Remote assistance connection-problems

Case: I wish to offer remote assistance to the users in the company, when they are connected on our LAN or remote by VPN.

With a group policy I've allowed both Remote Desktop access (for test purposes) and Remote Assistance access to the workstation (XP), and with a group policy I made sure that the windows firewall are not preventing access between the LAN and VPN-users, as well as there are no firewall between the LAN and VPN. When testing, I connect from our domain-controller (2003) with remote desktop and remote assistance to the workstation which I wish to control remotely.

Here comes my headache:
When the workstation are connected to the LAN, I can connect via remote desktop and I can offer remote assistance - No problems. The terminal service is listening on port 3389.

When the workstation are connected from VPN, I can connect via remote desktop - but I can not offer remote assistance to the computer. The remote assistance client complains: "The remote server machine does not exist or is unavailable" - even though the service is listening on port 3389, and that I can remote desktop to the workstation, as well as I can ping to the workstation of course.

I've tried to monitor the ISA-server on which the VPN are running, and all traffic between the workstation and the domain controller is being categorized into the access rules, and all traffic are given status "Allowed"

Have you got any ideas on what is wrong here?

Thanks in advance.
Krak-ITPAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SirtenKenCommented:
Krak-ITP,
Are you typing in the computer name or the IP address into the remote assistance client? If you can't find the computer, but can ping it, name resolution requests may not be working.

Did you turn the windows firewall off on the workstation (connected through VPN) in question, or just put in all of the exceptions that seem to be required?

You can try using the port query tool from MS as well:
http://support.microsoft.com/default.aspx?kbid=832919

Ken
0
BrentxhangeCommented:
Are Remote assistance and Remote Desktop listening on the same port?  If so it will not connect because you cannot have more than one service listining on the same port
0
Krak-ITPAuthor Commented:
SirtenKen - I'm connecting by IP-adress, so name resolving is not an issue. Windows firewall are disabled on the workstation, both in standard policy and domain policy.

PortQry returns:
  Querying target system called:
  10.255.254.6
  Attempting to resolve IP address to a name...
  IP address resolved to ITSERVICEBAR2
  querying...
  TCP port 3389 (unknown service): LISTENING


Brentxhange - Both use the Terminal Services service, which is listening on port 3389. And when connected on LAN, the workstation can be reached by both services, on same port, so port conflicts are not an issue.
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

rbowallCommented:
Actually, you can configure a different port in the 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber' registry key. Check this and make sure it is 3389 but I imagine it is seeing as you can successfully RemoteDesktop. It's just RemoteAssistance you are having trouble with.

You also need to check on the client that

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fAllowToGetHelp=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections=0

Which is the same as manually checking the boxes in My Computer Properties/Remote.


0
Krak-ITPAuthor Commented:
rbowall - those keys are set by group policy, and remote assistance works fine when I'm on our LAN but not by VPN. Terminal Services is listening on port 3389.
0
SirtenKenCommented:
Krak-ITP,
Are you able to use Gencontrol? This may be an alternative for offering Remote assistance, since you can see what the user is doing and take over as needed.
http://www.gensortium.com/products/gencontrol.html
Are you having trouble sending the emails that a user replys to in order to accept the assistance session, or you don't even get that far?
Ken
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Krak-ITPAuthor Commented:
SirtenKen - I will try the software tomorrow, but I would really like to use the services available in Windows already instead of 3rd party software. I'm using unsolicited remote assistance, so the user is not requesting assistance by e-mail or MSN Messenger - which, again, is working on the LAN but not from VPN.
0
rbowallCommented:
Have you determined whether the problem is the laptop itself or the connection? You could save hours of troubleshooting time by trying another machine at the same network location as the problem machine. Then we can focus on the machine or the network/firewall.
0
Krak-ITPAuthor Commented:
rbowall - I have tried another machine with a fresh install of XP, but it is the same problem. When I try ot initiate the remote assistance session I turn on monitoring on the ISA server, on which the VPN is served, and no traffic is marked as blocked or not allowed.

Maybe I could try some packet-sniffing utililty on the machine that are supposed to be controlled remotely, and compare the incoming packets on both LAN and VPN. Do you know how to perform such a test?
0
rbowallCommented:
Yes, that will be the next step as it looks more like a netwok problem. Go to www.ethereal.com and download. You will also need to install WinPCap (Windows Packet Capture), which is an NDIS intermediate driver, installed as a protocol. I believe this is packaged in the setup file from the ethereal website. Have a play with it - it is fairly straight forward - then test on both the client and the server. In both cases (RD/RA), the connection should be initiated from your PC on the LAN (client) and received at the remote computer (server). What VPM product are you using?
0
Krak-ITPAuthor Commented:
SirtenKen - I've tried the program and it's brilliant :) It has all the great things xVNC has, and the ability to connect by IP. Goodbye Remote Assistance.

Thanks for all your input.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.