Question : Remote Desktop on alternative ports problem

I'm having a problem getting Remote Desktop setup for several computers on a Network. All the port forwarding is setup in the router. I've changed the listening port for RDP in the registry on the machines that need remote access.

I have a working VPN connection and Remote Desktop to the server works fine.

server
192.168.1.150
default port 3389
I can Remote Desktop by name and IP address

doug01
192.168.1.121
port 3388
I can't Remote Desktop via name or IP

nancy01
192.168.1.174
port 3387
I can't remote Desktop via name or

nathalie01
192.168.1.215
port 3390
I can remote this machine by IP address only, but the weird thing is I didn't have to add the changed port in the Remote Desktop Conncection ie (192.168.1.215:3390) in fact if I do then it won't work.

The computer I'm currently trying to remote in from is on a 192.168.20.x subnet on the NIC and the VPN connection is assigning a server IP of 192.168.1.167 and a client address of 192.168.1.166. Authentication is MS CHAP v2, Encryption is MPPE 128.

Also, I can't ping Doug01 or Nancy01 by name or IP. I can ping Nathalie01 by IP but not name? I can ping the server by both.

What gives here? I have another network installation that has a similar problem that I wasn't able to resolve that I'm going to need to revisit soon as well. I must be missing something but I can't figure it out.

Answer : Remote Desktop on alternative ports problem

Since you can connect to one desktop, that would indicate the VPN, and server configurations are fine. I would suspect either the other desktops are not configured for remote desktop connections or the firewalls are enabled. You don't necessarily have to disable the firewall but it does need to be configured. To do so, on each computer, go to control panel and windows firewall. If it is off, don't worry about it. If it is on, click on the exceptions tab, and then check Remote desktop, then click on exceptions, check 3389 TCP/IP and choose change scope, here if using the VPN you can choose my network, however if connecting from the Internet you need to choose any computer, and now save. You need to have remote desktop enabled before the option appears under exceptions. If you don't want to change each computer you can make the changes centrally with group policy if you are familiar with it. Below I have added a remote desktop "check list. Make sure it is properly enabled on each PC. Again it can be universally controlled by Group Policy.

---------------------------------------
1-try connecting using the IP of the remote computer not the computer name
2-"allow users to connect remotely to this computer" must be enabled
3-you must be a member of the remote desktop users group (administrators are by default)
4-if the workstation is a member of a server 2000/2003 domain you will have one of the 2 following check boxes, depending on the version, on the "Terminal Services Profile" of the users profile in Active Directory. Make sure it is checked appropriately. "Deny the user permission to log on to any terminal server", or "Allow Logon to Terminal Server"
5-if XP SP2 or Server 2003 SP1 the firewall needs to be configured to allow remote connections ( I would disable for now for troubleshooting purposes)
6-make sure any other software firewalls are disabled as well (for test purposes), including Internet security suites. Symantec's sometimes needs to be uninstalled or if using Symantec Antivirus some versions have "Internet Worm Protection" which can block Remote Desktop. Try disabling that as well.
7-Verify the Remote Desktop User group has the rights to log on using Terminal Services. Go to Control Panel | Administrative tools | Local Security Policy | Local Policies | User Rights Assignments ...make sure Remote Desktop Users is included in "allow logon through Terminal Services"
8-The terminal Services service must be running
If you have access to the remote machine make sure it is "listening" for your connection. To do so at a command line enter (substitute port # if not using default 3389):
netstat -an |find "3389"
You should get the following result:
TCP 0.0.0.0:3389 0.0.0.0:0 listening
If not go to Start | Run | services.msc and see if Terminal Services is started and set to automatic
9- Note also; only runs on XPpro, not XPhome
----------------------------------------

RWW (Remote Web Workplace) works great. You will not see any difference in performance, but connecting is a 2 or 3 step process rather than one. To connect you log onto a secure web page. On that page depending on the options you have selected, you can connect to the companies Intranet, Outlook Web Access, or log on to desktops. Administrators have more options; server performance reports, server usage reports, log on to servers, or offer a user remote assistance. The user then chooses log on to their desktop, and from there it is identical to remote desktop. I have included a post from an earlier question as to how to configure:

---------------------------------
If you wish to access using RWW (Remote Web Workplace) follow the following steps:
-On the SBS, under administrative tools open the "Server Management" console. In the console click on Internet and e-mail on the left, and on the page that opens on the right, choose connect to the Internet, even though you may have done this before. The wizard will allow you to add to, or change your present configurations. If you already have an Internet connection you really only need to make one addition, but just verify the current options and click next through the screens. If you only have one network adapter configured, you will be prompted regarding the firewall. One network adapter is fine, click no to viewing documentation, and continue. On the "Web Services configuration" page, if it is not already enabled, check "Allow access to only the following web site services", and check the box for "Remote Web Workplace". If "Allow access to the entire web site from the Internet" is already checked that is fine too, but as a rule I recommend you only enable the services you plan to use. Then just continue through the next options and finish.
-If only administrators are connecting you are done on the server. If others wish to connect, and have access to their own desktop, with their existing permissions, they need to be added to the Remote Web Workplace Users Group, located under "Security Groups", again in the Server Management console.
-Then on the router, at the SBS site, you need to forward ports 4125 and 443 to the SBS. You can find details regarding port forwarding at:
http://www.portforward.com/english/applications/port_forwarding/RemoteDesktop/RemoteDesktopindex.htm
On that site click on your router model to see details. However, this is for remote desktop, port 3389, not RWW ports 443 and 4125,. Substitute the port numbers and configure.
-From the remote site it doesn't matter if it is just a DSL connection, a DSL with a router, or even a dial up account there is nothing to configure

To connect; in a web browser enter your public IP such as https://66.66.123.123/remote (don't forget the 's' on the end of http)
-If you do not know the public IP, from a web browser on the SBS, log on to http://www.whatismyip.com and it will advise you.
-If you have a domain name registered with that IP you can use that to access http://mydomain.abc/remote
-If you do not have a static (fixed) public IP you can also set up a DDNS service that will assign you a domain name, and track the changing IP so you can always simply use the domain name to connect. Get it working, and then if this is an issue you can deal with the DDNS service afterwards. I prefer www.dyndns.com, but there are many others such as www.no-ip.com
-When the connection starts you will be asked to accept an SSL secure certificate
-Then a logon window will appear where you enter your username and password.
-On the first page you will be given the options available to you. As an administrator you will have access to servers, but users will only see desktops.
-The first time the web page is viewed on any computer, it will ask to install an Active-X control when you try to log on to a computer. allow it to do so. If XP you may get the message bar at the top warning the Active-x control was blocked. Rick click on the bar and allow installation. You may then need to click on the logon option to a computer again. There is a little delay while the component is installed.
-Then you will be asked again for your username and password.

It works very well and is quite secure.There is a webcast outlining RWW features.
http://support.microsoft.com/kb/833983

Random Solutions

DHCP and Wireless LAN within a Wired LAN??

Dell Visio Stencils

Error 404: No target servlet configured for the URI

File sharing with 2000 and xp pro

Microsoft Word opens and closes slowly

Traceroute monitor with alarm notification

Migrating local profiles to AD profiles

Error 1306 When trying to remove msi installation