Remote Desktop Cannot Be Accessed?

[veritas310]

I set up Remote Desktop connections all the time, but I'm having a bit of an issue with one PC. The current settings are as follows:

Comcast Business Internet (port forwarded to 3394, internal IP 10.x.x.65)

Static IP set on office PC (10.x.x.65)

Windows Firewall Off

No AV solution currently installed (will be in the future, just making sure we can connect first)

Registry port number changed from 3389 -> 3394

"Allow users to connect remotely to this computer" is enabled

*Current port forwards on 4 other office PC's work with same setup

Error when connecting from outside the network: "This computer can't connect to the remote computer. Try connecting again. If the problem..."

Any ideas? I can provide further information anyone may need. Thanks :).

[+BudMan MVC]

Did you verify that you can connect to the box on that port from another box on the lan? Most likely the registry entry did not take, or software firewall is blocking on the box, etc.

I never understood why change the port on the box -- just change it at that router. Most any decent router allows you to change the port you forward to

What router do you have?

example

public side port 3389 --> 10.x.x.64 3389

public side port 3390 --> 10.x.x.65 3389

public side port 3391 --> 10.x.x.66 3389

public side port 3392 --> 10.x.x.67 3389

So when you want to connect to machine 1 use normal port, when machine 2 3390, when machine 3 port 3391, etc.

example of forwards on router.

[+John Teacake MVC]

Why not just use the standard 3389? It might be a *little* less secure but if you use a good password wont be a problem. And how have you managed to forward all the other 4 PC's presumably they all have different external IP addresses?

[veritas310]

Confirming now...

*Yes, Bud, I can connect to the computer from another workstation on the network via private static IP.

*Router is a Comcast Business Gateway that allows configuration of port forwarding. SMC - hardware v1.01

Why not just use the standard 3389? It might be a *little* less secure but if you use a good password wont be a problem. And how have you managed to forward all the other 4 PC's presumably they all have different external IP addresses?

Why would I need different public addresses to the other office PC's? The format to connect remotely is "publicIP:portNumber". I.e. 172.x.x.x:3394 or for another PC on the office network 172.x.x.x:3393 etc. I don't need more than one static.

Did you verify that you can connect to the box on that port from another box on the lan? Most likely the registry entry did not take, or software firewall is blocking on the box, etc.

I never understood why change the port on the box -- just change it at that router. Most any decent router allows you to change the port you forward to

What router do you have?

example

public side port 3389 --> 10.x.x.64 3389

public side port 3390 --> 10.x.x.65 3389

public side port 3391 --> 10.x.x.66 3389

public side port 3392 --> 10.x.x.67 3389

So when you want to connect to machine 1 use normal port, when machine 2 3390, when machine 3 port 3391, etc.

example of forwards on router.

Edited October 12, 2009 by veritas310

[+John Teacake MVC]

Also when your using RDP dont you need to put ComputerName:PortNumber. To Connect?

[veritas310]

Also when your using RDP dont you need to put ComputerName:PortNumber. To Connect?

No, simply the public IP of the network you're connecting to, followed by the port number (which directs you to the machine). I've configured these so many times it's like second nature, just for some reason this PC won't let me connect to it.

If you're somewhere outside that network on the internet, how is the RDP client supposed to resolve a connection to your office PC by just the computer name and port, it's not possible. What happens by putting in the public IP is that it searches the internet for your public IP, it hits your router/gateway, then the port following it is searched, the configuration on the gateway/router then points it to the private IP address of the PC on your office network.

[+BudMan MVC]

Who said anything about different public IPs????

What I suggested is just listening on a different port on your router and then forwarding that to the standard rdp port 3389, vs changing it on the PC.. Why do it on the PC, when you can just make the settings on the router vs having to change the registry on each machine?

pc1 from outside yourpublicIP:3389

pc2 from outside yourpubicIP:3390

pc3 from outside yourpublicIP:3391

The router just sends those ports to the standard rdp port 3389 on the different lan IPs.

edit: BTW -- the better option would be to VPN into the network and then rdp to whatever machine you want vs opening up RDP to the public net.

edit2: If you say you can connect to the machines remote desktop from a local machine using the port you changed it too.. Then its seems pretty clear you got something messed up in the forward on the router. Or you have something blocking it.

[veritas310]

Yea, I understand where you're coming from Bud, but it still doesn't explain why it's not connecting to this PC. The settings are all correct yet it still won't connect remotely. It doesn't take any time to search either, the response from RDP is immediate. *I will configure as mentioned below in the future, but they only have 5 remote users and the registry has been changed, it's not a problem (in this particular instance).

Who said anything about different public IPs????

What I suggested is just listening on a different port on your router and then forwarding that to the standard rdp port 3389, vs changing it on the PC.. Why do it on the PC, when you can just make the settings on the router vs having to change the registry on each machine?

pc1 from outside yourpublicIP:3389

pc2 from outside yourpubicIP:3390

pc3 from outside yourpublicIP:3391

The router just sends those ports to the standard rdp port 3389 on the different lan IPs.

edit: BTW -- the better option would be to VPN into the network and then rdp to whatever machine you want vs opening up RDP to the public net.

[veritas310]

edit2: If you say you can connect to the machines remote desktop from a local machine using the port you changed it too.. Then its seems pretty clear you got something messed up in the forward on the router. Or you have something blocking it.

Port Range:

Public: 3394 Private: 3394 ~ 3394

TCP/UDP

IP Address: 10.x.x.65

Enabled

These settings match for all other office PC's that are configured to be remoted into (except port of course). They all work as well, I'm currently remoted into the server via 3391.

**I cannot connect to another workstation from the PC I'm having remote issues with, however I connect to that PC from the server or another workstation...

Edited October 12, 2009 by veritas310

[veritas310]

*UPDATE*

I gave the PC a reboot (had some updates) and magically I can connect :). I rebooted last week in the middle of trying to no avail. All is right with the world lol. Thanks for the help guys.

[offroadaaron]

LOL I don't think you rebooted the first time, when you change the RDP port you need to restart the service or reboot the computer.

When you were connecting from the LAN side of thing you probably weren't using the port you changed to but the default port.

Computers generally don't just do random things, but I guess is it Windows!

Oh wells working now.

[+John Teacake MVC]

Who said anything about different public IPs????

What I suggested is just listening on a different port on your router and then forwarding that to the standard rdp port 3389, vs changing it on the PC.. Why do it on the PC, when you can just make the settings on the router vs having to change the registry on each machine?

pc1 from outside yourpublicIP:3389

pc2 from outside yourpubicIP:3390

pc3 from outside yourpublicIP:3391

The router just sends those ports to the standard rdp port 3389 on the different lan IPs.

edit: BTW -- the better option would be to VPN into the network and then rdp to whatever machine you want vs opening up RDP to the public net.

edit2: If you say you can connect to the machines remote desktop from a local machine using the port you changed it too.. Then its seems pretty clear you got something messed up in the forward on the router. Or you have something blocking it.

Me :p I might have mis read. I thought he was trying to forward 3389 onto the internet from every PC in his network in which case he would need a different public IP for each machine right?

[offroadaaron]

Me :p I might have mis read. I thought he was trying to forward 3389 onto the internet from every PC in his network in which case he would need a different public IP for each machine right?

What are you on about?

Yes you can only forward one outside port to many inside ports.

but you can do the following:

you can forward 3389 outside to 3389 inside

you can forward 3388 outside to 3389 inside

Which means you don't need to hack the registry on the machine.

[+John Teacake MVC]

Yeah but Im talking about Internal:3398 to External:3389 I have mis read it!

[offroadaaron]

Yeah but Im talking about Internal:3398 to External:3389 I have mis read it!

I'm lost even more by this comment I'm sorry.