• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 358
  • Last Modified:

> Problem connecting RDP through ICS

[ Xs used to mask external IPs for security. No Xs are actually used in addresses ]

I have 5 PCs set up Peer-to-Peer.  I designated one PC for ICS with 192.168.0.1 on one NIC and the 68.84.XXX.XXX external IP on a second NIC (shared ICS), which we'll call the "server."  The 4 other PCs access the internet through the server which works fine.

The server is running Windows 2000
The 4 other PCs are running Windows XP Professional

I setup IIS RDP on the 4 XP machines per this site: http://www.microsoft.com/windowsxp/using/networking/expert/northrup_03may16.mspx

I can access any one of the 4 XP machine via Internet Explorer now from any of the 5 PCs on the LAN by http://192.168.0.X:999X/tsweb/
(I chose 9999 to go with 3389 for my TCP ports for one XP machine and this example)

So, internally, it all works perfectly on the LAN without a hitch, telling me it's all setup correctly.

----------

THE PROBLEM: port mapping with Windows 2000 ICS when attempting to connect to one of the XP machines from outside the LAN (on internet at home, e.g.)

NOTE: all troubleshooting done with firewalls disabled (Norton Internet Security) on all 5 PCs to rule out firewall issues.  Windows firewall is also disabled on all 4 XP machines.

On the server, I followed these instructions to map ports from external requests to the internal IPs (http://wpool.com/cablesharing/10.1.htm)
(To map ports in Windows 2000/XP ICS, open your "Network and Dial-up connections" Control Panel. Right-click on the network card that's connected to the internet and choose "Properties". Click on the "Sharing" tab. Click on "Settings". Click on the "Services" tab. Here you can add port mappings.)

1: in "Name of Service," I put: RDS_Map_3389
2: in "Service Port Number," I put: 3389
3: I checked TCP
4: in "Name or address of server computer on private network," I put: 127.0.0.1

I repeated these 4 steps for TCP port 9999 (and the other ports for the other 3 PCs)

However, when I try to access this XP machine from the internet with http://68.84.XXX.XXX:9999/tsweb/ I just get "Page Cannot be Displayed..."

When this did not work, I put the exact internal IP: 192.168.0.2 into the ICS port mapping settings where I tried 127.0.0.1 first, but this did not fix the problem either.

I still cannot get in from the outside.

What am I missing here?  

THANKS!

0
simkiss
Asked:
simkiss
  • 12
  • 11
1 Solution
 
bmquintasCommented:
Tsweb also requires port 80... you have to map that one too.
0
 
bmquintasCommented:
Got a bit confused  "However, when I try to access this XP machine from the internet with http://68.84.XXX.XXX:9999/tsweb/"  isn't this one the server? 2000pro?

Since you changed the default port 80 to 9999, you have to map that one.
0
 
bmquintasCommented:
Also when you do this;

1: in "Name of Service," I put: RDS_Map_3389
2: in "Service Port Number," I put: 3389
3: I checked TCP
4: in "Name or address of server computer on private network," I put: 127.0.0.1

You're mapping to the windows 2000 pc. ONLY!

My advice:
Get rid of the IIS on the XP's.
Be sure to enable remote desktop on the Xp's.
Do this to get one of them:

1: in "Name of Service," I put: RDS_Map_3389
2: in "Service Port Number," I put: 3389
3: I checked TCP
4: in "Name or address of server computer on private network," I put: 192.168.0.x

Once inside it, you can remote to the others.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
simkissAuthor Commented:
Answering multiple posts...

1. Port 80 is already mapped.
2. from my home, I would use http://XXX.XXX.XXX.XXX:9999/tsweb/.  XXX.XXX.XXX.XXX being the external IP of my office server; 9999 being the port I mapped on the Server to reach my PC at 192.168.0.2
3. Port 9999 is already mapped to my PC (192.168.0.2), as well as 3389.
4. I see that 127.0.0.1 wouldn't work since it's a "loop" but I changed it to map to 192.168.0.2 and it still didn't work.
5. I tried the part under "My advice" but it doesn't change anything.

any idea what to try next?

Also: I have the ability to install XP on the server.  Would this change anything?  It doens't seem like it would from my research but if you know otherwise, please tell.
Thanx
0
 
bmquintasCommented:
Have you done any mappings on the XP's?
If so remove them.
You just need to map in the 2000 pro.
Double check the firewall status
0
 
simkissAuthor Commented:
mapping on XPs: no
firewall is disabled on all PCs
0
 
bmquintasCommented:
How are you connecting from the outside? Browser? RDP client? OS?
0
 
simkissAuthor Commented:
via IE 6.0
0
 
bmquintasCommented:
That way won't do it, after uninstalling IIS from the Xp's, you'll only need to use the Remote Desktop Connection Features ->Programs->Accessories->Comunications->Remote Desktop

In the box just enter your external IP
0
 
simkissAuthor Commented:
The Microsoft webpage on Remote Desktop specifically says you must have IIS installed on each machine you want to be able to reach.  I don't understand you want me to uninstall what the instructions say to do.  Is Microsoft wrong?  (wouldn't be the first time :o)

I think there is some miscommuncation here.  I need to leave my pc on at work (192.168.0.2), go home.  Open a browser at home and enter http://68.84.XXX.XXX:9999/tsweb/ and have my work pc appear on my home screen.  When I do this at work, I use the internal IP.  I open a browser on another employees desk and enter http://192.168.0.2:9999/tsweb/ and my PC's desktop appears on their screen.

On the ICS machine, I have port 3389 and port 9999 mapped to 192.168.0.2.  However when I try from home with http://68.84.XXX.XXX:9999/tsweb/, I cannot get it like I can from the LAN at work.

I hope that helps.
0
 
simkissAuthor Commented:
I posted a diagram of my setup here:  http://www.simkiss.net/mark/networksetup.jpg

I need to reach PC#2 at work from my home PC.

I can reach PC#2 from PC#1 or PC#3 with http://192.168.0.2:9999/tsweb/
I cannot reach PC#2 from my home PC with http://68.84.xxx.xxx:9999/tsweb/

0
 
bmquintasCommented:
As for microsoft, i'll say:

Open remote desktop and type :

remaxpremium.no-ip.com

and tell me what you get
0
 
simkissAuthor Commented:
on which PC?
0
 
bmquintasCommented:
anyone, anywhere
0
 
simkissAuthor Commented:
ok, silly question. What do you mean by "open remote desktop" ??  I've only seen it done by Internet Explorer.  Is there a RD application?
0
 
bmquintasCommented:
yes there is:

if you're using xp pro:

->Programs->Accessories->Comunications->Remote Desktop

0
 
simkissAuthor Commented:
ok.  it connected to a Windows Server 2003 PC
0
 
bmquintasCommented:
that's what you want right?

Not to mine :)

And i don't have IIS on it, it's just one more service running , and one more security concern.


Enable remote desktop on your XP's

Map the 3389 port on the 2000 pc to one of them, and at home use RD like you did 5 minutes ago.
0
 
simkissAuthor Commented:
already have Remote Desktop enabled.  still doesn't work from outside.  it only works internally.  I can do the same as your test from this pc to another in this office..  the Win2k server is not forwarding the mapped port info to PC#2 (i think)


I want you to connect to me, for example, and reach my pc (192.158.0.2).  that doesn't work.
0
 
bmquintasCommented:
yes that's for sure a problem with ICS
0
 
simkissAuthor Commented:
it seems I am getting on now.  All I did was restart the PC with ICS and voila.  

Who knew?  :O)
0
 
simkissAuthor Commented:
I'd like to give you points for helping, but I'm not sure what to designate as the "answer" for future users who need help on this.
suggestion?

0
 
bmquintasCommented:
lol, choose the one you think helped more, either way if someone reads all the posts they'll get there.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 12
  • 11
Tackle projects and never again get stuck behind a technical roadblock.
Join Now