Remote Desktop connection on Windows 7 pro

I added a new Windows 7 Pro machine to our LAN (Windows Server 2008 R2) and am having the usual problems of trying to connect to it remotely, from outside our LAN, with Remote Desktop.

I have other machines with Windows 7 Pro and connect to them and I don't remember all the things I did on them to make it work. Of course I enabled remote connections in the properties, and I added a specific rule in for incoming traffic in the firewall on the port I'm targeting.

There is a NAT configured on the router to forward to the local machine:

      Protocol         Start Port      End Port               Local IP Address
PC1      ALL              3397            3397  
PC2      ALL              3396            3396  

For example, PC1 works, from inside the LAN if I connect to, and also if I connnect from the outside on our public static IP with : - no problem.

Here is perhaps a clue to the problem, PC2 doesn't work from the outside with, BUT - it does work from the inside with simply : and also with the hostname - without specifying the port. I have the standard RDP port, 3389, pointing to the server, and that works normally, from both the inside and outside.

So why can I connect to it on the inside without the port - if add the port it doesn't work - which is probably the same reason it doesn't work from the outside. Apart from adding a specific firewall rule for port 3396 to allow incoming traffic on that machine and enabling complete RDP access, I don't see what else I can do. I must have done something on the other machines, but I don't remember what.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

There are many possible solution here. I would prefer to keep the default RDP port 3389 for the pc2. And for remote access, do port forwarding with 3396 from the routers wan mapped to 3389 towards  internal pc2.

That way, when we RDP to wan IP with port 3396, it gets forwarded to pc2 default RDP port 3389.
Fred MarshallPrincipalCommented:
You probably need to open the desired ports in the Windows 7 firewall.

I don't quite see how one could use the same port for remote access.  That would be a one-to-many mapping and THAT can't work.  So maybe there's another approach..?
When we rdp from outside network, we initiate the rdp to an external port that get gets mapped to internal port on the inside network.  Port forwarding can map an external port to a different internal port. Here we can forward port 3396 from the routers wan ip to pc2 ips port 3389.

For the pc1, we can forward pprt 3397 from wan to pc1 ip port 3389.

That way we are not changing default rdp ports on the pc, but using different extrrnal ports on the router to map to the same rdp port 3389 on different pc ip address.

Say wan ip with port 3397 forwards to pc1 with port 3389
Wan ip with port 3396 maps to pc2 ip port 3389.

As we see, we are not changing rdp ports on the pc but just using different ports in portforwarding.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

jdailey59Author Commented:
I tried setting the default RDP port 3389 as the internal port: 3396 (start port) and 3389 (end port) and got an error when trying to save:
I have a TP-LINK Wireless ADSL2+ Modem Router. But on other machines, like in my example PC1, with start port 3397 and end port 3397 it works - and it works on other PCs as well.

And I did open the desired ports on the Windows firewall - I remember that's what I did before on the other PCs where it works.

I've had this problem before, in fact everytime I add a new PC to the LAN I have this problem, but in the end I get it to work, but I don't remember what I did.

Before I had a D-Link ADSL modem router and the port forwarding on that one required the internal port to be 3389 and the external port whatever, but on the TP-Link it requires both external and internal to be the same.

Would investing in a Cisco modem router save me these headaches?
jdailey59Author Commented:
I remembered what I did to get this to work - and now it works. I had to change the Remote Desktop listening port in the registry on the computer I want to connect to.

1 .Start Registry Editor.
2.  Locate and then click the following registry subkey:
3. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
4. On the Edit menu, click Modify, and then click Decimal.
5. Type the new port number, and then click OK.
6. Quit Registry Editor.
Restart the computer.

Whiich I got from here:

That's why I could connect to the PC internally with no port specified, but now I connect to it with the router's external public (and static) IP, by specifying that particular port. Of course that particular port must also be specified when connecting internally now, but that's not a problem.

For anyone else trying to do this, this is what I did:

1. NAT (port forward) in the router with the chosen port in both start and end, pointing to the internal IP of the PC you're targeting, and ALL protocols selected (although  perhaps TCP and UDP is sufficient)
(My router-modem is a TP-Link TD W895 1ND)

2. Add an incoming traffic rule for that port in the Windows firewall

3. Change the listening port for Remote Desktop in the registry

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jdailey59Author Commented:
The reason is simply because it works.

For anyone else trying connect to a Windows 7 PC on their LAN from outside of the LAN with Windows Remote Desktop:

1. NAT (port forward) in the router with the chosen port in both start and end, pointing to the internal IP of the PC you're targeting, and ALL protocols selected (although  perhaps TCP and UDP is sufficient)
(My router-modem is a TP-Link TD W895 1ND)

2. Add an incoming traffic rule for that port in the Windows firewall

3. Change the listening port for Remote Desktop in the registry

For example if you chose to it it up with port 3396 (on my modem-router I can add up to 12 NATs)
Launch mstsc.exe
To connect internally now, either : hostname:3396 or
To connect externally : your_public_static_IP:3396
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.