port.

http://theillustratednetwork.mvps.org/OpenVPN/OpenVPN.html

In the past I ran RDP through a Secure Shell (SSH) tunnel. Again only one
port open (TCP Port 22 is the default) on my firewall and I can access any
of my PCs on my local LAN...

http://theillustratednetwork.mvps.org/Ssh/RemoteDesktopSSH.html

In both cases I either use a cert and a key protected with a strong password
or a private/public key pair protected with a strong password and only have
one port forwarded/opened incoming on my firewall...

I just like to minimize my exposure to the public internet.

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
 
M

Miha Pihler [MVP]

Hi,

What I usually recommend (depending on the needs of the client) is to use
RDP since it too requires one port. Personally I prefer RDP since I don't
have to worry about security of the client (does it have antivirus running
or is it infected with a virus; does it have all patches installed; does it
have e.g. personal firewall enable etc)... It is very unlikely that users
will infect the LAN with a worm over RDP connection while I seen quite a few
infection over VPN connections (connections that allowed unlimited access to
the remote network). And with RDP it is relatively easy to set what users
can and can't do on the remote server.
In environments where they did need VPN -- we set up VPN quarantine to make
sure clients would not infect whole network.

If the number of ports is an issue -- I would recommend open only 3389 and
logon to the server. Once on the server RDP to the computer you want to
access...

As far as traffic is concerned -- RDP sessions are encrypted with 128 bit
keys (if RDP server is set to high encryption). As addition in environments
requiring higher security -- we also implemented two factor authentication
on RDP sessions (e.g. RSA SecurID cards) or Smart Card logons...

--
Mike
Microsoft MVP - Windows Security

Sooner Al said:
It depends on what VPN package you use...

I use RDP through an OpenVPN tunnel which uses one port, ie. UDP Port 1194
is the default although I use another obscure port.

http://theillustratednetwork.mvps.org/OpenVPN/OpenVPN.html

In the past I ran RDP through a Secure Shell (SSH) tunnel. Again only one
port open (TCP Port 22 is the default) on my firewall and I can access any
of my PCs on my local LAN...

http://theillustratednetwork.mvps.org/Ssh/RemoteDesktopSSH.html

In both cases I either use a cert and a key protected with a strong
password or a private/public key pair protected with a strong password and
only have one port forwarded/opened incoming on my firewall...

I just like to minimize my exposure to the public internet.

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
Click to expand...
 
R

roman modic

Hello!

Sooner Al said:
It depends on what VPN package you use...

I use RDP through an OpenVPN tunnel which uses one port, ie. UDP Port 1194 is the default although I use another obscure port.

http://theillustratednetwork.mvps.org/OpenVPN/OpenVPN.html

In the past I ran RDP through a Secure Shell (SSH) tunnel. Again only one port open (TCP Port 22 is the default) on my firewall
and I can access any of my PCs on my local LAN...
Click to expand...

What was the main reason for replacing SSH with OpenVPN?

Thanks, Roman
 
S

Sooner Al [MVP]

Access to shared files/folders on other PCs besides my SSH server PC. With
OpenVPN I can access shares on each PC seamlessly from the remote client. I
could not do that with SSH.

As far as RDP is concerned there really is no difference other than
addressing, ie. you need port redirection/forwarding through the SSH client,
versus direct addressing via IP or NetBIOS name with OpenVPN... In my case I
also have a common "hosts" file on my OpenVPN server PC and my clients.

Now you need to be aware that this is for access to a Small Office/Home
Office (SoHo) network without a standalone server like SBS or W2K3/W2K...

As always YMMV...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
 
S

Synapse Syndrome

Miha Pihler said:
Hi



Yes, that is correct. You can also use command line option. E.g.

mstsc /v:my.domain.com:3390.

Note that I have run into some problems on same networks. While they
allowed 3389 for RDP ports they blocked other ports like 3390 etc... So in
this case these clients would not be able to connect to RDP.
Click to expand...


What about using UPnP? How would that effect things?

ss.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Can't rdp in Vista 5
RDP won't connect, no error msg 13
RDP Connection Method 2
Remote Desktop Connection to SBS 2003 with ISA 2004 5
RDP w/ Local Network Printer on Remote Client 2
RDP Behind Linksys Router 2
Problem with one XP workstation connecting to SBS2K3 Prem 4
RDP license issue on only one computer 2

Top