Remote Desktop "network error" with port 3389 listening

[isu_paulpatine]

I am unable to connect to my computer that has been setup to host a
remote desktop session. The remote desktop checkbox is selected under
system>remote. The windows firewall is turned off and the exception for
remote desktop is checked to allow it. I am running Windows XP Pro
SP2. I have no antivirus software running and netstat -as says that
port 3389 is listening. I am connected to the internet through a
Linksys DI-524 router. I don't think the router is the problem, because
another computer connected to the router was setup for RD and works
fine. I took the same steps to set it up on both machines which are
almost identical in os and hardware. One works, one doesnt. I know the
ip is correct because it finds the (host)computer, but sends back an
error citing a network error.I am thinking that at sometime my registry
was changed to cause port 3389 to go into stealth mode. I altered my
registry before for spyware infections to fix things. Is there some
location in the registry i can "regedit" and take 3389 out of stealth
mode? I am fairly sure no active programs are causing the problem.
Suggestions?

 

[Melvin]

I would like to try to help you with this. I am familiar with that router
and have experience with RDP.

You mention that you have two computers inside the firewall; one that works
and one that doesn't. Let's call them PC1 (the one that works) and PC2 (the
one that doesn't work). Let's also call the corresponding IP addresses for
these machines IP1 and IP2 - i.e. 192.168.0.x where x identifies which
machine it is.

You did not mention where your remote desktop connection attempts are
originating from - i.e. a 3rd PC (let's call it PC3) that's internal (inside
the firewall) or external (outside the firewall). If PC3 is external then
that means a route has been opened up on your firewall that allows incoming
traffic on port 3389 and sends it over to port IP1:3389. Could you please
advise on INTERNAL vs EXTERNAL for PC3?

OK so now let's do some basic troubleshooting. We can eliminate the router
from the equation by testing RDP connectivity between the two internal PCs.
So, on PC1 try opening up a remote desktop connection to PC2 and see if that
works. You'll need to use PC2's internal IP address (IP2). Please advise
if this works (PC1 --> PC2). Next, try the same thing in reverse: on PC2
try opening up a remote desktop connection to PC1 and advise if this works
(PC2 --> PC1).

Please report back on 3 requested results.


Getting back to PC3: assuming that it's external then a route has been
created on your firewall to allow the incoming traffic. Please go into the
admin of the DI-524 router from one of your internal PCs, click on the
Advanced Tab (at top) and then choose the Virtual Server page (button at
side). I bet you will find an entry in the "Virtual Servers List" that
looks something like:

Name : Private IP : Protocol : Schedule
Remote Desktop (or similar name) : IP1 : TCP 3389/3389 : (whatever)

Is it there? Well if it is note that it only has the IP address for PC1
(the one that works) and not for PC2 (the one that doesn't work). Note also
that this is a "one to one" mapping (not a "one to many") and that it's
simply not possible to route port 3389 (external) to two different targets
(internal).

So, if we're going to make things work we need to create a 2nd mapping that
routes a different external socket port to port 3389 on PC2. You can add an
entry to the list that does that. (That is one of the good things about
D-Link routers versus some of the other manufacturers.) So just go to the
top of the page and add an entry like this:

Name: Remote Desktop #2
Private IP: IP2 (type the internal IP address of PC2)
Protocol Type: TCP
Private Port: 3389 (the target port for RDP on PC2)
Public Port: your favourite 4-digit number above 1024 here (e.g. 4321
Schedule: whatever

Now, having created this 2nd mapping (route), you can try connecting to PC2
as follows:

1. Start up Remote Desktop Client on PC3
2. Enter external address of DI-524 router.
3. Append ":" + the 4-digit number entered above.
4. Connect.

e.g. 05.55.12.12:4321

Let me know results of all your testing / fiddling.