Solved

Why can't I remote desktop into my home computer?

Posted on 2011-09-05
28
633 Views
Last Modified: 2012-08-14
I have two laptops in my home network.  One is older, and everything works great.  I can remote desktop into it, just fine.  The new computer is setup and I am able to remote desktop into the new laptop from the old laptop.  However, when I point the router to the new computer's IP address, I cannot seem to remote desktop into the new laptop.

Any assistance is greatly appreciated!

The old laptop is Vista, the new one is Windows 7.  Again, in the private, local network, I can remote desktop into either.  On the router, I have to stop forwarding for Remote Desktop to the old one, then forward to the new one.  The router appears to be setup correctly, yet when I try to remote in, I can't get a connection, after repointing the router.

Thanks!

Dave
0
Comment
Question by:dlmille
  • 10
  • 5
  • 4
  • +4
28 Comments
 
LVL 21

Expert Comment

by:yo_bee
ID: 36486289
What version of W7 are you on?
W7 home does not support RDP.
0
 
LVL 2

Accepted Solution

by:
awarren85 earned 400 total points
ID: 36486295
Just for kicks, you may want to repoint the router using an different port, see what results you get.  For instance,

Router (TCP 3389 - Inbound)   --->  Old Laptop (TCP 3389 - Remote Desktop - Outbound)
Router (TCP 3390 - Inbound)   --->  New Laptop (TCP 3389 - Remote Desktop - Outbound)

Then, from outside the network, use  <public ip address>:3390 to remote desktop into the new laptop, and just the <public ip address> for the old laptop, or vice-versa of course.

As for the non-working part, the Windows Firewall on Windows 7 is alot smarter, you may want to just disable it for a short period to see if that's the issue.  Also, you can try taking Remote Desktop into its "less secure" mode (Right-Click on My Computer, go to Properties, then Remote Settings, and choose "Allow Connections from computers running any version of Remote Desktop (less secure)" to see if that may be an issue.

Thanks.
0
 
LVL 15

Assisted Solution

by:wantabe2
wantabe2 earned 33 total points
ID: 36486299
make sure all three firewalls are off on the Win 7 computer. I recomend using www.logmein.com
0
 
LVL 41

Author Comment

by:dlmille
ID: 36486546
I redirected the router to 3390 on my 2WIRE router.  See attached images, but I believe this was done, correctly.

The fact that I can RDP in inside the local network implies that the appropriate firewall actions are done correctly, is this not true? router1 router2
However, when I get the chance, I'll disable the firewalls and test, again.  It might be tomorrow.

Dave
0
 
LVL 12

Assisted Solution

by:asidu
asidu earned 67 total points
ID: 36486550
0
 
LVL 12

Expert Comment

by:asidu
ID: 36486586
Check your 2 wire firewall settings for the machine in question.
Tthe 2 wire firewall setting you should map 3389 - 3390 back to 3389 - 3390.

Your setting is from 2 wire 3390 to 3389(your machine)

I think this could be an issue which does not allow you to access from remote

So ideally it should be 3389 to 3389

if you want to have a range then

2wire 3389-3390   to 3389- 3390on your computer.


0
 
LVL 41

Author Comment

by:dlmille
ID: 36486621
My understanding from awarren85 was to make router changes as follows:

Router (TCP 3389 - Inbound)   --->  Old Laptop (TCP 3389 - Remote Desktop - Outbound)
Router (TCP 3390 - Inbound)   --->  New Laptop (TCP 3389 - Remote Desktop - Outbound)

I believe the suggestion was such that I could keep my old laptop with its RDP capabilities from broadband, and use 3390 as the port of choice for the new laptop, where the new laptop remains at 3389 but the router picks up 3390 and routes it to my new laptop's 3389 port.  I think I have that straight in my mind.

Thus, the 3390 is caught inbound at the router and sent to host 3389.  That's what I'm seeing in the image.   I'm having trouble correlating your comments to these directions...

Dave
0
 
LVL 12

Expert Comment

by:asidu
ID: 36486670
Sorry Dave for my oversight of the post by awarren85, that arrangement is fine. It should work.

So to access your new laptop from remote you have to make sure that you
call on the port 3390 only then you will be able to access it.
If not your packets will go to the old laptop.

0
 
LVL 12

Assisted Solution

by:asidu
asidu earned 67 total points
ID: 36486696
From the exterior remote machine you should access connect to the new laptop as
follows :-

XXX.XXX.XXX.XXX:3390

Where XXX.XXX.XXX.XXX is the IP address of the 2wire which you obtained
from your carrier.
0
 
LVL 41

Author Comment

by:dlmille
ID: 36486697
It didn't work last time I tried.  However, my mom has shut the laptop down for some reason so have to wait till it comes back up (I'm actually providing remote support - the dutiful son!).  At any rate, I'll shutdown her firewalls and try again, tomorrow.

I can access the old laptop from here and remote in to her new laptop from the old laptop - and administer the router, etc...

Dave
0
 
LVL 41

Author Comment

by:dlmille
ID: 36486737
Wow - this port redirection at the router is pretty neat.  I just tried it out on my router (dlink) and from my mom's network was able to RDP in to a public port, e.g., 3400 and it went right to my machine here.  I had to do the virtual server thing on the dlink.

If I've done that correctly in the 2WIRE router (I can't validate that as its not working as yet), then the rest of the problem is on the new laptop.  Again, tomorrow...

Dave
0
 
LVL 4

Expert Comment

by:HostOne
ID: 36487432
Hi Dave.

Windows 7 Has 3 "levels" of firewall. Public, Private and Domain. You will need to ensure that port 3389 TCP is open on *all 3*, not just on private (ignore domain if you don't have one). If you have opened it on private only (which is the default action for opening any port in the simple interface of Win7 Firewall), it sill will not accept a connection from a different network (i.e. the internet).

In the simple view, go to "allow a program or feature through the firewall" and ensure all three (or two if no domain) boxes are ticked next to remote desktop protocol.

Also ensure you don't have any other security based programs (anti virus with added internet security for example) that are interfering.

From the outside, you should be able to, at a command prompt, type:
telnet <your_ip> 3389 (or 3390 as the case may be) and see what the response is. If it's a black screen, all is good. If it's a timeout, then there is no route to your RDP and you have a firewall or connectivity issue.
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 36488064
Dave you never answered my question about the version you are running.
Can you confirm this.  You might be doing this all for nothing.

One thing to try if the above question is false.
Can you confirm whether you can even connect from Vista to W7 while internal and vice-versa.
Note: Please leave the port number as the default on both computers.

0
 
LVL 21

Expert Comment

by:yo_bee
ID: 36488108
Also I noticed that there is a lot of talk about port 3390 (which in not the default port 3389).
Was this even changed on the Windows 7 machine? If not the link below will describe how to change.  If you decide to change it you will need to test internally first.  example: xxx.xxx.xxx.xxx:3390  as ASIDU mentioned.
http://support.microsoft.com/kb/306759

Also if you have various levels of the firewalls set (As HostOne stated.)
Here is a good documentation of windows 7 Firewall settings. Lots of images and details.  
http://www.techtalkz.com/windows-7/515977-how-configure-windows-firewall-windows-7-a.html

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 4

Expert Comment

by:HostOne
ID: 36488267
Yo_bee, he's doing a redirect on the router from 3390 (external) to 3389 (internal), so the Win7 box is still answering on 3389. No need to change the port on the PC.

One other thing to try is to delete the original record of 3389 on the router, restart it, then recreate it. I've no idea what brand of modem that is in the images above but I have seen some cheap modems fail to let got of NAT settings in the past.
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 36488392
@HostOne

Thanks for that piece of info.

Can you answer whether he is on Home or Pro?
0
 
LVL 4

Expert Comment

by:HostOne
ID: 36488425
I would have to assume he's using enterprise, professional or ultimate, as he has RDP running on it - he states he can connect to it inside his LAN via RDP - just not from outside his LAN. It's possible he's hacked Windows 7 Home Premium to run RDP but the odds aren't in favour of that.
0
 
LVL 21

Expert Comment

by:yo_bee
ID: 36488453
ok

0
 
LVL 41

Author Comment

by:dlmille
ID: 36491315
I would like to NOT delete the 3389 route unless I have to, otherwise I'd need to get someone on the otherside to set it back, if it doesn't work.  I'm not sure you can remotely administer the 2Wire gateway.  I have to access the machine that 3389 is forwarded to to administer the router and make changes to the new laptop.

Windows 7 Ultimate.  version should not be the problem...
0
 
LVL 2

Expert Comment

by:awarren85
ID: 36491380
What version of Windows are you using to do the remote desktop from?  Basically what is the PC that's outside the network remoting in?  Does it have the newer Remote Desktop Client update loaded (it's needed if it's XP, Vista/Windows 7 should already have the new Client).
0
 
LVL 41

Author Comment

by:dlmille
ID: 36491588
I tried from both a Windows 7 and a Vista machine.  Neither worked.
0
 
LVL 17

Expert Comment

by:Spartan_1337
ID: 36491642
Router (TCP 3389 - Inbound)   --->  Old Laptop (TCP 3389 - Remote Desktop - Outbound)
Router (TCP 3390 - Inbound)   --->  New Laptop (TCP 3389 - Remote Desktop - Outbound)

This will NOT work.

You cannot simply redirect the 3390 to another PC listening on a different port, especially since you already have a rule where one is listening on the same port.
You will be required to modify the new Laptop to 3390 or change the old laptop to 3390 INTERNALLY, otherwise you are just running around in circles and wasting time.

Old laptop : listening RDP 3389
New Laptop: listening RDP 3390

RDP: 123.123.123.123:3390 (new laptop)
RDP: 123.123.123.123 (old laptop)
0
 
LVL 2

Expert Comment

by:awarren85
ID: 36491686
@Spartan_1337, actually this works pretty well.  The router listens on both ports 3389 and 3390.  Traffic that hits 3389 gets redirected to (for example) 192.168.1.1:3389, traffic that hits 3390 gets redirected to (again for example) 192.168.1.2:3389.

The router isn't "listening" on the same port, the computers are.  The router is listening on ports 3389 and 3390 (internet WAN side).

--------------------------

@dlmille -- did you try disabling completely the windows firewall on the Windows 7 new laptop machine?  Also, perhaps re-verify that it's internal IP address is correct?  I feel like this will be something weird -- since it works internally it has to work externally.  

Maybe something with the 2wire modem/router itself?  Can you turn it's firewall of temporarily just to try to isolate the issue?
0
 
LVL 41

Author Comment

by:dlmille
ID: 36491711
Sure it works - I tried it on my dlink on another network.  Pretty neat

I have as yet to disable - I'm waiting on someone to bring that laptop online so I can do that.

I did try (one of my first attempts) to create a DMZ (all ports forwarded) to the new laptop to no avail.  I don't know how to drop the routers fireall, altogether, other than this method.

I'll check the addressing when I can.  I recall on ipconfig, that I only saw the IPv6 address (which looks like gobblygook), however, the router thinks it has an IPv4 address - at least in the router summary, it shows that PC with that laptop and 3390 port forwarded to it (so maybe it does?).  Could this be an issue?

Dave
0
 
LVL 2

Expert Comment

by:awarren85
ID: 36491727
Usually both IPv6 and IPv4 are enabled.  ipconfig should show both.  With DMZ, that's probably the best you can do and it's pretty close to "disabling the firewall".

Let us know about disabling the local firewall.  I think it's able to differentiate between local traffic and Internet traffic and might be blocking Internet while allowing local.

Thanks.
0
 
LVL 41

Author Comment

by:dlmille
ID: 36492710
Voila!  It worked.  Just needed (not quite sure why) to select the Remote Desktop Service with a checkbox (it was there but wasn't checked) in the McAffee firewall (after I had gotten it to work after turning the firewall off for a short period).  I logged off then connected remotely and logged back in successfully.

It was the firewall at the new laptop, and the new learning about redirection (so I could continue to administrate at 3389 while testing 3390->3389 new laptop) that helped.

Thanks for everyone's help.  Most of the points are based on my comment, above!

Cheers,

Dave
0
 
LVL 41

Author Closing Comment

by:dlmille
ID: 36492726
Everyone's comments were great, but they built on the foundation of awarren's comments.  I only had to drop the firewall for success, then set McAfee to allow port 3389 to all pc's (not just work/home).  That's new language for me.  Never noticed there were 3 firewalls, but appreciate the comments for future.
0
 
LVL 41

Author Comment

by:dlmille
ID: 36492732
I'm asking a related question, re: enabling this new laptop to VPN to my home network.

Cheers,

Dave
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now