jdailey59
asked on
Remote Desktop connection on Windows 7 pro
I added a new Windows 7 Pro machine to our LAN (Windows Server 2008 R2) and am having the usual problems of trying to connect to it remotely, from outside our LAN, with Remote Desktop.
I have other machines with Windows 7 Pro and connect to them and I don't remember all the things I did on them to make it work. Of course I enabled remote connections in the properties, and I added a specific rule in for incoming traffic in the firewall on the port I'm targeting.
There is a NAT configured on the router to forward to the local machine:
Protocol Start Port End Port Local IP Address
PC1 ALL 3397 3397 192.168.16.52
PC2 ALL 3396 3396 192.168.16.29
For example, PC1 works, from inside the LAN if I connect to 192.168.16.52:3397, and also if I connnect from the outside on our public static IP with : 217.xxx.xxx.xxx:3397 - no problem.
Here is perhaps a clue to the problem, PC2 doesn't work from the outside with 217.xxx.xxx.xxx:3396, BUT - it does work from the inside with simply : 192.168.16.29 and also with the hostname - without specifying the port. I have the standard RDP port, 3389, pointing to the server, and that works normally, from both the inside and outside.
So why can I connect to it on the inside without the port - if add the port it doesn't work - which is probably the same reason it doesn't work from the outside. Apart from adding a specific firewall rule for port 3396 to allow incoming traffic on that machine and enabling complete RDP access, I don't see what else I can do. I must have done something on the other machines, but I don't remember what.
I have other machines with Windows 7 Pro and connect to them and I don't remember all the things I did on them to make it work. Of course I enabled remote connections in the properties, and I added a specific rule in for incoming traffic in the firewall on the port I'm targeting.
There is a NAT configured on the router to forward to the local machine:
Protocol Start Port End Port Local IP Address
PC1 ALL 3397 3397 192.168.16.52
PC2 ALL 3396 3396 192.168.16.29
For example, PC1 works, from inside the LAN if I connect to 192.168.16.52:3397, and also if I connnect from the outside on our public static IP with : 217.xxx.xxx.xxx:3397 - no problem.
Here is perhaps a clue to the problem, PC2 doesn't work from the outside with 217.xxx.xxx.xxx:3396, BUT - it does work from the inside with simply : 192.168.16.29 and also with the hostname - without specifying the port. I have the standard RDP port, 3389, pointing to the server, and that works normally, from both the inside and outside.
So why can I connect to it on the inside without the port - if add the port it doesn't work - which is probably the same reason it doesn't work from the outside. Apart from adding a specific firewall rule for port 3396 to allow incoming traffic on that machine and enabling complete RDP access, I don't see what else I can do. I must have done something on the other machines, but I don't remember what.
You probably need to open the desired ports in the Windows 7 firewall.
I don't quite see how one could use the same port for remote access. That would be a one-to-many mapping and THAT can't work. So maybe there's another approach..?
I don't quite see how one could use the same port for remote access. That would be a one-to-many mapping and THAT can't work. So maybe there's another approach..?
When we rdp from outside network, we initiate the rdp to an external port that get gets mapped to internal port on the inside network. Port forwarding can map an external port to a different internal port. Here we can forward port 3396 from the routers wan ip to pc2 ips port 3389.
For the pc1, we can forward pprt 3397 from wan to pc1 ip port 3389.
That way we are not changing default rdp ports on the pc, but using different extrrnal ports on the router to map to the same rdp port 3389 on different pc ip address.
Say wan ip with port 3397 forwards to pc1 with port 3389
Wan ip with port 3396 maps to pc2 ip port 3389.
As we see, we are not changing rdp ports on the pc but just using different ports in portforwarding.
For the pc1, we can forward pprt 3397 from wan to pc1 ip port 3389.
That way we are not changing default rdp ports on the pc, but using different extrrnal ports on the router to map to the same rdp port 3389 on different pc ip address.
Say wan ip with port 3397 forwards to pc1 with port 3389
Wan ip with port 3396 maps to pc2 ip port 3389.
As we see, we are not changing rdp ports on the pc but just using different ports in portforwarding.
ASKER
I tried setting the default RDP port 3389 as the internal port: 3396 (start port) and 3389 (end port) and got an error when trying to save:
ERROR: FAIL TO UPDATE DUE TO... DUPLICATE PORT NUMBER !
I have a TP-LINK Wireless ADSL2+ Modem Router. But on other machines, like in my example PC1, with start port 3397 and end port 3397 it works - and it works on other PCs as well.
And I did open the desired ports on the Windows firewall - I remember that's what I did before on the other PCs where it works.
I've had this problem before, in fact everytime I add a new PC to the LAN I have this problem, but in the end I get it to work, but I don't remember what I did.
Before I had a D-Link ADSL modem router and the port forwarding on that one required the internal port to be 3389 and the external port whatever, but on the TP-Link it requires both external and internal to be the same.
Would investing in a Cisco modem router save me these headaches?
ERROR: FAIL TO UPDATE DUE TO... DUPLICATE PORT NUMBER !
I have a TP-LINK Wireless ADSL2+ Modem Router. But on other machines, like in my example PC1, with start port 3397 and end port 3397 it works - and it works on other PCs as well.
And I did open the desired ports on the Windows firewall - I remember that's what I did before on the other PCs where it works.
I've had this problem before, in fact everytime I add a new PC to the LAN I have this problem, but in the end I get it to work, but I don't remember what I did.
Before I had a D-Link ADSL modem router and the port forwarding on that one required the internal port to be 3389 and the external port whatever, but on the TP-Link it requires both external and internal to be the same.
Would investing in a Cisco modem router save me these headaches?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The reason is simply because it works.
For anyone else trying connect to a Windows 7 PC on their LAN from outside of the LAN with Windows Remote Desktop:
1. NAT (port forward) in the router with the chosen port in both start and end, pointing to the internal IP of the PC you're targeting, and ALL protocols selected (although perhaps TCP and UDP is sufficient)
(My router-modem is a TP-Link TD W895 1ND)
2. Add an incoming traffic rule for that port in the Windows firewall
3. Change the listening port for Remote Desktop in the registry
For example if you chose to it it up with port 3396 (on my modem-router I can add up to 12 NATs)
Launch mstsc.exe
To connect internally now, either : hostname:3396 or 192.168.xxx.xxx:3396
To connect externally : your_public_static_IP:3396
For anyone else trying connect to a Windows 7 PC on their LAN from outside of the LAN with Windows Remote Desktop:
1. NAT (port forward) in the router with the chosen port in both start and end, pointing to the internal IP of the PC you're targeting, and ALL protocols selected (although perhaps TCP and UDP is sufficient)
(My router-modem is a TP-Link TD W895 1ND)
2. Add an incoming traffic rule for that port in the Windows firewall
3. Change the listening port for Remote Desktop in the registry
For example if you chose to it it up with port 3396 (on my modem-router I can add up to 12 NATs)
Launch mstsc.exe
To connect internally now, either : hostname:3396 or 192.168.xxx.xxx:3396
To connect externally : your_public_static_IP:3396
That way, when we RDP to wan IP with port 3396, it gets forwarded to pc2 default RDP port 3389.