Need advice with Remote Desktop Connection

Discussion in 'Windows XP Networking' started by Jim, Jul 5, 2009.

  1. Jim

    Jim Guest

    I would greatly appreciate some advice on why I cannot achieve a Remote
    Desktop Connection from a remote location yet it works just fine between
    computers on my LAN.



    Here is my setup, 3 XP Pro computers plus a Windows Home Server (WHS)
    running on a LAN with a Linksys BEFSR41 router.



    Let’s assume the internal address of one of my computers is 192.168.1.123.
    For this computer, I have the “Remote Desktop” box checked in both Windows
    Firewall Exceptions and Advanced sections (TCP port 3389). I’m also port
    forwarding 3389 for address 192.168.1.123 in the Linksys router. Shouldn’t
    things now work from a remote location, what am I missing?



    I should also point out that I have no problems accessing my WHS server from
    a remote location. When I make a connection to this server I can view all my
    LAN computers.



    Thanks in advance
     
    Jim, Jul 5, 2009
    #1
    1. Advertisements

  2. Jim <> wrote:
    > I would greatly appreciate some advice on why I cannot achieve a
    > Remote Desktop Connection from a remote location yet it works just
    > fine between computers on my LAN.
    >
    >
    >
    > Here is my setup, 3 XP Pro computers plus a Windows Home Server (WHS)
    > running on a LAN with a Linksys BEFSR41 router.
    >
    >
    >
    > Let’s assume the internal address of one of my computers is
    > 192.168.1.123. For this computer, I have the “Remote Desktop” box
    > checked in both Windows Firewall Exceptions and Advanced sections
    > (TCP port 3389). I’m also port forwarding 3389 for address
    > 192.168.1.123 in the Linksys router. Shouldn’t things now work from a
    > remote location, what am I missing?
    >
    >
    > I should also point out that I have no problems accessing my WHS
    > server from a remote location. When I make a connection to this
    > server I can view all my LAN computers.
    >
    >
    >
    > Thanks in advance


    In the Windows Firewall, is RDP allowed from any subnet (*)?
    Does your ISP block ports?
    Are you sure you're using the correct public IP? (I suggest using something
    like www.dyndns.com or www.no-ip.com if you have a dynamic public IP).
     
    Lanwench [MVP - Exchange], Jul 5, 2009
    #2
    1. Advertisements

  3. Hi
    In principle you did that correct configuration.
    Make sure that port 3389 is Only Used (opened) by 192.168.1.123.
    A specific port can be used only by One computer, if you need more computers
    available to Outside Remote you need to change the ports so that each one
    has a unique port.
    Here how-to, http://support.microsoft.com/kb/306759
    Software Firewalls on computers blocks ports too, make sure that the ports
    are forwarded correctly through the Software Firewalls as well.
    Jack (MS, MVP-Networking)

    "Jim" <> wrote in message
    news:e5qccMW$...
    >I would greatly appreciate some advice on why I cannot achieve a Remote
    >Desktop Connection from a remote location yet it works just fine between
    >computers on my LAN.
    >
    >
    >
    > Here is my setup, 3 XP Pro computers plus a Windows Home Server (WHS)
    > running on a LAN with a Linksys BEFSR41 router.
    >
    >
    >
    > Let’s assume the internal address of one of my computers is 192.168.1.123.
    > For this computer, I have the “Remote Desktop” box checked in both Windows
    > Firewall Exceptions and Advanced sections (TCP port 3389). I’m also port
    > forwarding 3389 for address 192.168.1.123 in the Linksys router. Shouldn’t
    > things now work from a remote location, what am I missing?
    >
    >
    >
    > I should also point out that I have no problems accessing my WHS server
    > from a remote location. When I make a connection to this server I can view
    > all my LAN computers.
    >
    >
    >
    > Thanks in advance
    >
    >
    >
    >
     
    Jack [MVP-Networking], Jul 5, 2009
    #3
  4. Jim

    Jim Guest

    Thanks to all who replied.



    Let me first review - No problem doing a Remote Desktop Computer (RDC) from
    within my LAN using either the computers internal IP address or its name.
    However, doing this same thing on an external XP Pro computer does not seem
    work. I'm also not sure I understand how the external RDC computer
    understands an address such as 192.168.1.xxx.



    The problem seems to be that my remote port 3389 is being blocked external
    but how/why, is it because of the Windows firewall, my router, or by my ISP?
    How can I test this?



    I also understand that I can only use port 3389 on one of my LAN computer
    and that I will have to edit my XP register to change port 3389 to something
    else for the other computers - is this correct? If so, must I then make the
    appropriate changes in there Windows firewall as well as my router? What
    about HTTP port 80, must it be on?



    I would certainly appreciate any follow-up advice, keeping in mind I'm not
    an expert in this area.



    Jim



    "Jim" <> wrote in message
    news:e5qccMW$...
    >I would greatly appreciate some advice on why I cannot achieve a Remote
    >Desktop Connection from a remote location yet it works just fine between
    >computers on my LAN.
    >
    >
    >
    > Here is my setup, 3 XP Pro computers plus a Windows Home Server (WHS)
    > running on a LAN with a Linksys BEFSR41 router.
    >
    >
    >
    > Let's assume the internal address of one of my computers is 192.168.1.123.
    > For this computer, I have the "Remote Desktop" box checked in both Windows
    > Firewall Exceptions and Advanced sections (TCP port 3389). I'm also port
    > forwarding 3389 for address 192.168.1.123 in the Linksys router. Shouldn't
    > things now work from a remote location, what am I missing?
    >
    >
    >
    > I should also point out that I have no problems accessing my WHS server
    > from a remote location. When I make a connection to this server I can view
    > all my LAN computers.
    >
    >
    >
    > Thanks in advance
    >
    >
    >
    >
     
    Jim, Jul 6, 2009
    #4
  5. Jim

    Malke Guest

    Jim wrote:


    > Let me first review - No problem doing a Remote Desktop Computer (RDC)
    > from within my LAN using either the computers internal IP address or its
    > name. However, doing this same thing on an external XP Pro computer does
    > not seem work. I'm also not sure I understand how the external RDC
    > computer understands an address such as 192.168.1.xxx.


    It doesn't. That's why you forward ports. Traffic comes in from the outside
    over specific ports for the remote connection. That connection can only be
    made to a public IP address. The router (which gets its public IP address
    on the WAN side from the ISP) turns around and forwards any traffic over
    those specific ports to the private IP address of a designated computer.
    This is why it is easiest to do this when you have a static public IP
    address. You have to pay your ISP extra for this or have a business account
    with them that comes with a number of static IP addresses. The alternative
    for people who have dynamic IP addresses is to use a service like the one
    from DynDNS.com.

    > The problem seems to be that my remote port 3389 is being blocked external
    > but how/why, is it because of the Windows firewall, my router, or by my
    > ISP? How can I test this?


    The port is configured on the router, not the computer.

    > I also understand that I can only use port 3389 on one of my LAN computer
    > and that I will have to edit my XP register to change port 3389 to
    > something else for the other computers - is this correct? If so, must I
    > then make the appropriate changes in there Windows firewall as well as my
    > router? What about HTTP port 80, must it be on?


    No, this is not correct. You don't have to do anything in the registry. You
    do port forwarding on the *router*. You set a static private IP address on
    the computer that is the target for remote control. You set the IP address
    on a computer by going to Control Panel>Network Connections and then
    right-click on the Local Area Connection for the network adapter involved
    (probably your ethernet card). Left-click on Properties. Double-click the
    entry for TCP/IP and change the IP address from "obtain automatically" to a
    specific address on the LAN outside of the router's DHCP range.

    Example: If the router assigns IP addresses from 192.168.1.100 to
    192.168.1.150, use a static IP address for that computer of something like
    192.168.1.170.

    Of course you also have to set the target computer's firewall to allow
    remote desktop connections and/or the software that you're using to do this
    (if not using the native XP software and are using something like
    pcAnywhere or one of the VNC flavors).

    Malke
    --
    MS-MVP
    Elephant Boy Computers - Don't Panic!
    http://www.elephantboycomputers.com/#FAQ
     
    Malke, Jul 6, 2009
    #5
  6. Jim

    jim Guest

    Malke,

    Thanks for you detailed response, I just hope I understand.
    I've now set the static private IP address on my "target" computer to
    192.168.1.170 which is outside of the routers assignments of 192.168.1.100
    to 150
    In my router, I've forwarded port 3389 to 192.168.1.170.
    My ISP is Comcast and my public IP address is usually fixed

    If I follow you correctly, when I bring up "Remote Desktop Connection" on my
    son's XP Pro computer, I enter my public static address? Expect to try this
    later today.

    Jim


    "Malke" <> wrote in message
    news:emSKh%23i$...
    > Jim wrote:
    >
    >
    >> Let me first review - No problem doing a Remote Desktop Computer (RDC)
    >> from within my LAN using either the computers internal IP address or its
    >> name. However, doing this same thing on an external XP Pro computer does
    >> not seem work. I'm also not sure I understand how the external RDC
    >> computer understands an address such as 192.168.1.xxx.

    >
    > It doesn't. That's why you forward ports. Traffic comes in from the
    > outside
    > over specific ports for the remote connection. That connection can only be
    > made to a public IP address. The router (which gets its public IP address
    > on the WAN side from the ISP) turns around and forwards any traffic over
    > those specific ports to the private IP address of a designated computer.
    > This is why it is easiest to do this when you have a static public IP
    > address. You have to pay your ISP extra for this or have a business
    > account
    > with them that comes with a number of static IP addresses. The alternative
    > for people who have dynamic IP addresses is to use a service like the one
    > from DynDNS.com.
    >
    >> The problem seems to be that my remote port 3389 is being blocked
    >> external
    >> but how/why, is it because of the Windows firewall, my router, or by my
    >> ISP? How can I test this?

    >
    > The port is configured on the router, not the computer.
    >
    >> I also understand that I can only use port 3389 on one of my LAN computer
    >> and that I will have to edit my XP register to change port 3389 to
    >> something else for the other computers - is this correct? If so, must I
    >> then make the appropriate changes in there Windows firewall as well as my
    >> router? What about HTTP port 80, must it be on?

    >
    > No, this is not correct. You don't have to do anything in the registry.
    > You
    > do port forwarding on the *router*. You set a static private IP address on
    > the computer that is the target for remote control. You set the IP address
    > on a computer by going to Control Panel>Network Connections and then
    > right-click on the Local Area Connection for the network adapter involved
    > (probably your ethernet card). Left-click on Properties. Double-click the
    > entry for TCP/IP and change the IP address from "obtain automatically" to
    > a
    > specific address on the LAN outside of the router's DHCP range.
    >
    > Example: If the router assigns IP addresses from 192.168.1.100 to
    > 192.168.1.150, use a static IP address for that computer of something like
    > 192.168.1.170.
    >
    > Of course you also have to set the target computer's firewall to allow
    > remote desktop connections and/or the software that you're using to do
    > this
    > (if not using the native XP software and are using something like
    > pcAnywhere or one of the VNC flavors).
    >
    > Malke
    > --
    > MS-MVP
    > Elephant Boy Computers - Don't Panic!
    > http://www.elephantboycomputers.com/#FAQ
    >
     
    jim, Jul 6, 2009
    #6
  7. Hi
    There are here tow parallel processes.
    If you need to change the port of the RDT on a computer you follow the
    Microsoft page that I pointed to (it is nothing to do with the Router, and
    it does entails change in the registry).
    Once the port scheme is established, you have to open the correct ports
    toward the corresponded computers through the Router.
    This page ( pass the middle) describes how to so it with another type of
    Remote Control program. The same principle applies to RDT.
    http://www.ezlan.net/vnc.html
    Jack (MS, MVP-Networking).


    "Jack [MVP-Networking]" <> wrote in message
    news:eSdEnHa$...
    > Hi
    > In principle you did that correct configuration.
    > Make sure that port 3389 is Only Used (opened) by 192.168.1.123.
    > A specific port can be used only by One computer, if you need more
    > computers available to Outside Remote you need to change the ports so that
    > each one has a unique port.
    > Here how-to, http://support.microsoft.com/kb/306759
    > Software Firewalls on computers blocks ports too, make sure that the ports
    > are forwarded correctly through the Software Firewalls as well.
    > Jack (MS, MVP-Networking)
    >
    > "Jim" <> wrote in message
    > news:e5qccMW$...
    >>I would greatly appreciate some advice on why I cannot achieve a Remote
    >>Desktop Connection from a remote location yet it works just fine between
    >>computers on my LAN.
    >>
    >>
    >>
    >> Here is my setup, 3 XP Pro computers plus a Windows Home Server (WHS)
    >> running on a LAN with a Linksys BEFSR41 router.
    >>
    >>
    >>
    >> Let’s assume the internal address of one of my computers is
    >> 192.168.1.123. For this computer, I have the “Remote Desktop” box checked
    >> in both Windows Firewall Exceptions and Advanced sections (TCP port
    >> 3389). I’m also port forwarding 3389 for address 192.168.1.123 in the
    >> Linksys router. Shouldn’t things now work from a remote location, what am
    >> I missing?
    >>
    >>
    >>
    >> I should also point out that I have no problems accessing my WHS server
    >> from a remote location. When I make a connection to this server I can
    >> view all my LAN computers.
    >>
    >>
    >>
    >> Thanks in advance
    >>
    >>
    >>
    >>

    >
     
    Jack [MVP-Networking], Jul 6, 2009
    #7
  8. Jim

    Malke Guest

    jim wrote:

    > Malke,
    >
    > Thanks for you detailed response, I just hope I understand.
    > I've now set the static private IP address on my "target" computer to
    > 192.168.1.170 which is outside of the routers assignments of 192.168.1.100
    > to 150


    Did you check this on the router? I was just giving you examples.

    > In my router, I've forwarded port 3389 to 192.168.1.170.
    > My ISP is Comcast and my public IP address is usually fixed


    That's fine although Comcast does give you a dynamic IP address. It tends
    not to change much but it can so you might want to look at DynDns.com's
    services.

    > If I follow you correctly, when I bring up "Remote Desktop Connection" on
    > my son's XP Pro computer, I enter my public static address? Expect to try
    > this later today.


    Yes. When you are at your son's house you aren't on your own LAN. You need
    to connect to the public IP address (which you would have gotten before
    leaving home and written down).

    Don't forget that the firewalls on both machines must have exceptions set to
    allow this traffic. If you have a more elaborate router it might come with
    its own firewall too, so make sure you check in its configuration before
    you leave home.

    BTW, there are easier ways such as using LogMeIn instead. I use TeamViewer
    to support family and friends but the free version needs both parties to be
    involved. The professional version is very expensive. I don't think LogMeIn
    requires this but I don't know if you have to pay for it. With services
    like LogMeIn you are actually connecting through *their* server so you
    don't need to mess about with port forwarding, static IPs, knowing your
    public IP and whether it has changed, etc. If you're going to want to do
    this a lot, it might be easier.

    https://secure.logmein.com/solutions/homeuser/personal/

    Malke
    --
    MS-MVP
    Elephant Boy Computers - Don't Panic!
    http://www.elephantboycomputers.com/#FAQ
     
    Malke, Jul 6, 2009
    #8
  9. Jim

    Jim Guest

    Hi Malke,

    Won't get to my son's till tomorrow to try this, will let you know the
    results.

    I did have my internal IP address set to 192.168.1.060 on the target PC but
    changed it to 192.168.1.170 per your example. Then changed the port
    forwarding for ...170 in my Linksys router.

    Yes I did look at LogMeIn some time ago, maybe I'll consider it again if
    this doesn't work.

    Must double check both firewalls.

    Thanks again

    Jim



    "Malke" <> wrote in message
    news:u03q1ll$...
    > jim wrote:
    >
    >> Malke,
    >>
    >> Thanks for you detailed response, I just hope I understand.
    >> I've now set the static private IP address on my "target" computer to
    >> 192.168.1.170 which is outside of the routers assignments of
    >> 192.168.1.100
    >> to 150

    >
    > Did you check this on the router? I was just giving you examples.
    >
    >> In my router, I've forwarded port 3389 to 192.168.1.170.
    >> My ISP is Comcast and my public IP address is usually fixed

    >
    > That's fine although Comcast does give you a dynamic IP address. It tends
    > not to change much but it can so you might want to look at DynDns.com's
    > services.
    >
    >> If I follow you correctly, when I bring up "Remote Desktop Connection" on
    >> my son's XP Pro computer, I enter my public static address? Expect to try
    >> this later today.

    >
    > Yes. When you are at your son's house you aren't on your own LAN. You need
    > to connect to the public IP address (which you would have gotten before
    > leaving home and written down).
    >
    > Don't forget that the firewalls on both machines must have exceptions set
    > to
    > allow this traffic. If you have a more elaborate router it might come with
    > its own firewall too, so make sure you check in its configuration before
    > you leave home.
    >
    > BTW, there are easier ways such as using LogMeIn instead. I use TeamViewer
    > to support family and friends but the free version needs both parties to
    > be
    > involved. The professional version is very expensive. I don't think
    > LogMeIn
    > requires this but I don't know if you have to pay for it. With services
    > like LogMeIn you are actually connecting through *their* server so you
    > don't need to mess about with port forwarding, static IPs, knowing your
    > public IP and whether it has changed, etc. If you're going to want to do
    > this a lot, it might be easier.
    >
    > https://secure.logmein.com/solutions/homeuser/personal/
    >
    > Malke
    > --
    > MS-MVP
    > Elephant Boy Computers - Don't Panic!
    > http://www.elephantboycomputers.com/#FAQ
    >
     
    Jim, Jul 6, 2009
    #9
  10. Jim

    Jim Guest

    Malke,

    Unfortunately I was not able to do a Remote Desktop Connection from my son's
    PC, the connection just timed out. No luck even if I diabled the my son's
    Windows firewall. I really don't understand this, any other suggestions!!

    However, I have no problems connecting to my Windows Home Server. WHS gives
    me full remote access to all my LAN computers, just like RDC. The main
    reason I wanted Remote Desktop to work is because there is an iPhone
    application which is supposed to "simulate" Windows Remote Desktop. This
    would then be a way to access my home computer via my iPhone.

    Jim



    "Malke" <> wrote in message
    news:u03q1ll$...
    > jim wrote:
    >
    >> Malke,
    >>
    >> Thanks for you detailed response, I just hope I understand.
    >> I've now set the static private IP address on my "target" computer to
    >> 192.168.1.170 which is outside of the routers assignments of
    >> 192.168.1.100
    >> to 150

    >
    > Did you check this on the router? I was just giving you examples.
    >
    >> In my router, I've forwarded port 3389 to 192.168.1.170.
    >> My ISP is Comcast and my public IP address is usually fixed

    >
    > That's fine although Comcast does give you a dynamic IP address. It tends
    > not to change much but it can so you might want to look at DynDns.com's
    > services.
    >
    >> If I follow you correctly, when I bring up "Remote Desktop Connection" on
    >> my son's XP Pro computer, I enter my public static address? Expect to try
    >> this later today.

    >
    > Yes. When you are at your son's house you aren't on your own LAN. You need
    > to connect to the public IP address (which you would have gotten before
    > leaving home and written down).
    >
    > Don't forget that the firewalls on both machines must have exceptions set
    > to
    > allow this traffic. If you have a more elaborate router it might come with
    > its own firewall too, so make sure you check in its configuration before
    > you leave home.
    >
    > BTW, there are easier ways such as using LogMeIn instead. I use TeamViewer
    > to support family and friends but the free version needs both parties to
    > be
    > involved. The professional version is very expensive. I don't think
    > LogMeIn
    > requires this but I don't know if you have to pay for it. With services
    > like LogMeIn you are actually connecting through *their* server so you
    > don't need to mess about with port forwarding, static IPs, knowing your
    > public IP and whether it has changed, etc. If you're going to want to do
    > this a lot, it might be easier.
    >
    > https://secure.logmein.com/solutions/homeuser/personal/
    >
    > Malke
    > --
    > MS-MVP
    > Elephant Boy Computers - Don't Panic!
    > http://www.elephantboycomputers.com/#FAQ
    >
     
    Jim, Jul 7, 2009
    #10
  11. Jim <> wrote:
    > Hi Malke,
    >
    > Won't get to my son's till tomorrow to try this, will let you know the
    > results.
    >
    > I did have my internal IP address set to 192.168.1.060 on the target
    > PC but changed it to 192.168.1.170 per your example. Then changed the
    > port forwarding for ...170 in my Linksys router.
    >
    > Yes I did look at LogMeIn some time ago, maybe I'll consider it again
    > if this doesn't work.
    >
    > Must double check both firewalls.
    >
    > Thanks again
    >
    > Jim


    NB: LogMeIn Free works very well, and is, as one might surmise, free.
     
    Lanwench [MVP - Exchange], Jul 13, 2009
    #11
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. michaelj

    Remote Desktop Connection

    michaelj, Jul 10, 2003, in forum: Windows XP Networking
    Replies:
    0
    Views:
    223
    michaelj
    Jul 10, 2003
  2. Steve Winograd [MVP]

    Re: Unable to Use XP Remote Desktop Connection

    Steve Winograd [MVP], Aug 2, 2003, in forum: Windows XP Networking
    Replies:
    6
    Views:
    250
    JonBoy
    Aug 4, 2003
  3. Bahram

    Remote Desktop Web Connection

    Bahram, Aug 17, 2003, in forum: Windows XP Networking
    Replies:
    0
    Views:
    162
    Bahram
    Aug 17, 2003
  4. saif
    Replies:
    1
    Views:
    304
  5. Guest
    Replies:
    1
    Views:
    481
    Robert L [MS-MVP]
    Jul 11, 2006
Loading...

Share This Page