Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 657
  • Last Modified:

Why can't I remote desktop into my home computer?

I have two laptops in my home network.  One is older, and everything works great.  I can remote desktop into it, just fine.  The new computer is setup and I am able to remote desktop into the new laptop from the old laptop.  However, when I point the router to the new computer's IP address, I cannot seem to remote desktop into the new laptop.

Any assistance is greatly appreciated!

The old laptop is Vista, the new one is Windows 7.  Again, in the private, local network, I can remote desktop into either.  On the router, I have to stop forwarding for Remote Desktop to the old one, then forward to the new one.  The router appears to be setup correctly, yet when I try to remote in, I can't get a connection, after repointing the router.

Thanks!

Dave
0
dlmille
Asked:
dlmille
  • 10
  • 5
  • 4
  • +4
4 Solutions
 
yo_beeDirector of ITCommented:
What version of W7 are you on?
W7 home does not support RDP.
0
 
awarren85Commented:
Just for kicks, you may want to repoint the router using an different port, see what results you get.  For instance,

Router (TCP 3389 - Inbound)   --->  Old Laptop (TCP 3389 - Remote Desktop - Outbound)
Router (TCP 3390 - Inbound)   --->  New Laptop (TCP 3389 - Remote Desktop - Outbound)

Then, from outside the network, use  <public ip address>:3390 to remote desktop into the new laptop, and just the <public ip address> for the old laptop, or vice-versa of course.

As for the non-working part, the Windows Firewall on Windows 7 is alot smarter, you may want to just disable it for a short period to see if that's the issue.  Also, you can try taking Remote Desktop into its "less secure" mode (Right-Click on My Computer, go to Properties, then Remote Settings, and choose "Allow Connections from computers running any version of Remote Desktop (less secure)" to see if that may be an issue.

Thanks.
0
 
wantabe2Commented:
make sure all three firewalls are off on the Win 7 computer. I recomend using www.logmein.com
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
dlmilleAuthor Commented:
I redirected the router to 3390 on my 2WIRE router.  See attached images, but I believe this was done, correctly.

The fact that I can RDP in inside the local network implies that the appropriate firewall actions are done correctly, is this not true? router1 router2
However, when I get the chance, I'll disable the firewalls and test, again.  It might be tomorrow.

Dave
0
 
asiduCommented:
0
 
asiduCommented:
Check your 2 wire firewall settings for the machine in question.
Tthe 2 wire firewall setting you should map 3389 - 3390 back to 3389 - 3390.

Your setting is from 2 wire 3390 to 3389(your machine)

I think this could be an issue which does not allow you to access from remote

So ideally it should be 3389 to 3389

if you want to have a range then

2wire 3389-3390   to 3389- 3390on your computer.


0
 
dlmilleAuthor Commented:
My understanding from awarren85 was to make router changes as follows:

Router (TCP 3389 - Inbound)   --->  Old Laptop (TCP 3389 - Remote Desktop - Outbound)
Router (TCP 3390 - Inbound)   --->  New Laptop (TCP 3389 - Remote Desktop - Outbound)

I believe the suggestion was such that I could keep my old laptop with its RDP capabilities from broadband, and use 3390 as the port of choice for the new laptop, where the new laptop remains at 3389 but the router picks up 3390 and routes it to my new laptop's 3389 port.  I think I have that straight in my mind.

Thus, the 3390 is caught inbound at the router and sent to host 3389.  That's what I'm seeing in the image.   I'm having trouble correlating your comments to these directions...

Dave
0
 
asiduCommented:
Sorry Dave for my oversight of the post by awarren85, that arrangement is fine. It should work.

So to access your new laptop from remote you have to make sure that you
call on the port 3390 only then you will be able to access it.
If not your packets will go to the old laptop.

0
 
asiduCommented:
From the exterior remote machine you should access connect to the new laptop as
follows :-

XXX.XXX.XXX.XXX:3390

Where XXX.XXX.XXX.XXX is the IP address of the 2wire which you obtained
from your carrier.
0
 
dlmilleAuthor Commented:
It didn't work last time I tried.  However, my mom has shut the laptop down for some reason so have to wait till it comes back up (I'm actually providing remote support - the dutiful son!).  At any rate, I'll shutdown her firewalls and try again, tomorrow.

I can access the old laptop from here and remote in to her new laptop from the old laptop - and administer the router, etc...

Dave
0
 
dlmilleAuthor Commented:
Wow - this port redirection at the router is pretty neat.  I just tried it out on my router (dlink) and from my mom's network was able to RDP in to a public port, e.g., 3400 and it went right to my machine here.  I had to do the virtual server thing on the dlink.

If I've done that correctly in the 2WIRE router (I can't validate that as its not working as yet), then the rest of the problem is on the new laptop.  Again, tomorrow...

Dave
0
 
HostOneCommented:
Hi Dave.

Windows 7 Has 3 "levels" of firewall. Public, Private and Domain. You will need to ensure that port 3389 TCP is open on *all 3*, not just on private (ignore domain if you don't have one). If you have opened it on private only (which is the default action for opening any port in the simple interface of Win7 Firewall), it sill will not accept a connection from a different network (i.e. the internet).

In the simple view, go to "allow a program or feature through the firewall" and ensure all three (or two if no domain) boxes are ticked next to remote desktop protocol.

Also ensure you don't have any other security based programs (anti virus with added internet security for example) that are interfering.

From the outside, you should be able to, at a command prompt, type:
telnet <your_ip> 3389 (or 3390 as the case may be) and see what the response is. If it's a black screen, all is good. If it's a timeout, then there is no route to your RDP and you have a firewall or connectivity issue.
0
 
yo_beeDirector of ITCommented:
Dave you never answered my question about the version you are running.
Can you confirm this.  You might be doing this all for nothing.

One thing to try if the above question is false.
Can you confirm whether you can even connect from Vista to W7 while internal and vice-versa.
Note: Please leave the port number as the default on both computers.

0
 
yo_beeDirector of ITCommented:
Also I noticed that there is a lot of talk about port 3390 (which in not the default port 3389).
Was this even changed on the Windows 7 machine? If not the link below will describe how to change.  If you decide to change it you will need to test internally first.  example: xxx.xxx.xxx.xxx:3390  as ASIDU mentioned.
http://support.microsoft.com/kb/306759

Also if you have various levels of the firewalls set (As HostOne stated.)
Here is a good documentation of windows 7 Firewall settings. Lots of images and details.  
http://www.techtalkz.com/windows-7/515977-how-configure-windows-firewall-windows-7-a.html

0
 
HostOneCommented:
Yo_bee, he's doing a redirect on the router from 3390 (external) to 3389 (internal), so the Win7 box is still answering on 3389. No need to change the port on the PC.

One other thing to try is to delete the original record of 3389 on the router, restart it, then recreate it. I've no idea what brand of modem that is in the images above but I have seen some cheap modems fail to let got of NAT settings in the past.
0
 
yo_beeDirector of ITCommented:
@HostOne

Thanks for that piece of info.

Can you answer whether he is on Home or Pro?
0
 
HostOneCommented:
I would have to assume he's using enterprise, professional or ultimate, as he has RDP running on it - he states he can connect to it inside his LAN via RDP - just not from outside his LAN. It's possible he's hacked Windows 7 Home Premium to run RDP but the odds aren't in favour of that.
0
 
yo_beeDirector of ITCommented:
ok

0
 
dlmilleAuthor Commented:
I would like to NOT delete the 3389 route unless I have to, otherwise I'd need to get someone on the otherside to set it back, if it doesn't work.  I'm not sure you can remotely administer the 2Wire gateway.  I have to access the machine that 3389 is forwarded to to administer the router and make changes to the new laptop.

Windows 7 Ultimate.  version should not be the problem...
0
 
awarren85Commented:
What version of Windows are you using to do the remote desktop from?  Basically what is the PC that's outside the network remoting in?  Does it have the newer Remote Desktop Client update loaded (it's needed if it's XP, Vista/Windows 7 should already have the new Client).
0
 
dlmilleAuthor Commented:
I tried from both a Windows 7 and a Vista machine.  Neither worked.
0
 
James HIT DirectorCommented:
Router (TCP 3389 - Inbound)   --->  Old Laptop (TCP 3389 - Remote Desktop - Outbound)
Router (TCP 3390 - Inbound)   --->  New Laptop (TCP 3389 - Remote Desktop - Outbound)

This will NOT work.

You cannot simply redirect the 3390 to another PC listening on a different port, especially since you already have a rule where one is listening on the same port.
You will be required to modify the new Laptop to 3390 or change the old laptop to 3390 INTERNALLY, otherwise you are just running around in circles and wasting time.

Old laptop : listening RDP 3389
New Laptop: listening RDP 3390

RDP: 123.123.123.123:3390 (new laptop)
RDP: 123.123.123.123 (old laptop)
0
 
awarren85Commented:
@Spartan_1337, actually this works pretty well.  The router listens on both ports 3389 and 3390.  Traffic that hits 3389 gets redirected to (for example) 192.168.1.1:3389, traffic that hits 3390 gets redirected to (again for example) 192.168.1.2:3389.

The router isn't "listening" on the same port, the computers are.  The router is listening on ports 3389 and 3390 (internet WAN side).

--------------------------

@dlmille -- did you try disabling completely the windows firewall on the Windows 7 new laptop machine?  Also, perhaps re-verify that it's internal IP address is correct?  I feel like this will be something weird -- since it works internally it has to work externally.  

Maybe something with the 2wire modem/router itself?  Can you turn it's firewall of temporarily just to try to isolate the issue?
0
 
dlmilleAuthor Commented:
Sure it works - I tried it on my dlink on another network.  Pretty neat

I have as yet to disable - I'm waiting on someone to bring that laptop online so I can do that.

I did try (one of my first attempts) to create a DMZ (all ports forwarded) to the new laptop to no avail.  I don't know how to drop the routers fireall, altogether, other than this method.

I'll check the addressing when I can.  I recall on ipconfig, that I only saw the IPv6 address (which looks like gobblygook), however, the router thinks it has an IPv4 address - at least in the router summary, it shows that PC with that laptop and 3390 port forwarded to it (so maybe it does?).  Could this be an issue?

Dave
0
 
awarren85Commented:
Usually both IPv6 and IPv4 are enabled.  ipconfig should show both.  With DMZ, that's probably the best you can do and it's pretty close to "disabling the firewall".

Let us know about disabling the local firewall.  I think it's able to differentiate between local traffic and Internet traffic and might be blocking Internet while allowing local.

Thanks.
0
 
dlmilleAuthor Commented:
Voila!  It worked.  Just needed (not quite sure why) to select the Remote Desktop Service with a checkbox (it was there but wasn't checked) in the McAffee firewall (after I had gotten it to work after turning the firewall off for a short period).  I logged off then connected remotely and logged back in successfully.

It was the firewall at the new laptop, and the new learning about redirection (so I could continue to administrate at 3389 while testing 3390->3389 new laptop) that helped.

Thanks for everyone's help.  Most of the points are based on my comment, above!

Cheers,

Dave
0
 
dlmilleAuthor Commented:
Everyone's comments were great, but they built on the foundation of awarren's comments.  I only had to drop the firewall for success, then set McAfee to allow port 3389 to all pc's (not just work/home).  That's new language for me.  Never noticed there were 3 firewalls, but appreciate the comments for future.
0
 
dlmilleAuthor Commented:
I'm asking a related question, re: enabling this new laptop to VPN to my home network.

Cheers,

Dave
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

  • 10
  • 5
  • 4
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now