Problem connecting to XP Pro through RDC

[antonyliu2002]

I have problem connecting to my XP through RDC. Could anyone help
diagnose? Thanks.

1. I want to connect to my home XP Pro SP2 system through Remote
Desktop Connection (RDC) from my company.

2. Pinging my home XP Pro system from outside gets timed out, I do
have a domain name.

3. I have certainly enabled RDC for my account on this XP pro system.
RDC succeeds from inside the home LAN.

4. I use Comcast broadband + Linksys WRT54G Router at home. My home
PC is connected to the router with a regular ethernet cable.

5. I have configured port forwarding in the router for port 3389 on
my PC which has an internal IP of 192.168.1.101.

6. I have made port 3389 an exception in the XP built-in firewall.
But RDC fails even if I turn off this firewall.

7. I do have McAfee 8.0 installed, and I am not sure how to make 3389
port an exception with this version. I could easily do it with an
earlier version of McAfee. But, RDC fails even if I disable McAfee.

8. I used to be with SBC DSL. I did the same setting, and had no
problem connecting to my home XP pro system through RDC.

 

[Pegasus \(MVP\)]

See below.

I have problem connecting to my XP through RDC. Could anyone help
diagnose? Thanks.

1. I want to connect to my home XP Pro SP2 system through Remote
Desktop Connection (RDC) from my company.

2. Pinging my home XP Pro system from outside gets timed out, I do
have a domain name.

- Does pinging resolve your domain name to the correct IP address?
- Did you adjust your office router to respond to external pings?

3. I have certainly enabled RDC for my account on this XP pro system.
RDC succeeds from inside the home LAN.

Good - this is an excellent test.

4. I use Comcast broadband + Linksys WRT54G Router at home. My home
PC is connected to the router with a regular ethernet cable.

Your home connection details are not relevant in this context.

5. I have configured port forwarding in the router for port 3389 on
my PC which has an internal IP of 192.168.1.101.

Which router? The office router? What happens when you run
this command on your home machine:

telnet aaa.bbb.ccc.ddd 3389
(aaa.bbb.ccc.ddd is your external office IP address)

6. I have made port 3389 an exception in the XP built-in firewall.
But RDC fails even if I turn off this firewall.

Keep it turned off during your tests.

7. I do have McAfee 8.0 installed, and I am not sure how to make 3389
port an exception with this version. I could easily do it with an
earlier version of McAfee. But, RDC fails even if I disable McAfee.

Disable McAfee during your tests.

8. I used to be with SBC DSL. I did the same setting, and had no
problem connecting to my home XP pro system through RDC.

I suspect that the port forwarding settings at your office router
are incorrect, or that a firewall is blocking your 3389 packets.

 

[antonyliu2002]

See below.






- Does pinging resolve your domain name to the correct IP address?
- Did you adjust your office router to respond to external pings?


Good - this is an excellent test.


Your home connection details are not relevant in this context.


Which router? The office router? What happens when you run
this command on your home machine:

telnet aaa.bbb.ccc.ddd 3389
(aaa.bbb.ccc.ddd is your external office IP address)


Keep it turned off during your tests.


Disable McAfee during your tests.


I suspect that the port forwarding settings at your office router
are incorrect, or that a firewall is blocking your 3389 packets.

Thank you for your reply. But I want to connect to my XP pro system
at home from the outside through RDC, not the other way round, as I
mentioned in Point 1.

 

[antonyliu2002]

See below.






- Does pinging resolve your domain name to the correct IP address?
- Did you adjust your office router to respond to external pings?


Good - this is an excellent test.


Your home connection details are not relevant in this context.


Which router? The office router? What happens when you run
this command on your home machine:

telnet aaa.bbb.ccc.ddd 3389
(aaa.bbb.ccc.ddd is your external office IP address)


Keep it turned off during your tests.


Disable McAfee during your tests.


I suspect that the port forwarding settings at your office router
are incorrect, or that a firewall is blocking your 3389 packets.

As a follow-up. Pinging my home XP system from the outside is OK, as
shown below, but telnet to port 3389 fails.

C:\Documents and Settings\antonyliu>ping 68.250.177.220

Pinging 68.250.177.220 with 32 bytes of data:

Reply from 68.250.177.220: bytes=32 time=52ms TTL=46
Reply from 68.250.177.220: bytes=32 time=48ms TTL=46
Reply from 68.250.177.220: bytes=32 time=49ms TTL=46
Reply from 68.250.177.220: bytes=32 time=47ms TTL=46

Ping statistics for 68.250.177.220:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 47ms, Maximum = 52ms, Average = 49ms

But telnet to port 3389 fails:

C:\Documents and Settings\antonyliu>telnet 68.250.177.220 3389
Connecting To 68.250.177.220...Could not open connection to the host,
on port 3389: Connect failed

 

[Pegasus \(MVP\)]

As a follow-up. Pinging my home XP system from the outside is OK, as
shown below, but telnet to port 3389 fails.

C:\Documents and Settings\antonyliu>ping 68.250.177.220

Pinging 68.250.177.220 with 32 bytes of data:

Reply from 68.250.177.220: bytes=32 time=52ms TTL=46
Reply from 68.250.177.220: bytes=32 time=48ms TTL=46
Reply from 68.250.177.220: bytes=32 time=49ms TTL=46
Reply from 68.250.177.220: bytes=32 time=47ms TTL=46

Ping statistics for 68.250.177.220:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 47ms, Maximum = 52ms, Average = 49ms

But telnet to port 3389 fails:

C:\Documents and Settings\antonyliu>telnet 68.250.177.220 3389
Connecting To 68.250.177.220...Could not open connection to the host,
on port 3389: Connect failed

Regardless of the direction of your RDP session, my previous
comments apply. If telnetting to port 3389 does not work
then one of the following requirements is not met:
- The external IP address must be correct.
- Your router must have a rule that directs port 3389 packets
to your home PC's internal IP address.
- Your home PC must have a fixed internal IP address.
- There must be no firewall that blocks port 3389 packets.
- Remote Desktop must be enabled on your home PC.

If you believe that all of these requirements are met and
you still don't get a connection then you could install a
network sniffer (e.g. Ethereal) on your internal network
to check if the port 3389 packets do in fact appear.

 

[antonyliu2002]

Regardless of the direction of your RDP session, my previous
comments apply. If telnetting to port 3389 does not work
then one of the following requirements is not met:
- The external IP address must be correct.

I am sure the external IP is correct. Since I can ping it from the
outside.

- Your router must have a rule that directs port 3389 packets
to your home PC's internal IP address.

Yes, I have this set up. The internal IP of my home PC is
192.168.1.101, and I have enabled forwarding port 3389 to this
internal IP.

- Your home PC must have a fixed internal IP address.

I understand your point, although this is not true for my case, when I
test it, I did check that my internal IP (through ipconfig) matched
the port forward setting in my router. So this isn't an issue.

- There must be no firewall that blocks port 3389 packets.

This isn't clear, since I said, that even if I turn off both McAfee
and the XP built-in firewall, RDC from the outside still fails. I
really doubt that comcast would block port 3389. It does not make
sense to me. I do have spybot installed, but I don't think this is a
problem.

- Remote Desktop must be enabled on your home PC.

This is certainly true, since as I said, that RDC inside the home LAN
goes without a problem. And I am not new to RDC. I have been using
it pretty well before when I was with SBC DSL.

 

[smlunatick]

I am sure the external IP is correct. Since I can ping it from the
outside.


Yes, I have this set up. The internal IP of my home PC is
192.168.1.101, and I have enabled forwarding port 3389 to this
internal IP.


I understand your point, although this is not true for my case, when I
test it, I did check that my internal IP (through ipconfig) matched
the port forward setting in my router. So this isn't an issue.


This isn't clear, since I said, that even if I turn off both McAfee
and the XP built-in firewall, RDC from the outside still fails. I
really doubt that comcast would block port 3389. It does not make
sense to me. I do have spybot installed, but I don't think this is a
problem.


This is certainly true, since as I said, that RDC inside the home LAN
goes without a problem. And I am not new to RDC. I have been using
it pretty well before when I was with SBC DSL.






- Show quoted text -- Hide quoted text -

- Show quoted text -

1 - You must check with the IT department (if there is one) so as to
see if company policies (aka: employee conduct rules) would permit
Remote Desktop Connections "out" from the company's Internet
connection/network.

2 - Home router must "forward" Remote Desktop port 3389 correctly.
Some routers have a tendancy to block this port if multiple rules
exist. Try using the DMZ setting -- no blocking of any IP traffic to
the "forwarded" IP address.

3 - Several ISP have been known to "block" ports above a certain port
range. They say that this is to block spywares/viruses but this also
"lames" the Internet functionality.

4 - You said McAfee. McAfee is widely known to be "buggy" and several
times, the port blocking is still in effect even if you tell it not to
block

You should try a different site than you company offices. This will
eliminate the problem @ your home.

 

[Pegasus \(MVP\)]

See below.

1 - You must check with the IT department (if there is one) so as to
see if company policies (aka: employee conduct rules) would permit
Remote Desktop Connections "out" from the company's Internet
connection/network.

2 - Home router must "forward" Remote Desktop port 3389 correctly.
Some routers have a tendancy to block this port if multiple rules
exist. Try using the DMZ setting -- no blocking of any IP traffic to
the "forwarded" IP address.

Doing this would expose the OP's home PC to the Internet -
a delight for any prowling hacker!

3 - Several ISP have been known to "block" ports above a certain port
range. They say that this is to block spywares/viruses but this also
"lames" the Internet functionality.

I have yet to see an ISP that blocks port 3389.

4 - You said McAfee. McAfee is widely known to be "buggy" and several
times, the port blocking is still in effect even if you tell it not to
block
Yes!

You should try a different site than you company offices. This will
eliminate the problem @ your home.

Excellent suggestion! If the OP cares to sent a note to
pegasus_fnlATyahooDOTcom then I'm happy to give
him a suitable test address. There is one little snag: I think
his problem is at his home installation.

 

[antonyliu2002]

1 - You must check with the IT department (if there is one) so as to
see if company policies (aka: employee conduct rules) would permit
Remote Desktop Connections "out" from the company's Internet
connection/network.

This is not an issue, bcoz I can RDC to my university lab's XP Pro
system from my company.

2 - Home router must "forward" Remote Desktop port 3389 correctly.
Some routers have a tendancy to block this port if multiple rules
exist. Try using the DMZ setting -- no blocking of any IP traffic to
the "forwarded" IP address.

Yes, this might be the problem. I'll check it out.

3 - Several ISP have been known to "block" ports above a certain port
range. They say that this is to block spywares/viruses but this also
"lames" the Internet functionality.

4 - You said McAfee. McAfee is widely known to be "buggy" and several
times, the port blocking is still in effect even if you tell it not to
block

You should try a different site than you company offices. This will
eliminate the problem @ your home.

I tried RDC to my home XP pro system from my university lab, not
successful either. But when I was with SBC DSL, I was able to connect
to my home XP pro system from my university lab.

 

[antonyliu2002]

See below.








Doing this would expose the OP's home PC to the Internet -
a delight for any prowling hacker!


I have yet to see an ISP that blocks port 3389.


Excellent suggestion! If the OP cares to sent a note to
pegasus_fnlATyahooDOTcom then I'm happy to give
him a suitable test address. There is one little snag: I think
his problem is at his home installation.

Here is the situation:

My Home ------RDC-------> My university: OK
My Company -----RDC------> My University: OK
My university ------RDC-------> My Home: Not OK
My Company -----RDC------> My Home: Not OK

 

[antonyliu2002]

1 - You must check with the IT department (if there is one) so as to
see if company policies (aka: employee conduct rules) would permit
Remote Desktop Connections "out" from the company's Internet
connection/network.

2 - Home router must "forward" Remote Desktop port 3389 correctly.
Some routers have a tendancy to block this port if multiple rules
exist. Try using the DMZ setting -- no blocking of any IP traffic to
the "forwarded" IP address.

Exactly this is the problem. I had enabled RDC for port 3389 on both
192.168.1.101 and 192.168.1.102 enabled.

I removed that one for 192.168.1.102 and it worked. I can RDC to my
home XP Pro from my university lab now.

I had this problem before with my IIS setting. I enabled port 80 on
both computers at home, and I was so frustrated, spent many hours
investigating the problem.

But, the lesson was not learned. Thank you for your reminder, which
resolved my problem and thus relieved me from days of frustration.