Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RDP (remote desktop) from outside my home netowork NOT WORKING !


  • Please log in to reply
16 replies to this topic

#1 TheStalker

TheStalker

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 06 January 2010 - 04:48 AM

Hi all,

I'm having real problems with making RDP work on my windows 7 machines from outside my netowrk at home. I am using two windows 7 machines with pro and Ultimate installed on them. I also have a home belkin wirelss router.

First let me start by saying i can RDP inside my network from computer to computer using both internal ip addresses and computer names,.

The problem starts when i try and remote RDP eg from work to home. below is how i have everything setup.

- I have my router forwarded under the virtual servers tab to port 3389-3389 and to the ip address of the machine inside my network e.g. 192.168.2.4
- i have checked windows firewall and there is a tick under the allow programs though firewall next to RDP (Home/Work private)
- I have checked here http://www.yougetsignal.com/tools/open-ports/ and they say that port 3389 is forwarded on my external ip address
- have have check cmd > netstat -a and have 3389 - <mycomputername> LISTINING

When i goto RDP i get the following message " Remote desktop can't connect to the remote computer for one of theses following reasons

1) Remote access tot eh server is not enabled
2)The remote computer is turned off
3)The remote computer is not avaliable on the network


If anyone has any ideas of what im missing id be greatful for any ideas and help as rdp is not much use to me from within my home i need to be able to rdp from another city.

thanks :huh:

BC AdBot (Login to Remove)

 


#2 TheStalker

TheStalker
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 06 January 2010 - 04:49 AM

update: i have downloaded this http://www.portforward.com/help/portcheck.htm and am getting the message " could not test port 3389 because some other application locked. Please close any other programs that might be using this port and try again"

This still dosnt help me !!! ????

#3 TheStalker

TheStalker
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 06 January 2010 - 05:28 AM

ok so i forwarded port 3333 both on UDP and TCP and tried using that port with my external ipaddress and still have the same problem ?????

#4 Bolsterplate

Bolsterplate

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 PM

Posted 06 January 2010 - 12:32 PM

I'm sure you know that since you have two workstations, each instance of Terminal Services port forwarding on your router needs to use a different port. Since 3389 is the default port for Terminal Services, you may want to troubleshoot by creating only one port forwarding rule to one workstation using the default port of 3389. Delete the other rule. If that works, then you need to use a different port for the second workstation. Use regedit on the second workstation to change the Terminal Services port from 3398 to the different port and create the second port forwarding rule using the different port.

If that's squared away, you have DSL, and you still cannot connect, you may want to try lowering the MTU on the target workstations to 1492.

Here is an article I clipped that explains how to do it for Vista and better:

Fortunately, Microsoft now allows us to adjust the MTU using the "netsh" command. As other commands in Windows Vista, you run "netsh" using the command window, in Administrative mode.

To see what interfaces you have on your computer, type

netsh interface ipv4 show subinterfaces

To change the MTU, type
netsh interface ipv4 set subinterface "Local Area Connection" mtu=nnnn store=persistent

where
Local Area Connection is the name of the network connection on your computer, from the list obtained above.
nnnn is the desired value for MTU.

Reboot after making the change.

Edited by Bolsterplate, 06 January 2010 - 12:33 PM.


#5 TheStalker

TheStalker
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 06 January 2010 - 12:41 PM

I'm sure you know that since you have two workstations, each instance of Terminal Services port forwarding on your router needs to use a different port. Since 3389 is the default port for Terminal Services, you may want to troubleshoot by creating only one port forwarding rule to one workstation using the default port of 3389. Delete the other rule. If that works, then you need to use a different port for the second workstation. Use regedit on the second workstation to change the Terminal Services port from 3398 to the different port and create the second port forwarding rule using the different port.

Sorry maybe i didnt explain it i have tried with just one machine i.e the port 3389 forwarded to 192.168.2.4 as the only rule and still no luck. I have a cable connecton from virgin media in the UK if thats any help

If that's squared away, you have DSL, and you still cannot connect, you may want to try lowering the MTU on the target workstations to 1492.

Here is an article I clipped that explains how to do it for Vista and better:

Fortunately, Microsoft now allows us to adjust the MTU using the "netsh" command. As other commands in Windows Vista, you run "netsh" using the command window, in Administrative mode.

To see what interfaces you have on your computer, type

netsh interface ipv4 show subinterfaces

To change the MTU, type
netsh interface ipv4 set subinterface "Local Area Connection" mtu=nnnn store=persistent

where
Local Area Connection is the name of the network connection on your computer, from the list obtained above.
nnnn is the desired value for MTU.

Reboot after making the change.


Thanks for this reply but do you think you could explain what MTU is and why it might help with RDP?

I ran "netsh interface ipv4 show subinterfaces" inside cmd and under MTU for local area connectin it says 1500. This dosnt really mean alot to me and i would like to know what im changing and the possible effect that it might have on my system?

thanks again for your reply ! :huh:

Edited by TheStalker, 06 January 2010 - 12:44 PM.


#6 Kalon Wiggins

Kalon Wiggins

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portland, OR
  • Local time:02:14 PM

Posted 06 January 2010 - 12:47 PM

If you can connect from other computers on your lan the problem must be in your port forwarding.

Look up your router at portforward.com and it should tell you how to configure it with directions specific to your model.

One thing you might also try, is termporarily setting your dmz in your router to your local address and see if you can connect to it remotely then. With the dmz set, all ports are open and pointed to your computer so it should work. Don't leave this setting like this, just do it for a troubleshoot. If you set your dmz and you still can't connect, then your cablemodem may be a router as well. This could mean that even if your belkin router is configured properly, your modem has that port closed before data reaches your router. If you can connect remotely with the dmz set then it means your router wasn't configured properly for port forwarding before.

More and more isps are using modems that are also firewalls, and if you are unaware of this it can be a real headache trying to make this work.

Again, don't leave your dmz set. Disable the dmz again after running this test, or your ports will all be open and you will not have firewall protection.

#7 Bolsterplate

Bolsterplate

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 PM

Posted 06 January 2010 - 12:54 PM

MTU stands for maximum transmission unit. http://en.wikipedia.org/wiki/Maximum_transmission_unit

You only need to change the MTU if you use DSL.

DSL needs to use some of the standard Ethernet MTU (1500 bytes) for the PPPOE header. By lowering the MTU on the workstation, you minimize fragmented packets which can cause problems with the Terminal Services connection.

You can also try setting the router MTU from 1500 to 1492. Changing the setting here is a workaround implemented by router manufacturers to keep administrators from having to change the MTU on each and every workstation. However, the MTU is set by the workstation -- changing it there is the best way.

#8 TheStalker

TheStalker
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 06 January 2010 - 12:59 PM

If you can connect from other computers on your lan the problem must be in your port forwarding.

Look up your router at portforward.com and it should tell you how to configure it with directions specific to your model.

I checked that website and followed how to do it for my router and that was how i was doing it in the first place

Posted Image


One thing you might also try, is termporarily setting your dmz in your router to your local address and see if you can connect to it remotely then. With the dmz set, all ports are open and pointed to your computer so it should work. Don't leave this setting like this, just do it for a troubleshoot. If you set your dmz and you still can't connect, then your cablemodem may be a router as well. This could mean that even if your belkin router is configured properly, your modem has that port closed before data reaches your router. If you can connect remotely with the dmz set then it means your router wasn't configured properly for port forwarding before.

More and more isps are using modems that are also firewalls, and if you are unaware of this it can be a real headache trying to make this work.

Again, don't leave your dmz set. Disable the dmz again after running this test, or your ports will all be open and you will not have firewall protection.


Ijust tried using DMZ with my local ip address (192.168.2.4) and it still didnt work. Do you think the cable modem might be acting as a firewall as well then? so really i have 3 firewalls to get past?

Is there way around this if this is the case ???

thanks for your reply :huh:

#9 Bolsterplate

Bolsterplate

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 PM

Posted 06 January 2010 - 01:06 PM

Kalon is on to something regarding the ISP modem/firewall. The easiest way to find out is make a single Ethernet connection from your ISP's device to a workstation. Restart your workstation (or release and renew) and see what kind of IP you get. If it's private, like 192.168.x.x or 10.x.x.x or 172.16.x.x, your ISP's device is a router, too.

And, yes, there is a way around it. Find out first, though.

#10 TheStalker

TheStalker
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 06 January 2010 - 01:12 PM

Ok thanks i will have to do this tomorrow now as ther eis other people that need ot use the internet atm. Thanks everyone for your input and i hope we can get it sorted soon. Will get back to you all asap.

#11 Bolsterplate

Bolsterplate

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 PM

Posted 06 January 2010 - 01:15 PM

In case I'm not able to reply, if the ISP's device is also a router, you can:

1. Eliminate your Belkin device and use the ISP's device as the only router. Set up port forwarding in the ISP's firewall. If you have the Belkin for wireless, you can disable the routing and firewall and configure it as a simple wireless access point.

or

2. Call your ISP and ask them how to bridge their router and how to setup your Belkin's WAN interface to work with their service. You would setup port forwarding in the Belkin.

#12 TheStalker

TheStalker
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 07 January 2010 - 08:16 AM

In case I'm not able to reply, if the ISP's device is also a router, you can:

1. Eliminate your Belkin device and use the ISP's device as the only router. Set up port forwarding in the ISP's firewall. If you have the Belkin for wireless, you can disable the routing and firewall and configure it as a simple wireless access point.

or

2. Call your ISP and ask them how to bridge their router and how to setup your Belkin's WAN interface to work with their service. You would setup port forwarding in the Belkin.


I have found the address for the cable modem 192.168.100.1 when i log into it, it does'nt look like it is a router is just give info about the modem and there are no option at allow you to chnage any thing.

#13 DanrB

DanrB

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 07 January 2010 - 09:45 AM

Didn't see where you said or where anyone has ask but does your ISP provide for a routable IP address to you? static address that never changes, one either provided to you free or at extra cost and if so do you have it?

If not you're not going to get it to work until you upgrade your service to allow for it.

#14 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:05:14 PM

Posted 07 January 2010 - 10:02 AM

TheStalker,

It's very possible that your cable modem it showing it's "default" dhcp settings. Meaning, not the ones provided by your isp.

Connect directly to your Cable modem and make sure you can connect to the internet. If you can, then go to a command prompt and type:

ipconfig /all

The IP Address should give the address that is assigned to you and not the private address you are seeing when connecting directly to the modem. You normally can only connect to that address when the modem is booting and has not completed connection to your ISP.

Next, go to www.whatismyip.com and make note of the ip address that page shows you. If it is anything other than the Private Ip Addresses ( Listed here under Reserved Private ipv4 Address Space then you have an IP address that you can connect through using RDP and get to your computer.

The cable modem that you have will also define whether or not your can get back through it from the internet. Most older cable modems are just that. A modem. They only make the connection between your computer and the Internet Service Provider. Newer models also include some sort of firewall. It's not the greatest firewall in the world but for basic protection they work. Knowing what cable modem you have will help us figure out if you have one of these newer type modems and where to point you for info on opening ports.

Also, if you are receiving a dynamic ip address from your service provider you will still be able to get into your computer from the internet but you will have to find out what your IP address is for that day to be able to find your computer. To alleviate this, you can use a service such as dns2go or dyndns to be able to find your computer by name just as you find www.microsoft.com or yahoo.com. But, that's info for another time after we get your RDP working in the first place.

I hope this helps,
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#15 TheStalker

TheStalker
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 12 January 2010 - 11:03 AM

Sorry ive not updated guys, been busy at work. will plug my netbook into the modem tonight and update then :huh:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users