Link to home
Create AccountLog in
Avatar of jdailey59

asked on

Remote Desktop connection on Windows 7 pro

I added a new Windows 7 Pro machine to our LAN (Windows Server 2008 R2) and am having the usual problems of trying to connect to it remotely, from outside our LAN, with Remote Desktop.

I have other machines with Windows 7 Pro and connect to them and I don't remember all the things I did on them to make it work. Of course I enabled remote connections in the properties, and I added a specific rule in for incoming traffic in the firewall on the port I'm targeting.

There is a NAT configured on the router to forward to the local machine:

      Protocol         Start Port      End Port               Local IP Address
PC1      ALL              3397            3397  
PC2      ALL              3396            3396  

For example, PC1 works, from inside the LAN if I connect to, and also if I connnect from the outside on our public static IP with : - no problem.

Here is perhaps a clue to the problem, PC2 doesn't work from the outside with, BUT - it does work from the inside with simply : and also with the hostname - without specifying the port. I have the standard RDP port, 3389, pointing to the server, and that works normally, from both the inside and outside.

So why can I connect to it on the inside without the port - if add the port it doesn't work - which is probably the same reason it doesn't work from the outside. Apart from adding a specific firewall rule for port 3396 to allow incoming traffic on that machine and enabling complete RDP access, I don't see what else I can do. I must have done something on the other machines, but I don't remember what.
Avatar of Miftaul H
Miftaul H

There are many possible solution here. I would prefer to keep the default RDP port 3389 for the pc2. And for remote access, do port forwarding with 3396 from the routers wan mapped to 3389 towards  internal pc2.

That way, when we RDP to wan IP with port 3396, it gets forwarded to pc2 default RDP port 3389.
You probably need to open the desired ports in the Windows 7 firewall.

I don't quite see how one could use the same port for remote access.  That would be a one-to-many mapping and THAT can't work.  So maybe there's another approach..?
When we rdp from outside network, we initiate the rdp to an external port that get gets mapped to internal port on the inside network.  Port forwarding can map an external port to a different internal port. Here we can forward port 3396 from the routers wan ip to pc2 ips port 3389.

For the pc1, we can forward pprt 3397 from wan to pc1 ip port 3389.

That way we are not changing default rdp ports on the pc, but using different extrrnal ports on the router to map to the same rdp port 3389 on different pc ip address.

Say wan ip with port 3397 forwards to pc1 with port 3389
Wan ip with port 3396 maps to pc2 ip port 3389.

As we see, we are not changing rdp ports on the pc but just using different ports in portforwarding.
Avatar of jdailey59


I tried setting the default RDP port 3389 as the internal port: 3396 (start port) and 3389 (end port) and got an error when trying to save:
I have a TP-LINK Wireless ADSL2+ Modem Router. But on other machines, like in my example PC1, with start port 3397 and end port 3397 it works - and it works on other PCs as well.

And I did open the desired ports on the Windows firewall - I remember that's what I did before on the other PCs where it works.

I've had this problem before, in fact everytime I add a new PC to the LAN I have this problem, but in the end I get it to work, but I don't remember what I did.

Before I had a D-Link ADSL modem router and the port forwarding on that one required the internal port to be 3389 and the external port whatever, but on the TP-Link it requires both external and internal to be the same.

Would investing in a Cisco modem router save me these headaches?
Avatar of jdailey59

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
The reason is simply because it works.

For anyone else trying connect to a Windows 7 PC on their LAN from outside of the LAN with Windows Remote Desktop:

1. NAT (port forward) in the router with the chosen port in both start and end, pointing to the internal IP of the PC you're targeting, and ALL protocols selected (although  perhaps TCP and UDP is sufficient)
(My router-modem is a TP-Link TD W895 1ND)

2. Add an incoming traffic rule for that port in the Windows firewall

3. Change the listening port for Remote Desktop in the registry

For example if you chose to it it up with port 3396 (on my modem-router I can add up to 12 NATs)
Launch mstsc.exe
To connect internally now, either : hostname:3396 or
To connect externally : your_public_static_IP:3396