baleman2
asked on
Remote Desktop cannot connect
We have a LAN consisting of a Windows 2003 Server and 6 Windows XP Pro Tower PC's. A Netgear ProSafe FVX336G router handles local traffic as well as incoming connections from end users who wish to connect to our network via Remote Desktop Connection. This router sits "behind" our ISP's device. Our ISP has given us a Static IP address which is used by our "outside" employees to gain access.
I have no problem gaining access to our server with this Static IP. Once in the server I can gain access to individual computers on our LAN by using Remote Desktop Connection on the server. Each individual PC has been given it's own listening port and port forwarding has been setup and configured in the Netgear Router.
From the outside world, our Server is reached by RDC as follows:
ISP's Static IP Address: xxx.xxx.xxx.xxx:3389 (reaches Server Desktop)
From the outside world, the 1st PC on the LAN should be reached by RDC as follows:
ISP's Static IP Address: xxx.xxx.xxx.xxx:3390 (does not work)
This would indicate to me that I have a problem with port forwarding in the Netgear. However, whenever I reach the Server's desktop successfully, I am able to use RDC on the Server and reach the PC's on the LAN by keying in our LAN's addressing scheme with the listening port of the PC as in: 192.168.5.101:3390
What makes this all the more confusing is that from the Server I can reach all PC's on the LAN as described in the above paragraph with the exception of one PC. . . and that PC is configured exactly as all other PC's on the LAN.
I'm offering tech support to this small company and am following someone else's setup of this LAN and router. This type of setup is not new to me but these problems are confusing me to no end.
Please advise.
I have no problem gaining access to our server with this Static IP. Once in the server I can gain access to individual computers on our LAN by using Remote Desktop Connection on the server. Each individual PC has been given it's own listening port and port forwarding has been setup and configured in the Netgear Router.
From the outside world, our Server is reached by RDC as follows:
ISP's Static IP Address: xxx.xxx.xxx.xxx:3389 (reaches Server Desktop)
From the outside world, the 1st PC on the LAN should be reached by RDC as follows:
ISP's Static IP Address: xxx.xxx.xxx.xxx:3390 (does not work)
This would indicate to me that I have a problem with port forwarding in the Netgear. However, whenever I reach the Server's desktop successfully, I am able to use RDC on the Server and reach the PC's on the LAN by keying in our LAN's addressing scheme with the listening port of the PC as in: 192.168.5.101:3390
What makes this all the more confusing is that from the Server I can reach all PC's on the LAN as described in the above paragraph with the exception of one PC. . . and that PC is configured exactly as all other PC's on the LAN.
I'm offering tech support to this small company and am following someone else's setup of this LAN and router. This type of setup is not new to me but these problems are confusing me to no end.
Please advise.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This particular Netgear is a bit different than entry level routers, so I've had to educate myself "on the fly". I see no other port mapping. I see only the following configuration on the router:
Security-->Services:
Under this tab is a "Services" table that is set up. Each line item has a name (computer name), Type (TCP), Start Port (listening port), Finish Port (same listening port), and Priority (Normal-Service).
From there, you go to:
Security-->Firewall:
Under this tab you can see "Inbound Services" and there is a corresponding line item entry for the "Services" entered above. It is here that the LAN IP address for each PC on the network is entered. It is also in this entry screen that you check/uncheck a block labeled "Translate to Port Number". Some of the entries have that block checked - some do not. It doesn't seem to make a difference because all can be reached with the exception of the problem PC.
Internal machines are using only Windows Firewall. After adding the different listening ports via the System Registry on each PC, I added the appropriate port under the "Exception" tab in the Windows Firewall.
As a support tech, It's not an impossible situation if I first RDC into the server and then RDC from there to the PC on the LAN that I need to look at; but, it would certainly be a lot easier if the router's port forwarding would just pass me through. But, we have a third party vendor who needs to access the(1) PC that so far cannot be reached no matter what I try. I really don't want to allow them access to the Server in order to RDC to that (1) PC they must reach.
Security-->Services:
Under this tab is a "Services" table that is set up. Each line item has a name (computer name), Type (TCP), Start Port (listening port), Finish Port (same listening port), and Priority (Normal-Service).
From there, you go to:
Security-->Firewall:
Under this tab you can see "Inbound Services" and there is a corresponding line item entry for the "Services" entered above. It is here that the LAN IP address for each PC on the network is entered. It is also in this entry screen that you check/uncheck a block labeled "Translate to Port Number". Some of the entries have that block checked - some do not. It doesn't seem to make a difference because all can be reached with the exception of the problem PC.
Internal machines are using only Windows Firewall. After adding the different listening ports via the System Registry on each PC, I added the appropriate port under the "Exception" tab in the Windows Firewall.
As a support tech, It's not an impossible situation if I first RDC into the server and then RDC from there to the PC on the LAN that I need to look at; but, it would certainly be a lot easier if the router's port forwarding would just pass me through. But, we have a third party vendor who needs to access the(1) PC that so far cannot be reached no matter what I try. I really don't want to allow them access to the Server in order to RDC to that (1) PC they must reach.
"Translate to Port Number" is certainly performing port mapping - e.g. publicIP:3390 to locaIP1:3389. As long as you keep public and private port the same there is no use for it. However, that page "Security -->Firewall" might allow you to change the port mapping, and that again might allow you to use the port forwarding.
Regarding Windows Firewall, you need to allow public access to the RDP port(s). By default only the local network has access.
Regarding Windows Firewall, you need to allow public access to the RDP port(s). By default only the local network has access.
ASKER
How do I make the suggested change regarding "public access" to the RDP port(s)?
Before we go into more detail, I would just check without the firewall being active - to make sure it is indeed the issue here.
ASKER
I won't be onsite again until tomorrow afternoon. Will turn Windows Firewall off at that time and report back.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, Fellas
Certain that all points should have gone to raoool?
For the single machine not working at all I would first check if it listens to the specified RDP port (running netstat -an | find "YourRDPPortHere"). And then check Windows Firewall.