Remote Desktop cannot connect

baleman2
baleman2 used Ask the Experts™
on
We have a LAN consisting of a Windows 2003 Server and 6 Windows XP Pro Tower PC's.  A Netgear ProSafe FVX336G router handles local traffic as well as incoming connections from end users who wish to connect to our network via Remote Desktop Connection.  This router sits "behind" our ISP's device.  Our ISP has given us a Static IP address which is used by our "outside" employees to gain access.  

I have no problem gaining access to our server with this Static IP.  Once in the server I can gain access to individual computers on our LAN by using Remote Desktop Connection on the server.  Each individual PC has been given it's own listening port and port forwarding has been setup and configured in the Netgear Router.

From the outside world, our Server is reached by RDC as follows:
      ISP's Static IP Address:         xxx.xxx.xxx.xxx:3389 (reaches Server Desktop)
From the outside world, the 1st PC on the LAN should be reached by RDC as follows:
      ISP's Static IP Address:         xxx.xxx.xxx.xxx:3390 (does not work)

This would indicate to me that I have a problem with port forwarding in the Netgear.  However, whenever I reach the Server's desktop successfully, I am able to use RDC on the Server and reach the PC's on the LAN by keying in our LAN's addressing scheme with the listening port of the PC as in:       192.168.5.101:3390

What makes this all the more confusing is that from the Server I can reach all PC's on the LAN as described in the above paragraph with the exception of one PC. . . and that PC is configured exactly as all other PC's on the LAN.        

I'm offering tech support to this small company and am following someone else's setup of this LAN and router.  This type of setup is not new to me but these problems are confusing me to no end.

Please advise.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
Is there any other port mapping going on in the Netgear? (DMZ host config?) I'd review those setting and assure only the specific incoming port and destination machine/port are mapped. What firewall are you running on the internal machines? If using WinXP firewall, you'll need to set exceptions explicitly to the appropriate port - or set the new port first in the registry before allowing the inbound RDP rule). The one machine not working on the private addresses is interesting. Any errors in Event log at either end or just not finding someone to answer?.
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
For the "other" machines, I agree to raoool.
For the single machine not working at all I would first check if it listens to the specified RDP port (running netstat -an | find "YourRDPPortHere"). And then check Windows Firewall.

Author

Commented:
This particular Netgear is a bit different than entry level routers, so I've had to educate myself "on the fly".  I see no other port mapping.  I see only the following configuration on the router:
Security-->Services:
      Under this tab is a "Services" table that is set up.  Each line item has a name (computer name), Type (TCP), Start Port (listening port), Finish Port (same listening port), and Priority (Normal-Service).

From there, you go to:
Security-->Firewall:
     Under this tab you can see "Inbound Services" and there is a corresponding line item entry for the "Services" entered above.  It is here that the LAN IP address for each PC on the network is entered.  It is also in this entry screen that you check/uncheck a block labeled "Translate to Port Number".  Some of the entries have that block checked - some do not.  It doesn't seem to make a difference because all can be reached with the exception of the problem PC.

Internal machines are using only Windows Firewall.  After adding the different listening ports via the System Registry on each PC, I added the appropriate port under the "Exception" tab in the Windows Firewall.

As a support tech, It's not an impossible situation if I first RDC into the server and then RDC from there to the PC on the LAN that I need to look at; but, it would certainly be a lot easier if the router's port forwarding would just pass me through.  But, we have a third party vendor who needs to access the(1) PC that so far cannot be reached no matter what I try.  I really don't want to allow them access to the Server in order to RDC to that (1) PC they must reach.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
"Translate to Port Number" is certainly performing port mapping - e.g.  publicIP:3390 to locaIP1:3389. As long as you keep public and private port the same there is no use for it. However, that page "Security -->Firewall" might allow you to change the port mapping, and that again might allow you to use the port forwarding.

Regarding Windows Firewall, you need to allow public access to the RDP port(s). By default only the local network has access.

Author

Commented:
How do I make the suggested change regarding "public access" to the RDP port(s)?
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
Before we go into more detail, I would just check without the firewall being active - to make sure it is indeed the issue here.

Author

Commented:
I won't be onsite again until tomorrow afternoon.  Will turn Windows Firewall off at that time and report back.
Commented:
re: "Public Access" - XP firewall config via CtrlPanel -> Windows Firewall -> Exceptions -> Remote Desktop -> Edit -> Change Scope
(that defaults to Any but perhaps your predessor limited it to LAN)

...and no other entries on the router that might conflict? on the one machine not working, maybe try a different port see if it's a conflict with some other service?

In ... while you're there mode, have had situations like this where it SHOULD work and doesn't. First thing Netgear will tell you is update firmware; if that doesn't help - factory reset and start over. (Mixed results saving configs and restoring to updated firmware but might try that if model/firmware rev permits and config has a lot of other rules that would take alot of time to re-create).

(another hint: grab screens of configs. Their firmware updates sometimes modify menus presenting very different paths to the same basic parameters).

Author

Commented:
Thanks, Fellas
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
Certain that all points should have gone to raoool?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial