We help IT Professionals succeed at work.

Remote assistance connection-problems

Krak-ITP
Krak-ITP asked
on
Medium Priority
562 Views
Last Modified: 2008-02-01
Case: I wish to offer remote assistance to the users in the company, when they are connected on our LAN or remote by VPN.

With a group policy I've allowed both Remote Desktop access (for test purposes) and Remote Assistance access to the workstation (XP), and with a group policy I made sure that the windows firewall are not preventing access between the LAN and VPN-users, as well as there are no firewall between the LAN and VPN. When testing, I connect from our domain-controller (2003) with remote desktop and remote assistance to the workstation which I wish to control remotely.

Here comes my headache:
When the workstation are connected to the LAN, I can connect via remote desktop and I can offer remote assistance - No problems. The terminal service is listening on port 3389.

When the workstation are connected from VPN, I can connect via remote desktop - but I can not offer remote assistance to the computer. The remote assistance client complains: "The remote server machine does not exist or is unavailable" - even though the service is listening on port 3389, and that I can remote desktop to the workstation, as well as I can ping to the workstation of course.

I've tried to monitor the ISA-server on which the VPN are running, and all traffic between the workstation and the domain controller is being categorized into the access rules, and all traffic are given status "Allowed"

Have you got any ideas on what is wrong here?

Thanks in advance.
Comment
Watch Question

Krak-ITP,
Are you typing in the computer name or the IP address into the remote assistance client? If you can't find the computer, but can ping it, name resolution requests may not be working.

Did you turn the windows firewall off on the workstation (connected through VPN) in question, or just put in all of the exceptions that seem to be required?

You can try using the port query tool from MS as well:
http://support.microsoft.com/default.aspx?kbid=832919

Ken
Are Remote assistance and Remote Desktop listening on the same port?  If so it will not connect because you cannot have more than one service listining on the same port

Author

Commented:
SirtenKen - I'm connecting by IP-adress, so name resolving is not an issue. Windows firewall are disabled on the workstation, both in standard policy and domain policy.

PortQry returns:
  Querying target system called:
  10.255.254.6
  Attempting to resolve IP address to a name...
  IP address resolved to ITSERVICEBAR2
  querying...
  TCP port 3389 (unknown service): LISTENING


Brentxhange - Both use the Terminal Services service, which is listening on port 3389. And when connected on LAN, the workstation can be reached by both services, on same port, so port conflicts are not an issue.

Commented:
Actually, you can configure a different port in the 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber' registry key. Check this and make sure it is 3389 but I imagine it is seeing as you can successfully RemoteDesktop. It's just RemoteAssistance you are having trouble with.

You also need to check on the client that

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fAllowToGetHelp=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections=0

Which is the same as manually checking the boxes in My Computer Properties/Remote.


Author

Commented:
rbowall - those keys are set by group policy, and remote assistance works fine when I'm on our LAN but not by VPN. Terminal Services is listening on port 3389.
Krak-ITP,
Are you able to use Gencontrol? This may be an alternative for offering Remote assistance, since you can see what the user is doing and take over as needed.
http://www.gensortium.com/products/gencontrol.html
Are you having trouble sending the emails that a user replys to in order to accept the assistance session, or you don't even get that far?
Ken

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
SirtenKen - I will try the software tomorrow, but I would really like to use the services available in Windows already instead of 3rd party software. I'm using unsolicited remote assistance, so the user is not requesting assistance by e-mail or MSN Messenger - which, again, is working on the LAN but not from VPN.

Commented:
Have you determined whether the problem is the laptop itself or the connection? You could save hours of troubleshooting time by trying another machine at the same network location as the problem machine. Then we can focus on the machine or the network/firewall.

Author

Commented:
rbowall - I have tried another machine with a fresh install of XP, but it is the same problem. When I try ot initiate the remote assistance session I turn on monitoring on the ISA server, on which the VPN is served, and no traffic is marked as blocked or not allowed.

Maybe I could try some packet-sniffing utililty on the machine that are supposed to be controlled remotely, and compare the incoming packets on both LAN and VPN. Do you know how to perform such a test?

Commented:
Yes, that will be the next step as it looks more like a netwok problem. Go to www.ethereal.com and download. You will also need to install WinPCap (Windows Packet Capture), which is an NDIS intermediate driver, installed as a protocol. I believe this is packaged in the setup file from the ethereal website. Have a play with it - it is fairly straight forward - then test on both the client and the server. In both cases (RD/RA), the connection should be initiated from your PC on the LAN (client) and received at the remote computer (server). What VPM product are you using?

Author

Commented:
SirtenKen - I've tried the program and it's brilliant :) It has all the great things xVNC has, and the ability to connect by IP. Goodbye Remote Assistance.

Thanks for all your input.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.