Technical Discussion
  >> Home Networking, Internet Connection Sharing, etc.


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | (show all)   Print Thread
Standard User trolleybus
(newbie) Mon 04-Apr-11 16:06:15
Print Post

Remote Desktop Conndection problems


[link to this post]
 
Difficult to know where to post this issue but this segment of thinkbroadband forums seems to be about right. Basically I am having difficulties in setting up a Remote Desktop Connection and would welcome some advice.

For obvious reasons I don't want to give out information useful to hackers so please allow me to dream up some phantom facts to allow my problem to be described.
1) The fixed IP address of the office is: 207.32.245.187 and is know as cassy.wired.org
2) The IP address of the Windows7 Pro PC n the office is: 192.168.34.18
3) The name of the PC is SPIRIT
4) The log-on id is Bill
5) The password to the PC is Betty1961()

Now there is a lot of information on the web of how to set up Remote Desktop Connection [RDC] but clearly I am not up to the task. Apparently RDC works on port 3389 but it was strongly recommended to change this. So using regedit it was changed to 61527. Next I configured the router [draytek 2800] with a Port Redirection Entry of Service Name: KCRDC, Protocol: TCP, Public Port: 61527, Private IP: 192.168.34.18 and Private Port 61527. It was made active and saved.

Next on the Windows7 PC I enabled RDC but nothing more.

I then moved over to another computer on the LAN [Running Xp Pro], fired up RDC and entered the IP address 192.168.34.18 and was presented with the logon screen of the target PC. In my mind I could not understand why the port number 61527 was not being asked for, but I was 'in' the target PC.

I now go home and fire up my Xp Pro PC. Start RDC and initially enter 207.32.245.187 but the connection was refused. So I tried 207.32.245.187:61527 but still no joy. Also tried 207.32.245.187:3389 but again nothing. Decided to disable ESET on my computer but that made no difference.

I am now out of ideas what to do next. Can anybody please help me with the error of my ways as it would really be appreciated?
David
Standard User Rockh
(eat-sleep-adslguide) Mon 04-Apr-11 16:42:59
Print Post

Re: Remote Desktop Conndection problems


[re: trolleybus] [link to this post]
 
From my understanding RDC is one of Microsoft's better creations and has not been compromised provided good un / password combinations have been used. I have never needed to change the default port and would probably do so with reluctance.

As it apparently works on the local lan, I would check out whether the port on the router is open, www.grc.com has a port scanner where you can specify port numbers (I don't subscribe to Gibson's scaremonger tactics but the tools are decent).

Dave

Edited by Rockh (Mon 04-Apr-11 17:09:33)

Standard User john2007
(legend) Mon 04-Apr-11 16:44:58
Print Post

Re: Remote Desktop Conndection problems


[re: Rockh] [link to this post]
 
I'd certainly try the default port first, ports above 50,000 can be iffy.


Register (or login) on our website and you will not see this ad.

Standard User pmb00cs
(eat-sleep-adslguide) Mon 04-Apr-11 19:22:35
Print Post

Re: Remote Desktop Conndection problems


[re: trolleybus] [link to this post]
 
Following on from the advise already offered I would try specifically blocking outgoing port 3389 on the XP pc on the LAN that you initially tested RDC from if you want to be sure your reg hack actually worked.

Alternatively, you could remove the reg hack, leave the PC offering RDC over port 3389, and set up a port forward in the draytek from whichever altered port you so desired and set this to forward to port 3389 on the LAN side.

Personally, despite the advice already offered I would wish to restrict access to RDC port (default port of 3389 or otherwise) to a strict list of IP addresses if possible. But then I do have a predilection towards the paranoid mindset.

happily chugging along on plusnet and Virginmedia (yes I am greedy)
My web server
Standard User trolleybus
(learned) Mon 04-Apr-11 20:09:53
Print Post

Re: Remote Desktop Conndection problems


[re: pmb00cs] [link to this post]
 
In reply to a post by pmb00cs:
Following on from the advise already offered I would try specifically blocking outgoing port 3389 on the XP pc on the LAN that you initially tested RDC from if you want to be sure your reg hack actually worked.

Alternatively, you could remove the reg hack, leave the PC offering RDC over port 3389, and set up a port forward in the draytek from whichever altered port you so desired and set this to forward to port 3389 on the LAN side.

Personally, despite the advice already offered I would wish to restrict access to RDC port (default port of 3389 or otherwise) to a strict list of IP addresses if possible. But then I do have a predilection towards the paranoid mindset.


Responses so far received unfortunately were not the gateway to success. A port scan showed all regular ports in stealth mode and also 3389 plus my hack port.

For other reasons a VPN is also established onto the work network from time to time. It therefore becomes possible to have a 'remote' RDC session when the VPN is up. Either the LAN address or name of the computer can be used with success. Since this works I am minded to call it day on this problem but it annoys me that I can't crack this issue. Using VPN for RDC is this method less or more secure?

David
Standard User Rockh
(eat-sleep-adslguide) Mon 04-Apr-11 21:00:56
Print Post

Re: Remote Desktop Conndection problems


[re: trolleybus] [link to this post]
 
VPN is secure.

Just reread and did you also forward the UDP protocol as well as the TCP, RDC needs both.

Dave
Standard User prlzx
(committed) Mon 04-Apr-11 21:46:04
Print Post

Re: Remote Desktop Conndection problems


[re: Rockh] [link to this post]
 
In reply to a post by Rockh:
Just reread and did you also forward the UDP protocol as well as the TCP, RDC needs both.


Just checked my firewall config and no, my RDP forwarding, works with TCP only. I believe RDP is encrypted though some of the keys used have entered the public domain. But RDP over VPN (or an SSH tunnel) are solid choices.

I'd endorse a previous suggestion that there is no good reason change the port in Windows, rather, use the router to forward from a different (high) public port (e.g. 53389/tcp) to the standard Windows port 3389/tcp, limiting the allowed source IPs / networks where possible.

With XP, you need to make sure that in addition to Remote Desktop being enabled, the user you want to connect as is listed in the Allowed Users and that Remote Desktop is allowed by the Windows Firewall (or any other software firewall) in addition to the router firewall. Windows Firewall needs to allow the connection from Any computer (not just local subnet) or you can specify custom source IPs / networks as above.

If you have changed the port in the Registry then the rule in Windows Firewall probably did not follow the port you chose.

Nothing needs changing with the configuration on the computer you are connecting from. Just specify the computer to connect to as public-ip:public-port.

Windows Remote Desktop client has some advanced settings - such as looking for a Terminal Services gateway first, but you can turn that off to make the initial connection negotiate quicker.



prompt $P - Invalid drive specification - Abort, Retry, Fail? $G
prlzx on n e w n e t Max ADSL
Standard User E7er
(knowledge is power) Tue 05-Apr-11 09:06:50
Print Post

Re: Remote Desktop Conndection problems


[re: trolleybus] [link to this post]
 
Hi, Windows Remote Desktop tuition.

Windows XP http://www.microsoft.com/windowsxp/using/mobility/ge...

Windows Vista, great video http://www.youtube.com/watch?v=xT6eArAcoS8

Windows 7 http://www.youtube.com/watch?v=CL8NuI9C01M&feature=r...

Windows remote desktop http://www.youtube.com/watch?v=pXYJWRsvg6E

Orange (SMPF) LLU 20 Meg. Sync 11864 Kbps Downstream, 1157 Kbps Upstream.
3Com 3CRWDR101A-75 ADSL2/2+ wireless router
Netgear DGN1000 ADSL2+ wireless N 150 Router supplied by Orange
BT Business Hub 2Wire 2700HGV v2 ADSL2+ Dual SSID wireless Router
Standard User Deadbeat
(knowledge is power) Tue 05-Apr-11 22:03:41
Print Post

Re: Remote Desktop Conndection problems


[re: trolleybus] [link to this post]
 
Team Viewer is much more configurable and much less of a pain to set up.
Standard User trolleybus
(learned) Tue 05-Apr-11 22:57:17
Print Post

Re: Remote Desktop Connection problems


[re: prlzx] [link to this post]
 
I will print off every response received because collectively it is an excellent resource and a good check list for the things to, and not, do. In the end I decided to continue to use RDC with VPN with that connection but with another geographic site and computer I wanted to crack this issue.

Yes in that second case I have got it to work, that is to say the target PC is Windows7 with an Xp PC using RDC. Not exactly sure what tweak I did to get it to work but what seemed to help was rebooting the Windows7 machine which caused ESET to spring into life with a RED warning that a remote computer was attempting to connect on port 3389. Because the displayed IP was not one I recognised the connection was only given a limited life but it certainly enabled an RDC connection for me.

If you are wondering how I was seeing what was going on at both locations I was additionally using logmein123 to monitor the situation.

Trying to figure out what exactly to enter into the router to open up the port was helped by the tutorial on portforward.com and I need to discover what to enter into ESET for future reference.

What is plainly obvious is that the target PC needs a fixed IP or the IP bound to MAC. Also the target PC is on a dynamically allocated WAN address but dyndns.org will get round that problem.

I would like to thank everyone who responded to this thread but because everything appears OK for me, don't stop the advice coming as there may be a further gem to be added to my overloaded memory bank.

David



In reply to a post by prlzx:
In reply to a post by Rockh:
Just reread and did you also forward the UDP protocol as well as the TCP, RDC needs both.


Just checked my firewall config and no, my RDP forwarding, works with TCP only. I believe RDP is encrypted though some of the keys used have entered the public domain. But RDP over VPN (or an SSH tunnel) are solid choices.

I'd endorse a previous suggestion that there is no good reason change the port in Windows, rather, use the router to forward from a different (high) public port (e.g. 53389/tcp) to the standard Windows port 3389/tcp, limiting the allowed source IPs / networks where possible.

With XP, you need to make sure that in addition to Remote Desktop being enabled, the user you want to connect as is listed in the Allowed Users and that Remote Desktop is allowed by the Windows Firewall (or any other software firewall) in addition to the router firewall. Windows Firewall needs to allow the connection from Any computer (not just local subnet) or you can specify custom source IPs / networks as above.

If you have changed the port in the Registry then the rule in Windows Firewall probably did not follow the port you chose.

Nothing needs changing with the configuration on the computer you are connecting from. Just specify the computer to connect to as public-ip:public-port.

Windows Remote Desktop client has some advanced settings - such as looking for a Terminal Services gateway first, but you can turn that off to make the initial connection negotiate quicker.
Pages in this thread: 1 | 2 | (show all)   Print Thread

Jump to