[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 889
  • Last Modified:

Remote Desktop Config

I cant gte remote desktop to work externall (it works on the LAN just fine).

I have a linksys router with port forwarding set fo rport 3389 for the Ip address of this machone (192.168.1.101).
In Filters I have Bloick WAN request disabled.
Windows firewall is disabled.

It will let me telnet to the PC on the via using local machine name, but not via the external IP address.

Cant this of what to try next.  Can any expert help?
0
TL208
Asked:
TL208
  • 6
  • 6
  • 5
  • +2
1 Solution
 
Rob WilliamsCommented:
A few things to check
-You can verify the port forwarding is working correctly by going to  http://www.canyouseeme.org/  from the machine you are trying to log on to (192.168.1.101) and test for port 3389
-to confirm when trying to connect remotely you are using the WAN/Internet/public IP to connect, not the local 192.168.1.101 IP correct ? If you are not sure what this IP is again from the PC you are connecting to, go to  http://www.canyouseeme.org/  and the WAN/Public IP will be displayed
-has the router actually been assigned the public IP address. In some situations the modem is a combined modem and router. If this is the case the WAN (not LAN) connection of the Linksys will have a private IP which will be one of the following IP addresses (visible on the status page):
192.168.x.x
10.x.x.x
172-31.x.x
If so, you need to enable port forwarding also on the modem to point to the Linksys, or change the modem from NAT mode to bridge mode, which in turn requires configuring the ISP WAN connection page on the Linksys
0
 
iedenCommented:
You need to turn off the Windows Firewall Service and not just disable it.
0
 
Rob WilliamsCommented:
Windows firewall should not be an problem, where a connection can now be made from the local network. The firewall does require an exception to be enabled in order to allow traffic to pass, but it is enabled by default when "allow remote users to connect to this computer" is checked. However, if someone edited the default configuration from allowing "any" (the default)  to a specific IP or subnet, this could be an issue. That is unlikely but you can check by opening the firewall;  Control panel | Windows firewall | exceptions  The remote desktop option should be there and checked, highlight it and choose edit. In the window that opens, it should show "TCP 3389 Any".
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
bnedelcovCommented:
And it that does not work you can try a web based remote desktop like logmein.com (which is free) or gotomypc.com ....
0
 
iedenCommented:
Dameware or vnc are also free and good products for remote access.
0
 
TL208Author Commented:
1.  CanYOuSeeMe reports: Success: I can see your service on 66.65.41.77 on port (3389)  Your ISP is not blocking port 3389

2.  Windows firewall is turned off

3.  I have a Linksys wirelsss router attached to a cable modem for dsl sservice. So maybe the problem is here...
0
 
TL208Author Commented:
Logmein works fine:  I can use it to Remote Desktop from one machine to another.  So why can't I do it directly myself??
0
 
Rob WilliamsCommented:
TL208 ,
For security purposes you should ask the moderators in the community forum to remove the 66.65.x.x IP above.

Using that IP I get a response with a blank screen, no logon box:
-make sure you are connecting to the  66.65.x.x IP
-the blank screen usually means you have a screen saver enabled and you are unable to interrupt it, or power management is enabled on the network adapter. Make sure "allow the computer to turn off this device to save power" is un-check under; device manager | network adapters | your network card | properties | power management
0
 
TL208Author Commented:
Are you sure you connected to the correct IP address?

1. Longon is enabled and there is a list of users who are allowed access

2.  I can't access the machne from here, except on the LAN
0
 
iedenCommented:
I got a logon box. And a warning that only authorized users are allowed to use it.
0
 
Rob WilliamsCommented:
>>"I got a logon box. And a warning that only authorized users are allowed to use it."

-you must be a member of the remote desktop users group (administrators are by default)
-if the workstation is a member of a server 2000/2003 domain you will have one of the 2 following check boxes, depending on the version, on the "Terminal Services Profile" of the users profile in Active Directory. Make sure it is checked appropriately. "Deny the user permission to log on to any terminal server", or "Allow Logon to Terminal Server"
-make sure any other software firewalls are disabled (for test purposes), including Internet security suites if you are not sure they are configured correctly. Windows firewall configures itself, but some others such as Symantec allow local subnet connections but not public ones. If using Symantec anti-virus, the "Internet Worm Protection" can block Remote Desktop. Try disabling that as well.
-Verify the Remote Desktop User group has the rights to log on using Terminal Services.  Go to Control Panel | Administrative tools | Local Security Policy | Local Policies | User Rights Assignments ...make sure Remote Desktop Users is included in "allow logon through Terminal Services"  
0
 
TL208Author Commented:
This LAN is a wokgroup not a domain.
The user account I am using is an Administrator
I verified that the Remote Desktop User group has the rights to log on using Terminal Services

I don't understand why experts can see RD to get the login screen when i cant (except on the LAN)
0
 
TL208Author Commented:
Using PortQuery I get the following:

pinging 66.6  . . IP ...success

Error: The RPC server is unavailable.
Some possible causes for this failure:
 - the system being queried is not online
 - the network connection between this client
   and the system being queried is filtered
 - the system being queried is behind a firewall
   which is blocking the connection attempt

Ensure the target system is online and network connectivity is available.

0
 
iedenCommented:
Are you an Administrator on the PC you are trying to gain access FROM? Is there an AD GPO which prohibits remote access from the remote domain? Me thinks this problem has nothing to do with the way you have things set up on you LAN workgroup adn everything to do with the configuration of the LAN from which you are trying to access it.
0
 
enzo67Commented:
here is a dum question did you turn on remote desktop connection acceptance on your pc...  it's found by right clicking on properties of my computer on XP pro.
0
 
TL208Author Commented:
1.  I am an administrator on the machine trying to gain access.  Note that I have no problem gaining access using this machine over the LAN.
2.  Remote desktop is activated and runing ok (see point 1)

I am wondering if this has anything to do with the fact that I am trying to RD to another machine on the LAN via the WAN.  Maybe if I go find a wireless access point off the LAN altogether and try from there it will work ok....

0
 
Rob WilliamsCommented:
>>"I am wondering if this has anything to do with the fact that I am trying to RD to another machine on the LAN via the WAN."

If you are on the same LAN and trying to use the WAN IP it won't work at all, unless you have a sophisticated router and can configure a loopback. You are sending packets through the router to the Internet and asking the router to "catch them" and turn them back around to the LAN. Won't work. Try from another location. That would explain why we get the logon box.
0
 
iedenCommented:
So there are no GPO restrictions or Firewalls blocking your access over the WAN... I know where I work the Network Administrators have turned off the ability for me to browse into my home network from my desktop even though I am an Admin. Could it be that someone who has more power then yourself over the desktop via Group Policy or over the Network such as the Firewall Admin don't want users logging into their home networks from work. I know this is a big security risk and is taken into account by many Admins especially those who know that corporate secrets can leak out onto unsecured desktop connections. Since I was able to see your workstation from my workstatino and got a login screen, I can only assume that the network you are trying to reach your home LAN from is secured in a way you are not priveledged to know.
0
 
Rob WilliamsCommented:
TL208, I assume the problem was trying to connect from the local network to the public IP rather than from outside the network as I suggested above, as I see the connection is still working.
Just thought I should mention you might want to place a request in the community support forum asking them to remove you public IP address from the is question, to avoid having everyone "knocking on your door"
--Rob
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 6
  • 6
  • 5
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now