Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Remote assistance connection-problems

Posted on 2006-03-20
11
Medium Priority
?
541 Views
Last Modified: 2008-02-01
Case: I wish to offer remote assistance to the users in the company, when they are connected on our LAN or remote by VPN.

With a group policy I've allowed both Remote Desktop access (for test purposes) and Remote Assistance access to the workstation (XP), and with a group policy I made sure that the windows firewall are not preventing access between the LAN and VPN-users, as well as there are no firewall between the LAN and VPN. When testing, I connect from our domain-controller (2003) with remote desktop and remote assistance to the workstation which I wish to control remotely.

Here comes my headache:
When the workstation are connected to the LAN, I can connect via remote desktop and I can offer remote assistance - No problems. The terminal service is listening on port 3389.

When the workstation are connected from VPN, I can connect via remote desktop - but I can not offer remote assistance to the computer. The remote assistance client complains: "The remote server machine does not exist or is unavailable" - even though the service is listening on port 3389, and that I can remote desktop to the workstation, as well as I can ping to the workstation of course.

I've tried to monitor the ISA-server on which the VPN are running, and all traffic between the workstation and the domain controller is being categorized into the access rules, and all traffic are given status "Allowed"

Have you got any ideas on what is wrong here?

Thanks in advance.
0
Comment
Question by:Krak-ITP
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 9

Expert Comment

by:SirtenKen
ID: 16235655
Krak-ITP,
Are you typing in the computer name or the IP address into the remote assistance client? If you can't find the computer, but can ping it, name resolution requests may not be working.

Did you turn the windows firewall off on the workstation (connected through VPN) in question, or just put in all of the exceptions that seem to be required?

You can try using the port query tool from MS as well:
http://support.microsoft.com/default.aspx?kbid=832919

Ken
0
 
LVL 3

Expert Comment

by:Brentxhange
ID: 16235692
Are Remote assistance and Remote Desktop listening on the same port?  If so it will not connect because you cannot have more than one service listining on the same port
0
 

Author Comment

by:Krak-ITP
ID: 16235893
SirtenKen - I'm connecting by IP-adress, so name resolving is not an issue. Windows firewall are disabled on the workstation, both in standard policy and domain policy.

PortQry returns:
  Querying target system called:
  10.255.254.6
  Attempting to resolve IP address to a name...
  IP address resolved to ITSERVICEBAR2
  querying...
  TCP port 3389 (unknown service): LISTENING


Brentxhange - Both use the Terminal Services service, which is listening on port 3389. And when connected on LAN, the workstation can be reached by both services, on same port, so port conflicts are not an issue.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:rbowall
ID: 16239979
Actually, you can configure a different port in the 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber' registry key. Check this and make sure it is 3389 but I imagine it is seeing as you can successfully RemoteDesktop. It's just RemoteAssistance you are having trouble with.

You also need to check on the client that

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fAllowToGetHelp=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections=0

Which is the same as manually checking the boxes in My Computer Properties/Remote.


0
 

Author Comment

by:Krak-ITP
ID: 16244811
rbowall - those keys are set by group policy, and remote assistance works fine when I'm on our LAN but not by VPN. Terminal Services is listening on port 3389.
0
 
LVL 9

Accepted Solution

by:
SirtenKen earned 1000 total points
ID: 16247438
Krak-ITP,
Are you able to use Gencontrol? This may be an alternative for offering Remote assistance, since you can see what the user is doing and take over as needed.
http://www.gensortium.com/products/gencontrol.html
Are you having trouble sending the emails that a user replys to in order to accept the assistance session, or you don't even get that far?
Ken
0
 

Author Comment

by:Krak-ITP
ID: 16250075
SirtenKen - I will try the software tomorrow, but I would really like to use the services available in Windows already instead of 3rd party software. I'm using unsolicited remote assistance, so the user is not requesting assistance by e-mail or MSN Messenger - which, again, is working on the LAN but not from VPN.
0
 
LVL 2

Expert Comment

by:rbowall
ID: 16253558
Have you determined whether the problem is the laptop itself or the connection? You could save hours of troubleshooting time by trying another machine at the same network location as the problem machine. Then we can focus on the machine or the network/firewall.
0
 

Author Comment

by:Krak-ITP
ID: 16254648
rbowall - I have tried another machine with a fresh install of XP, but it is the same problem. When I try ot initiate the remote assistance session I turn on monitoring on the ISA server, on which the VPN is served, and no traffic is marked as blocked or not allowed.

Maybe I could try some packet-sniffing utililty on the machine that are supposed to be controlled remotely, and compare the incoming packets on both LAN and VPN. Do you know how to perform such a test?
0
 
LVL 2

Expert Comment

by:rbowall
ID: 16255648
Yes, that will be the next step as it looks more like a netwok problem. Go to www.ethereal.com and download. You will also need to install WinPCap (Windows Packet Capture), which is an NDIS intermediate driver, installed as a protocol. I believe this is packaged in the setup file from the ethereal website. Have a play with it - it is fairly straight forward - then test on both the client and the server. In both cases (RD/RA), the connection should be initiated from your PC on the LAN (client) and received at the remote computer (server). What VPM product are you using?
0
 

Author Comment

by:Krak-ITP
ID: 16256222
SirtenKen - I've tried the program and it's brilliant :) It has all the great things xVNC has, and the ability to connect by IP. Goodbye Remote Assistance.

Thanks for all your input.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
Integration Management Part 2
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question