TCP 3389 and Remote Desktop

T

ThomFromPhilly

Is there any way to change the default port for Remote Desktop from 3389 for
a host computer running WinXP Professional? There is a conflict using a
Linksys wireless router for a peer to peer network when trying to access more
than one PC remotely as 3389 must be assigned to each static IP in addition
to the unique port number used in the URL. I am not an advanced user, any
detailed suggestions would be of great assistance. A Microsoft tech provided
instructions for changing the remote port using RegEdit, but it did not solve
the problem. Only one PC is remotely accessable on the network using a
unique port and the default port 3389 for Remote Desktop. No other PCs are
not accessable with a unique IPs with two unique ports assigned including the
default 3389.
 
S

Sooner Al [MVP]

For help accessing multiple PCs behind a router see this page...

http://theillustratednetwork.mvps.org/RemoteDesktop/Multiple_PC_RD.html

Alternatives would be to setup a VPN or SSH server on your network and
access all PCs with Remote Desktop through the one hole in the router
without needing the port hack.

In all cases use a *strong* password...

http://www.microsoft.com/protect/yourself/password/checker.mspx

--

Al Jarvi (MS-MVP Windows – Desktop User Experience)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375
 
T

ThomFromPhilly

Thank you very much for you suggestions.

Sooner Al said:
For help accessing multiple PCs behind a router see this page...

http://theillustratednetwork.mvps.org/RemoteDesktop/Multiple_PC_RD.html

Alternatives would be to setup a VPN or SSH server on your network and
access all PCs with Remote Desktop through the one hole in the router
without needing the port hack.

In all cases use a *strong* password...

http://www.microsoft.com/protect/yourself/password/checker.mspx

--

Al Jarvi (MS-MVP Windows – Desktop User Experience)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375
 
T

ThomFromPhilly

Your suggestion to change the default port 3389 via RegEdit does not solve
the problem, unfortunately. To access one PC on my peer to peer network
through a Broadband modem and wireless router, it appears two ports need to
be opened, the default 3389 and a second port with a unique number, both
assigned to one static IP. Opening only 3389 assigned to a static IP does not
allow access. It seems there must be a second port open for the same IP with
a unique number. If only one port is necessary, it would facilitate changing
the default port from 3389 using RedEdit in order to allow access to several
PCs with unique static IPs and default port numbers as you have suggested.
However, unless I am doing something wrong, changing the default port using
RedEdit and assigning a second unique port to the same unique IP does not
work. Any suggestions would be greatly appreciated and thank you in advance.
 
S

Shenan Stanley

ThomFromPhilly said:
Is there any way to change the default port for Remote Desktop from
3389 for a host computer running WinXP Professional? There is a
conflict using a Linksys wireless router for a peer to peer network
when trying to access more than one PC remotely as 3389 must be
assigned to each static IP in addition to the unique port number
used in the URL. I am not an advanced user, any detailed
suggestions would be of great assistance. A Microsoft tech
provided instructions for changing the remote port using RegEdit,
but it did not solve the problem. Only one PC is remotely
accessable on the network using a unique port and the default port
3389 for Remote Desktop. No other PCs are not accessable with a
unique IPs with two unique ports assigned including the default
3389.
snip>
To access one PC on my peer
to peer network through a Broadband modem and wireless router, it
appears two ports need to be opened, the default 3389 and a second
port with a unique number, both assigned to one static IP.

In order to access (using remote desktop/remote assistance in Windows XP) a
_single_ computer behind a router (like a netgear/d-link/linksys home router
you would get at Circuit City, Best Buy, Wal~Mart, etc...) you need only to
forward port 3389 on the router to the local IP of the machine you want to
remotely connect to *and* open up port 3389 through whatever software
firewall you utilize on said computer *and* have Remote Desktop turned on
(default settings) on the machine *and* have accounts on that machine with
passwords that are members (directly or by inheritance) of the "Remote
Desktop Users" group.

This assumes your modem is purely a modem - not a NAT device in its own
right (or those features have been disabled.)
Opening only 3389 assigned to a static IP does not allow access.
It seems there must be a second port open for the same IP with a
unique number.

Not for a single machine - see above.
If only one port is necessary, it would facilitate
changing the default port from 3389 using RedEdit in order to allow
access to several PCs with unique static IPs and default port
numbers as you have suggested

One method of accessing several machines behind a single router is to change
the listening port for Remote Desktop on the computers behind said router
and then forward the appropriate port(s) to the approproate machine(s) on
the router itself... Then when using the remote desktop client -
router-ip:port is entered instead of just router-ip (specifying the port to
specify the machine.) There *are* other methods.
However, unless I am doing something
wrong, changing the default port using RedEdit and assigning a
second unique port to the same unique IP does not work.

Somehow I feel you are making this more complicated than it should be.
Any suggestions would be greatly appreciated and thank you in
advance.

1) Leave one machine that is behind the router untouched - at least as far
as the port that is used to listen for remote desktop requests (3389.)
Assign this machine a static IP.
2) On each of the other machines, change the port - for example, let's say
you have four total machines... Leaving one at 3389, change the listening
port on the next one to 3390, the next to 3391 and the last to 3392. Assign
each these other machines static IPs.
3) On your router, create forwards for each port (3389, 3390, 3391, 3392) to
each corresponding static IP for the machines.
4) Ensure Remote Desktop is enabled on each of the machines.
5) Ensure you have valid username/passwords for each of the machines.
6) Ensure the software firewalls of each of the machines are allowing the
repective port/application through the firewall (Remote Desktop.)
7) Make sure the user you will be utilizing to remote to the machines is a
member of the Remote Desktop Users group (or is a member of the
administrators group - which makes them a member of the other group
automatically.)

If you have all of those done for each of the machines on your private
network, then when you are away you merely need to know the IP address for
the router and which machine you wish to connect to (and the
username/password of course.) When running the Remote Desktop Client - for
all of the machines that are *not* using port 3389 (the default one) - you
will put the ip-address:port... The PUBLIC IP Address of the router, colon,
the port of the machine you wish to connect to.

http://whatismyip.com/
 
S

Sooner Al [MVP]

Each PC must have its own private static LAN IP. For example port forwarding
to PC-A on TCP Port 3389 and PC-B on TCP Port 3391 would then work as
illustrated in the first reference. Remember that when you do the registry
hack to change the listening port on PC-B you need to reboot PC-B (or any PC
you change the RDC listening port on).

You call each using the public IP of your router and appending the port to
the address.

Example - 12.34.56.78:3389 for PC-A and 12.34.56.78:3391 for PC-B. Carry out
that port changing scheme and addressing for each additional PC, ie. PC-C ->
12.34.56.78:3392, PC-D -> 12.34.56.78:3393 and so on.

You may, or may not, find it easier to setup a VPN or SSH tunnel. Then you
can access any PC on your network through the VPN or SSH tunnel and not have
to change any registry entries.

--

Al Jarvi (MS-MVP Windows – Desktop User Experience)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top