Listening port does NOT change after following Article ID : 306759

G

Guest

Can someone please help me understand what I am doing wrong. These are the
facts

I have two computers running behind a WRT54G Linksys router
Port forwarding are enabled on both LAN computers 192.168.1.X
Both are Running XP Pro, SP2
Both have Remote Desktop enabled
Followed Article ID : 306759 on one LAN computer behind the Linksys router
and changed the Port Forwarding to reflect the changed port on the particular
LAN computer listed.

However upon following the article to change the listening port on one of my
LAN computers and AFTER reboot, the listening port does not change. PLEASE
HELP
 
S

Sooner Al [MVP]

Did you test over the local LAN to verify its not a port forwarding issue
with your router?

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
 
G

Guest

Al,

What I am saying is that the listening port does NOT change period. When I
change the port to say 3388 or 3390 or 49555 according to the article and
restart the computer it does NOT change. I then navigate to (under the
Network Connection Settings) Windows Firewall, Advanced, Settings, Services
and click on "Edit" under Remote Desktop the following is displayed under
Service Settings (in a grayed out view)

Description of Service: Remote Desktop
TCP (is checked instead of UDP)
External number for this service: 3389
Internal number for this service: 3389

Simply put, the listening port number is not being changed on the computer
period. Should not this port listinening number change as it is populated
from the registry for this particular service AFTER following the article and
RESTARTING the computer in question?
 
S

Sooner Al [MVP]

Ah the firewall...

That entry in the firewall does *NOT* get changed when you change the
listening port. That is either a bug or a design enhancement depending on
who you talk to at MS...:)

The work around is to UNCHECK that entry in the firewall Exception list and
create a new entry with the new port.

FYI, you can verify the PC is actually listening on the new port by running
the "netstat -a" command from the command line (ie. go to "Start -> Run" and
type cmd in the window). See the "Troubleshooting" section of this page.

http://theillustratednetwork.mvps.org/RemoteDesktop/RemoteDesktopSetupandTroubleshooting.html

You can also test by temporarily disabling the firewall and connecting using
the new port then re-enabling the firewall.
--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

JUSTICE said:
Al,

What I am saying is that the listening port does NOT change period. When I
change the port to say 3388 or 3390 or 49555 according to the article and
restart the computer it does NOT change. I then navigate to (under the
Network Connection Settings) Windows Firewall, Advanced, Settings,
Services
and click on "Edit" under Remote Desktop the following is displayed under
Service Settings (in a grayed out view)

Description of Service: Remote Desktop
TCP (is checked instead of UDP)
External number for this service: 3389
Internal number for this service: 3389

Simply put, the listening port number is not being changed on the computer
period. Should not this port listinening number change as it is populated
from the registry for this particular service AFTER following the article
and
RESTARTING the computer in question?
Click to expand...
 
S

Sooner Al [MVP]

I forgot my other suggestion. It seems you want to access more than one PC
behind the Linksys router. While you can do that using the port change
method a more secure method is to use a VPN or Secure Shell (SSH) tunnel.
Personally I use the SSH method. You only need to open one port on your
router, versus multiple ports, and you can access any number of Remote
Desktop sessions using the default listening port.

http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/Diagrams/SSH-RDP.html

Once the SSH tunnel is established you can router Remote Desktop sessions
through it quite easily.

Personally I run the CopSSH server on one of my XP Pro boxes and use either
PuTTY or Tunnelier as the client on my laptop. I also use a private/public
key pair (encrypted with a strong pass phrase) for authentication. SSH is
encrypted end-to-end from the start and is very secure.

Something to think about...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
 
G

Guest

Al,

Thanks for the comprehensive and accurate feedback. I did as you indicated,
notwithstanding the design bug and it works perfectly - on port 3390 on the
one XP box. My wife wants to access her XP pro box from remote locations and
it was a pain to have to access the router remotely, and check and uncheck
the particular LAN machine under Port Forwarding to get the Remote Desktop
request through port 3389. Now I can use port 3390 through my WAN IP
x.x.x.x:3390 and go directly to my XP box. The changes are transparent to my
wife and not confusing to her.

As far as the security part of this, I am confident that I configured the
Encryption and Security in Terminal Services to REQUIRE the password to be
entered is sufficient notwithstanding the fact that the password is
checked/saved on the client portion. My wife and I use strong passwords for
our account passwords nonetheless. Additionally, I am bugging Linksys to
update the firmware to have it so that the "Incoming" log
feature/functionality of the router populate and save the incoming
connections for a period f time to be determined by the user so users can
monitor connections through the router. I also have enabled sucess/failure
option under the Local Security Settings\Security Settings\Local
Policies\Audit Policies\Audit logon events as another way to monitor the
times my wife and I access our XP Pro boxes while away from the house.

You are a true expert Al, and thanks for your PROFESSIONAL assistance!
--
Justice


Sooner Al said:
I forgot my other suggestion. It seems you want to access more than one PC
behind the Linksys router. While you can do that using the port change
method a more secure method is to use a VPN or Secure Shell (SSH) tunnel.
Personally I use the SSH method. You only need to open one port on your
router, versus multiple ports, and you can access any number of Remote
Desktop sessions using the default listening port.

http://theillustratednetwork.mvps.org/RemoteDesktop/SSH-RDP-VNC/Diagrams/SSH-RDP.html

Once the SSH tunnel is established you can router Remote Desktop sessions
through it quite easily.

Personally I run the CopSSH server on one of my XP Pro boxes and use either
PuTTY or Tunnelier as the client on my laptop. I also use a private/public
key pair (encrypted with a strong pass phrase) for authentication. SSH is
encrypted end-to-end from the start and is very secure.

Something to think about...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
Click to expand...
 
C

cdoc

Sooner
I saw this post and installed Tunnelier. Also using a private/public
key pair for authenication.
I am interested in the port forwarding to access a second pc through the
tunnel.

I saw your illustration using Tunnelier and I am a little confused.
I noted that you had a Tunnelier shortcut to go to machine 1 and I
assume that it is using port 3389.

And a shortcut to RDP Connection for pc2 and I assume this goes to port
3390? What is the connection IP? Would it be 127.0.0.1:3390?

I also assume that the listen port on pc2 for RDP has to be changed to
3390 correct? If so I got that.

I also saw that you had the UNC name for pc2, I think it was "Norman".
I assume you made an entry in the lmhosts file, correct?

Help me on this entry, would it be the LAN IP or the WAN?

Am I way off base on this?
 
S

Sooner Al [MVP]

This reply in a thread on the Broadband Reports forums may be of some
help...

http://www.broadbandreports.com/forum/remark,14687267

I have a "hosts" file on all of my desktops and my laptop that maps local
computer names to their static LAN IP address on my home network.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

anyway to change rdp listening port without reboot? 4
RDC port changing 2
Remote Assistance through different listening port 7
Remote Desktop using changed listening port 1
Multiple Hosts 2
remote desktop 2
Can't vnc to home computer from Internet 3
Unable to Connect to Remote Desktop After Port Change 6

Top