Is DMZ enough for Remote Assistance

[Guest]

For several weeks, I have been working on connecting to my parents computer
via remote assistance. I have read the board and even posted a couple
questions (not answered yet though...) I get the remote host message.

My parents are behind a 2wire home portal for their DSL and also a DLink
wireless router. Both are in DMZ mode. I manually edit the invitation when I
receive it, and I still can't connect. Is DMZ enough?? Am I not editig the
invitation properly? I replace the 192.168.0.100 with the IP from
www.whatismyip.com

from:

" <?xml version="1.0" encoding="Unicode" ?><UPLOADINFO
TYPE="Escalated"><UPLOADDATA USERNAME="Owner"
RCTICKET="65538,1,172.16.1.34:61901;192.168.0.100:3389;your-erdmfhmlp8:3389,*,JBazPLau1geS8YXUX9g/pIEZlWN1SHye1+RHnqyuxTE=,*,*,5XamnWkv/s8BhtJNd6007relw80="
RCTICKETENCRYPTED="0" DtStart="1130793309" DtLength="60" PassStub="" L="0"
/></UPLOADINFO>"

to:

" <?xml version="1.0" encoding="Unicode" ?><UPLOADINFO
TYPE="Escalated"><UPLOADDATA USERNAME="Owner"
RCTICKET="65538,1,172.16.1.34:61901;70.***.*.**:3389;your-erdmfhmlp8:3389,*,JBazPLau1geS8YXUX9g/pIEZlWN1SHye1+RHnqyuxTE=,*,*,5XamnWkv/s8BhtJNd6007relw80="
RCTICKETENCRYPTED="0" DtStart="1130793309" DtLength="60" PassStub="" L="0"
/></UPLOADINFO>



I appreciate any help!

 

[Peter]

For several weeks, I have been working on connecting to my parents
computer

via remote assistance. I have read the board and even posted a couple
questions (not answered yet though...) I get the remote host message.

My parents are behind a 2wire home portal for their DSL and also a DLink
wireless router. Both are in DMZ mode. I manually edit the invitation when I
receive it, and I still can't connect. Is DMZ enough?? Am I not editig the
invitation properly? I replace the 192.168.0.100 with the IP from
www.whatismyip.com

from:

" <?xml version="1.0" encoding="Unicode" ?><UPLOADINFO
TYPE="Escalated"><UPLOADDATA USERNAME="Owner"
RCTICKET="65538,1,172.16.1.34:61901;192.168.0.100:3389;your-erdmfhmlp8:3389,
*,JBazPLau1geS8YXUX9g/pIEZlWN1SHye1+RHnqyuxTE=,*,*,5XamnWkv/s8BhtJNd6007relw
80="
RCTICKETENCRYPTED="0" DtStart="1130793309" DtLength="60" PassStub="" L="0"
/></UPLOADINFO>"

to:

" <?xml version="1.0" encoding="Unicode" ?><UPLOADINFO
TYPE="Escalated"><UPLOADDATA USERNAME="Owner"
RCTICKET="65538,1,172.16.1.34:61901;70.***.*.**:3389;your-erdmfhmlp8:3389,*,
JBazPLau1geS8YXUX9g/pIEZlWN1SHye1+RHnqyuxTE=,*,*,5XamnWkv/s8BhtJNd6007relw80
="
RCTICKETENCRYPTED="0" DtStart="1130793309" DtLength="60" PassStub="" L="0"
/></UPLOADINFO>



I appreciate any help!

Google for "remote assistance" nat:
Selected one of messages:
--------------------------------------------
The problem is with the NAT router at the "Novice" end (the person who
requests the assistance).

It is not a problem for the "Expert" (the person responding to assistance
requests) to be behind a NAT router.


At the Novice end, any NAT router in use must support UPnP, and UPnP must be
specifically enabled in the router configuration. At the Novice end, XP
must have the SSDP Discovery Service running (this is the default, but
sometimes this service is mistakenly disabled by users), and must have
Windows Firewall configured to make Exceptions for "UPnP Framework", for
"Remote Assistance", (and possibly also for "Remote Desktop"). In these
circumstances, Remote Assistance will automatically work, and you will not
get the error you report.


If the Novice's NAT router does not support UPnP, then you will never get
Remote Assistance to work automatically. UPnP is required in the NAT router
so that Remote Assistance can discover the WAN IP address of the Novice's
internet connection, to be written into the help request ticket.


If you wish to make Remote Assistance work through a NAT router at the
Novice end which does not support UPnP, then you must be prepared to take
special manual steps:


1. The Novice's NAT router must be configured to forward TCP port 3389 to
the LAN IP address of the PC requesting assistance;


2. The Novice's Remote Assistance requests must be sent via e-mail or file
transfer, not by Messenger;


3. The Expert must have a means of knowing the WAN IP address of the
Novice's internet connection (i.e. the WAN IP address of the Novice's NAT
router);


4. Every time the Expert receives an Remote Assistance request ticket from
this Novice by e-mail or file transfer, the Expert must not open it
immediately. Instead, the Expert should open the ticket in Notepad, and
edit the obvious incorrect IP addresses in the ticket (which will have a
":3389" port designator suffix) to change the IP address to the known WAN IP
address of the Novice's internet connection, still with the ":3389" suffix.
Then the Expert should save the changes, and then double-click on the ticket
icon so as to open the Remote Assistance session.


Steps 1-4 are unnnecessary if the Novice's NAT router supports UPnP.

 

[Robert L [MS-MVP]]

You do need replace the private IP. The DMZ may be good, but I would do port forwarding.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
For several weeks, I have been working on connecting to my parents computer
via remote assistance. I have read the board and even posted a couple
questions (not answered yet though...) I get the remote host message.

My parents are behind a 2wire home portal for their DSL and also a DLink
wireless router. Both are in DMZ mode. I manually edit the invitation when I
receive it, and I still can't connect. Is DMZ enough?? Am I not editig the
invitation properly? I replace the 192.168.0.100 with the IP from
www.whatismyip.com

from:

" <?xml version="1.0" encoding="Unicode" ?><UPLOADINFO
TYPE="Escalated"><UPLOADDATA USERNAME="Owner"
RCTICKET="65538,1,172.16.1.34:61901;192.168.0.100:3389;your-erdmfhmlp8:3389,*,JBazPLau1geS8YXUX9g/pIEZlWN1SHye1+RHnqyuxTE=,*,*,5XamnWkv/s8BhtJNd6007relw80="
RCTICKETENCRYPTED="0" DtStart="1130793309" DtLength="60" PassStub="" L="0"
/></UPLOADINFO>"

to:

" <?xml version="1.0" encoding="Unicode" ?><UPLOADINFO
TYPE="Escalated"><UPLOADDATA USERNAME="Owner"
RCTICKET="65538,1,172.16.1.34:61901;70.***.*.**:3389;your-erdmfhmlp8:3389,*,JBazPLau1geS8YXUX9g/pIEZlWN1SHye1+RHnqyuxTE=,*,*,5XamnWkv/s8BhtJNd6007relw80="
RCTICKETENCRYPTED="0" DtStart="1130793309" DtLength="60" PassStub="" L="0"
/></UPLOADINFO>



I appreciate any help!

 

[Garyman99]

Personally, I would suggest trying to use the newest version of MSN
Messenger to establish the connection. I often times run in to the
same issue you have, and it seems like such a hassle to have to talk
the novice through setting up port forwarding, firewall exceptions,
DMZ, etc.

When you use MSN Messenger, both you and the novice have active
connections to MSN's server. That means that MSN can talk to you
anytime it needs to and MSN can talk to the novice's computer anytime
it wants to. Have the novice send an invitation to your MSN Messenger
name and you will not have to worry about setting up any special
settings on the router.

I hope this helps you out.

-Gary Hibbard