Remote Desktop (to a Vista PC) not connecting

We have a client with a domain server. I have set up Remote Desktop on one of the Vista PCs so that it can be accessed remotely via the Internet (broadband). However even internally I cannot access it from another PC on the same network. So I suspect something is blocking it at the PC end?

I am very familiar with RDP, aet it up successfully many times, we use it for many of our clients and I have set it up as follows:

- Altered the default port in the Registry to 3390 (instead of 3389) [for external access, as 3389 is already allocated for the server which works fine and put in port forwarding in the router]
- Allocated a fixed ip to the machine (via the MAC address and DHCP on the server)
- Ensured Remote Desktop is enabled
- Tried to connect, internally, with 'ip-adress:3390'

- Windows firewall is off (I am pretty sure)
- The PC has a domain user password
- It uses Sophos anti-virus, but I doubt is this is blocking it, not experienceSophos blocking RDP before

Is there someting I have missed or particularly different with Vista? I've connected to my Vista PC OK.

All help gratefully received

Who is Participating?
Rob WilliamsCommented:
>>"Windows firewall is off (I am pretty sure)"
If not:
When you enable remote desktop on a PC it automatically creates an exception for the service (from the same LAN). However where you have changed the listening port, if the widows firewall is enabled, you will need to make a custom exception.
On the Remote Desktop host [hereafter "Host"]:
- Use "netstat -an" to determine if anything is LISTENING on port 3390
-- if not, then remote desktop hasn't listened when you changed the port.  You probably don't need to change this port; the firewall should be able to redirect 3390 on its public IP to the Host's port 3389.

On another machine within the firewall:
- Attempt to remote desktop to the Host on 3390
-- If this fails, then there's a personal firewall blocking connections.

From outside:
- Try to telnet to that port: "telnet  firewall.public.ip  3390"
-- if you get "Connection Refused" or just a 30s pause before "Could not open connection..." then there's a firewall config issue.  Did you restart the router?
- Tried to connect, internally, with 'ip-adress:3390'

Did that work?
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

gerlisAuthor Commented:

Thanks for these suggestions. I will try them tomorrow, I'm in the UK ( I have to connect with user's assitance using our UVNC 'single-click' utility), especially the netstat command.

I cannot RDP internally (within firewall) from another PC, already tried that.
RDP with 'ip-adress:3390' didn't work.

I suspect you are right re: 'personal firewall blocking connections', but nothing else on that PC that is obviously the cause.

I'll let you know tomorrow

Thanks again


Had you restarted the service (or, heck, the whole machine) since making the registry change?

(BTW if there's nothing "LISTENING" on 3390, check 3389...)

Personally, I think you should do the TCP port translation at the firewall, and leave the port on the actual Host machine at 3389.
gerlisAuthor Commented:

Thanks. You may be right or nearly right, I will need to check this client's PC again tomorrow re: Windows firewall. I'm sure I checked the exceptions anyway, even though I am 96% certain firewall is off.

Watch this space...

Rob WilliamsCommented:
Another thing to watch with the firewall, if that is the issue, is by default it allows local connections only. You often have to edit the scope options to allow remote connections:
gerlisAuthor Commented:

PC re-started a couple of times, as I have to log in as administrator on the PC to have rights to make these changes, (could that be the issue?)

Re: router I see hat you mean, but there does not seem to be a way (Netgear DG834G) of specifying to redirected port, only specifying redirected ip address of the destination machine, presume you mean:

-> incoming (from WAN) port request for 3390  -> router/firewall -> ip-address of PC [with port 3389]

the "[with port 3389]" can't be done on a Netgear DG 834G, unless I am mistaken?
Just checked the manual for that particular router, and you're correct-- it doesn't look like it supports different public and private ports for inbound services.  A pity.
gerlisAuthor Commented:
All this is very embarrassing!

I was able to check today and the firewall was indeed, on!  I was convinced originally that it wasn't.

However I would not have realised that by using a different port (3390 instead of the default 3389) I would need to open that in the Windows firewall.

With the firewall left on and opening the port in the exceptions, it all worked fine!

So I would like to award the points to RobWill assisted by dbanttari for his/her useful information and contribution
Rob WilliamsCommented:
Don't be embarrassed, I've "been there done that" :-)  Often you just need a second pair of eyes.
Thanks gerlis.
Cheers !
gerlisAuthor Commented:

Thanks to you, too.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.