RDC for Dummies

[WSR]

First of all your help is greatly appreciated

XP SP3 Fully patched laptop (PC1)
XP SP3 Fully patched desktop (PC2)

I can create an RDC to the PC2 when I bring the laptop to work and plug in
the ethernet cord and connect to our network.

When I bring the laptop home and use my wireless network to do the
samething, I get the typical error message "This computer can't connect to
the remote computer. Try connecting again. If the
problem continues, contact your network administrator or technical support"

RDC is enabled on PC2, no anti-virus programs, firewall exceptions for the
port is enabled as well.

I've reviewed most of the applicable posts and have tried many of the
suggestions / links to solve:

I know the network is fine. Additionally, running on both PC1 & PC2
'netstat -a' shows that both computers are listening on port 3389.

One link had the following Regedit solution that solved it for another user:
1. Start Registry Editor.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TermService\Parameters
3. Under this registry subkey, delete the following values:
* Certificate
* X509 Certificate
* X509 Certificate ID
4. Quit Registry Editor, and then restart the server.

I could not find the values listed in step 3 in either PC1 or PC2.

Any suggestions are appreciated.

 

[Bob Lin \(MS-MVP\)]

How do you connect to PC2 at home? Do you use a public IP? If yes, have you
forward the port 3389 to the PC2?

--
Bob Lin, Microsoft-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com

 

[WSR]

Currently I cannot connect to PC2 from home.

That's what I'm trying to set up (I have a long commute!).

I have a ISP at from home to access the internet.

Heres what I've done so far.
1. I created on PC1 a *.rdc file that produces an active RDC connection when
I bring PC1 to the office and connect via an ethernet cord.
2. I go home and try to use that same *.rdc file from PC1 using my ISP to
create a connection to PC2 and I get an error message.

Let me know if that makes it clearer.

 

[Geoff]

First of all your help is greatly appreciated

XP SP3 Fully patched laptop (PC1)
XP SP3 Fully patched desktop (PC2)

I can create an RDC to the PC2 when I bring the laptop to work and plug in
the ethernet cord and connect to our network.

When I bring the laptop home and use my wireless network to do the
samething, I get the typical error message "This computer can't connect to
the remote computer. Try connecting again. If the
problem continues, contact your network administrator or technical support"

RDC is enabled on PC2, no anti-virus programs, firewall exceptions for the
port is enabled as well.

I've reviewed most of the applicable posts and have tried many of the
suggestions / links to solve:

I know the network is fine. Additionally, running on both PC1 & PC2
'netstat -a' shows that both computers are listening on port 3389.

One link had the following Regedit solution that solved it for another user:
1. Start Registry Editor.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TermService\Parameters
3. Under this registry subkey, delete the following values:
* Certificate
* X509 Certificate
* X509 Certificate ID
4. Quit Registry Editor, and then restart the server.

I could not find the values listed in step 3 in either PC1 or PC2.

Any suggestions are appreciated.

This sounds more like an ordinary firewall/router problem. When you
are inside the LAN with the laptop your client machine and server
machine are in the same subnet or network and you can connect. When
you are at home you are outside the LAN at the office and cannot
connect. Messing with the registry and certificates will not solve the
problem.

There are some issues you must resolve:

You cannot access PC2 unless the firewall/router at your office allows
connections to 3389 to be forwarded to it. Depending on the size of
the network at the office, this may or may not be a viable solution.
Singling out PC2 as the target of the port-forwarding in an office
setting makes it impossible for anyone else to access any other
machines remotely via RDP. Incoming port 3389 on the router will be
dedicated to serving PC2 and only PC2. This also exposes PC2 to
potential attack via the open port 3389. One could use different ports
for different machines but this complicates the setup of client
machines and requires actively maintaining all the port-forwards in
the border router to forward to the correct machines.

A better solution is a VPN server at the office. This will allow your
laptop to connect securely via VPN tunnel to the office and receive a
LAN-side IP address consistent with the office network. All firewall
issues disappear and you will be able to connect PC1 and PC2 as though
you were plugged into the LAN locally.

If it is a sizable organization your IT department should have a
viable VPN solution at hand and they can assist you with making the
connections. This assumes your IT security policies allow remote
access of company assets. If it is a small office and you are in
charge then it will be necessary to obtain a router capable of
implementing VPN if the one you currently have doesn't support it.

 

[WSR]

Thanks so much for the feedback.

We are a small office and I have Admin priviledges to our server which is
has MS Server 2003 on it so I could check the availability of port 3389 at
our server.

With respect to having others use RDC, I'm the only one in the office that
would use the service.

 

[Bob Lin \(MS-MVP\)]

That is the problem. In most cases, the computers in the office use private
IP addresses. At home you must access the office public IP address and also
make sure the router/firewall has forwarded the port 3389 to the PC2.

--
Bob Lin, Microsoft-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com

 

[WSR]

Thanks Bob:

I appreciate the feedback and will keep you posted on the progress here.