Questions

Windows RDP question

+
0 Votes
Locked

Windows RDP question

As a company we support over 100 clients with a mixture of different networks. Mostly though they have a broadband router and a number of PCs behind the router. We routinely need to remotely monitor these PCs. At the moment we are using a combination of LogMeIn IT Reach and RealVNC. But LogMeIn IT Reach costs too much to use on PCs which aren't on a maintenance contract and RealVNC is sluggish and not very functional.

We would like to use RDP since it is functional, free and is already on most of my clients PCs. But my problem is how do I connect to a PC that is behind a firewall? I know i can do port forwarding but that would be messy if there are a number of PCs. Since if I wanted to connect to a specific PC I would have to change the port mappings in the router each time.

LogMeIn uses their own software to get around these problems and RealVNC allows the PC runing the RealVNC server software (MyClient) to initate a TCPIP conection to a listening client (Me). Which means I only have to setup a port forward rule on my router.

So after all that the real question is how can I use RDP to connect to a clients PC, assuming that the client is actually sitting at their PC?

Thanks in advance
  • +
    0 Votes
    CG IT

    If their using Windows server O/S you could use it for Remote Access. Allows remote VPN connections on WAN miniports and user authentication via a RADIUS or AD [if it's an Active Directory network].

    +
    0 Votes

    So you are saying that, if they have a 2000/2003 server, i should connect to the server using a VPN and then use RDP to the clients?

    +
    0 Votes
    3xp3rt

    My advice is: Make a VPN connection to the client?s domain. In this case your computer will be a domain computer, and you can easily use the RDP. For this you can use the desired computer IP address or computer name.

    +
    0 Votes

    Thanks for the suggestion, ill try that.

    I have some clients that use neither domains nor servers, is there anyway you know of that to connect to those machines except direct via TCPIP & port forwading on the router?

    +
    0 Votes
    3xp3rt

    Where is not server or domain, just a router, depending on type of router you can use the following technique: The router has a public IP address, and the computers have some 192.168?.. address. So you can set all this 192.168? IP?s on the router with port range start at 3389 and end at 3389 (RDP port). When you enable one of the 192.168?IP on port range forwarding (or depending on type of router Application, or Gaming) and save these settings, you can connect via RDP to that computer using the public IP address.

    +
    0 Votes
    iceblast21

    Even with port forwarding, I am not getting a remote connection through this method!!!

    As far as I can tell, my host computer is simply non-existant on the net! What I am trying to do is connect remotely to my router through the port 3389, and then forward the connection to the PC I am trying to connect to! But this method simply doesn't work. At all!

    How do you connect remotely to the PC via port-forwarding? The Remote Desktop program can't do it, and neither can I.E.!

    +
    0 Votes
    jon.cordero

    When you connect to the router you dont specify port 3389, port 3389 just gets forwarded. For instance, if you want to connect to a pc that has an internal ip of 192.168.1.50, then on the router, either by telnet or via IE using its wan ip, assuming you are on the outside of the router, you would tell it something like foward tcp port 3389 --> 192.168.1.50. Then in Remote Desktop, just type the wan ip. It will automagically forward to the specified IP. Now if you have multiple pc's you want to connect to then, rdp into one pc, then from that pc, use either vnc or even rdp again to go from pc to pc. It is a cheap but effective method.

    Good Luck

    +
    0 Votes
    iceblast21

    I'm not exactly following your advice. I'm using the net to connect (since the Remote Desktop program isn't giving me any luck), and I would type in "192.168._.__:3389/tsweb/" into the browser (but with the external IP, not this fake internal, example IP!). And I get no connection.

    I've set my router to forward port 3389 to the specific computer I want to connect to (I assigned a permanent internal IP - 192.168.1.100 - to the computer, and I have instructed the router to forward port 3389 to this IP!).

    Still not working! I also saw some advice to change the net port of the computer from the standard port 80 to another port of my choosing (for extra security). So my new web address reads: "external_IP:port_I_chose/TSWEB/", but still no go.

    The obvious answer might be "don't mess with the host computer ports!" but that doesn't make a difference, as remote desktop will not work with either port 80 or the port I chose (I'm not even sure how changing the host computer web port changes anything..).

    I appreciate the advice, and I hope this clears up some specifics on my problem! What am I missing?

    Do I need to host a website or have a VPN for this to work??

    +
    0 Votes
    BeastofBurden

    All my hardware is behind my router so I need to leave my firewall and return to my public IP address somehow. I think some sort of proxy service might be needed but I am not certain how port forwarding might work from a public proxy server. Is that feasible? Can anyone suggest how to test an external configuration from within the same LAN?
    Otherwise, I have to take a laptop to another LAN or find an open wireless network nearby.

    +
    0 Votes
    yurki3

    People are always suggesting many kind of things and there is plenty of those who are fanatic what comes to security.

    I suggest that you first concentrate to get the system working and after that making it more secure.

    If implementing all security tricks at the beginning it just makes situation unnecessarily complicated.

    --edit--

    Finally, i got it working.. . .
    Like said by many ppl. here before, it just needed simple port forward.

    In my case there is ZYXEL BEFSX41 router/switch between my Windows Server 2003 and cabel modem.. and port forwarding is named "Port range forwarding" under "Applications & Gaming".

    Under IIS, i was defined different ports for TSWEB, both TCP and SSL.. IP address too. (i have so called multi homed server, meaning that there's many IP's and websites assigned to same NIC, so it was necessarily to direct TSWEB to it's own IP instead of "all unassigned")

    Then in ZYXEL's port forwarding i made one rule for both ports;
    -----------------------------------------------------------------------
    Application -- start --- end - TCP/UDP ------ IP ----------
    -----------------------------------------------------------------------
    RDP SSL -- 34427 - 34427 - BOTH -- 192.168.1.303
    RDP TCP -- 34274 - 34274 - BOTH -- 192.168.1.303
    -----------------------------------------------------------------------


    After creating those forwards, both MSTSC and TSWEB are working.. i just have to use my public IP with port i assigned;

    MSTSC: "81.181.81.181:232323"
    or
    TSWEB "https://81.181.81.181:232323"

    --

    In my case i have RRAS in use at Server 2003, where more forwarding is done.. like different port assigned to my client machine in another subnet.
    Routing and remote access -> IP Routing -> NAT/Basic Firewall -> WAN card properties -> services and ports -> added "RDP to XP Pro" rule, where i created forward rule from port let's say 232323 to port 3389 in 192.168.2.2 IP, which is that XP machine.

    I hope this helps someone so that it doesn't take as much time as i have spent with this within last year or two..

    +
    0 Votes
    itsupport

    go to no-ip.com and sign up its a free domain name you download their software
    which maps the ip address of your computer
    that you want to access to a domain name
    then you then you type the no-ip domain name in the remote desktop and connect

  • +
    0 Votes
    CG IT

    If their using Windows server O/S you could use it for Remote Access. Allows remote VPN connections on WAN miniports and user authentication via a RADIUS or AD [if it's an Active Directory network].

    +
    0 Votes

    So you are saying that, if they have a 2000/2003 server, i should connect to the server using a VPN and then use RDP to the clients?

    +
    0 Votes
    3xp3rt

    My advice is: Make a VPN connection to the client?s domain. In this case your computer will be a domain computer, and you can easily use the RDP. For this you can use the desired computer IP address or computer name.

    +
    0 Votes

    Thanks for the suggestion, ill try that.

    I have some clients that use neither domains nor servers, is there anyway you know of that to connect to those machines except direct via TCPIP & port forwading on the router?

    +
    0 Votes
    3xp3rt

    Where is not server or domain, just a router, depending on type of router you can use the following technique: The router has a public IP address, and the computers have some 192.168?.. address. So you can set all this 192.168? IP?s on the router with port range start at 3389 and end at 3389 (RDP port). When you enable one of the 192.168?IP on port range forwarding (or depending on type of router Application, or Gaming) and save these settings, you can connect via RDP to that computer using the public IP address.

    +
    0 Votes
    iceblast21

    Even with port forwarding, I am not getting a remote connection through this method!!!

    As far as I can tell, my host computer is simply non-existant on the net! What I am trying to do is connect remotely to my router through the port 3389, and then forward the connection to the PC I am trying to connect to! But this method simply doesn't work. At all!

    How do you connect remotely to the PC via port-forwarding? The Remote Desktop program can't do it, and neither can I.E.!

    +
    0 Votes
    jon.cordero

    When you connect to the router you dont specify port 3389, port 3389 just gets forwarded. For instance, if you want to connect to a pc that has an internal ip of 192.168.1.50, then on the router, either by telnet or via IE using its wan ip, assuming you are on the outside of the router, you would tell it something like foward tcp port 3389 --> 192.168.1.50. Then in Remote Desktop, just type the wan ip. It will automagically forward to the specified IP. Now if you have multiple pc's you want to connect to then, rdp into one pc, then from that pc, use either vnc or even rdp again to go from pc to pc. It is a cheap but effective method.

    Good Luck

    +
    0 Votes
    iceblast21

    I'm not exactly following your advice. I'm using the net to connect (since the Remote Desktop program isn't giving me any luck), and I would type in "192.168._.__:3389/tsweb/" into the browser (but with the external IP, not this fake internal, example IP!). And I get no connection.

    I've set my router to forward port 3389 to the specific computer I want to connect to (I assigned a permanent internal IP - 192.168.1.100 - to the computer, and I have instructed the router to forward port 3389 to this IP!).

    Still not working! I also saw some advice to change the net port of the computer from the standard port 80 to another port of my choosing (for extra security). So my new web address reads: "external_IP:port_I_chose/TSWEB/", but still no go.

    The obvious answer might be "don't mess with the host computer ports!" but that doesn't make a difference, as remote desktop will not work with either port 80 or the port I chose (I'm not even sure how changing the host computer web port changes anything..).

    I appreciate the advice, and I hope this clears up some specifics on my problem! What am I missing?

    Do I need to host a website or have a VPN for this to work??

    +
    0 Votes
    BeastofBurden

    All my hardware is behind my router so I need to leave my firewall and return to my public IP address somehow. I think some sort of proxy service might be needed but I am not certain how port forwarding might work from a public proxy server. Is that feasible? Can anyone suggest how to test an external configuration from within the same LAN?
    Otherwise, I have to take a laptop to another LAN or find an open wireless network nearby.

    +
    0 Votes
    yurki3

    People are always suggesting many kind of things and there is plenty of those who are fanatic what comes to security.

    I suggest that you first concentrate to get the system working and after that making it more secure.

    If implementing all security tricks at the beginning it just makes situation unnecessarily complicated.

    --edit--

    Finally, i got it working.. . .
    Like said by many ppl. here before, it just needed simple port forward.

    In my case there is ZYXEL BEFSX41 router/switch between my Windows Server 2003 and cabel modem.. and port forwarding is named "Port range forwarding" under "Applications & Gaming".

    Under IIS, i was defined different ports for TSWEB, both TCP and SSL.. IP address too. (i have so called multi homed server, meaning that there's many IP's and websites assigned to same NIC, so it was necessarily to direct TSWEB to it's own IP instead of "all unassigned")

    Then in ZYXEL's port forwarding i made one rule for both ports;
    -----------------------------------------------------------------------
    Application -- start --- end - TCP/UDP ------ IP ----------
    -----------------------------------------------------------------------
    RDP SSL -- 34427 - 34427 - BOTH -- 192.168.1.303
    RDP TCP -- 34274 - 34274 - BOTH -- 192.168.1.303
    -----------------------------------------------------------------------


    After creating those forwards, both MSTSC and TSWEB are working.. i just have to use my public IP with port i assigned;

    MSTSC: "81.181.81.181:232323"
    or
    TSWEB "https://81.181.81.181:232323"

    --

    In my case i have RRAS in use at Server 2003, where more forwarding is done.. like different port assigned to my client machine in another subnet.
    Routing and remote access -> IP Routing -> NAT/Basic Firewall -> WAN card properties -> services and ports -> added "RDP to XP Pro" rule, where i created forward rule from port let's say 232323 to port 3389 in 192.168.2.2 IP, which is that XP machine.

    I hope this helps someone so that it doesn't take as much time as i have spent with this within last year or two..

    +
    0 Votes
    itsupport

    go to no-ip.com and sign up its a free domain name you download their software
    which maps the ip address of your computer
    that you want to access to a domain name
    then you then you type the no-ip domain name in the remote desktop and connect