Need some help with Remote Desktop

ckoh

New Member
#1
I'm having some trouble setting up Remote Desktop to connect to my office PC's from outside our office network. If someone with a little more expertise can chime in on the subject it would be awesome.

Our setup:

We have a ASUS 1900 router which is assigned a static IP we were assigned from Charter. The router has DHCP turned off so that our Windows Server 2012 R2 PC with DHCP enabled can dynamically assign IP's (private subnet IP's of 10.1.10.x) to all the work stations.

Setting up Remote Desktop:

  1. Enabled remote desktop on all work stations.
  2. Check firewall
  3. Change the listener port so that no two stations have the same port
  4. note the IPv4 (10.1.10.x)
  5. Set up port forwarding on the router to allow connections to destination IP of the IPv4, and destination port as the listener port.
When I try to use Remote Desktop from within the network I just use the private subnet IP that was assigned by the server. So, 10.1.10.x and it works fine to get in to each work station.

When I try to use Remote Desktop from a different network, I used the private subnet IP that was assigned by the server and the listener port. So, 10.1.10.x:ListnerPort. But its not working, where am I going wrong?
 


Trouble

Noob Whisperer
#2
Whenever you change the listening port for RDP from 3389 you have to configure a new windows firewall rule on the machine where you changed it for RDP because it defaults to 3389 and I don't believe it is editable so you add a new one to include you new port.
Just call your new inbound rules RDP (you'll probably need two, one for TCP and a second for UDP) and use the two existing "Remote Desktop" inbound rules as examples for configuration. Just make sure that you use the new listening port in your configuration.

EDIT: And then of course in your connection you'll have to use :8888 (port number) in mstsc.exe for your connection to work
ie: YourExternalStaticIPAdress:8888
 


ckoh

New Member
#3
Whenever you change the listening port for RDP from 3389 you have to configure a new windows firewall rule on the machine where you changed it for RDP because it defaults to 3389 and I don't believe it is editable so you add a new one to include you new port.
Just call your new inbound rules RDP (you'll probably need two, one for TCP and a second for UDP) and use the two existing "Remote Desktop" inbound rules as examples for configuration. Just make sure that you use the new listening port in your configuration.

EDIT: And then of course in your connection you'll have to use :8888 (port number) in mstsc.exe for your connection to work
ie: YourExternalStaticIPAdress:8888

Would the external static IP address be the static IP provided by Charter that was assigned to the router?
 


Trouble

Noob Whisperer
#4
Would the external static IP address be the static IP provided by Charter that was assigned to the router?
Yes.... typically when you remote into a remote desktop host on an internal (privately addressed) non-public facing network, from a remote desktop client that is not part of the same private network, you have to hit the outside edge, where you've configured your pinhole (port forwarding) to send things along to the internal (LAN side) network, and then to a specific host based on the listening port.
You can use a FQDN if your provider has one associated with that IP or some people use Dynamic DNS services like DynDNS.org which can be helpful if that IP is subject to change but it your case not necessary.
 


ckoh

New Member
#5
Yes.... typically when you remote into a remote desktop host on an internal (privately addressed) non-public facing network, from a remote desktop client that is not part of the same private network, you have to hit the outside edge, where you've configured your pinhole (port forwarding) to send things along to the internal (LAN side) network, and then to a specific host based on the listening port.
You can use a FQDN if your provider has one associated with that IP or some people use Dynamic DNS services like DynDNS.org which can be helpful if that IP is subject to change but it your case not necessary.
I'm screwing up somewhere, but not sure where. I even tried turning off the firewall entirely, and while on the same network on both PC's using the pc's private subnet IP of 10.1.10.x, and its not connecting. I have both computers set to allow remote connections, and firewalls off for the mean time.
 


Trouble

Noob Whisperer
#6
It's not connecting at all?
Or are you getting an error when attempting to authenticate.
And make sure when you enter the IP address in mstsc.exe you follow that with a
:8888
or whatever new listening port you've configured in the registry on the computer you are trying to connect to.
So it looks like
10.1.10.222:8888
 


Trouble

Noob Whisperer
#7
And are you certain that you haven't configured a port for listening that is otherwise engaged on either or both machines. There are ports that are reserved which you need to avoid.
I generally use 8886, 8887, 8888, 8889. They seem to just work and haven't caused me any issues to date.
 


ckoh

New Member
#8
And are you certain that you haven't configured a port for listening that is otherwise engaged on either or both machines. There are ports that are reserved which you need to avoid.
I generally use 8886, 8887, 8888, 8889. They seem to just work and haven't caused me any issues to date.
It looks like its attempting to connect for a few seconds then gives me the:

Remote Desktop can't connect to the remote computer for one of these reasons:
1) Remote access to the server is not enabled
2) The remote computer is turned off
3) The remote computer is not available on the network

Make sure the remote computer is turned on and connected to the network, and that remote access is enabled.

I have been using 3390-4000~ish port wise, i'll try changing to one of the 8886-8889's and see what happens. Is there a feature on the Windows Server 2012 R2 that I need to set up?


Edit: changed the port on the destination PC to 8888, and tried connecting from a different network. Gave me the same error. I'm using the static IP address I set on the router in the WAN IP settings.
 


Last edited:

Trouble

Noob Whisperer
#9
Is there a feature on the Windows Server 2012 R2 that I need to set up?
Not sure.... let me fire mine up and test.
You may want to first get this working with default settings on the internal network first as everything should be provided for in advance by the operating system and Windows with configure the firewall rules for you with everything set to 3389.
After you confirm that it is working as expected with default settings on the internal network, then advance one step at a time.
Change the listening port and see what happens, making sure you include the colon and the new port number in your connection (10.1.10.222:8886 ).
If the problem starts there then it's the firewall that you'll need to fix.
Once that is up and running you can test it from an external network, hitting the outside edge IP address including the listening port and see if your NAT pinhole passes it through as expected.
 


ckoh

New Member
#10
Not sure.... let me fire mine up and test.
You may want to first get this working with default settings on the internal network first as everything should be provided for in advance by the operating system and Windows with configure the firewall rules for you with everything set to 3389.
After you confirm that it is working as expected with default settings on the internal network, then advance one step at a time.
Change the listening port and see what happens, making sure you include the colon and the new port number in your connection (10.1.10.222:8886 ).
If the problem starts there then it's the firewall that you'll need to fix.
Once that is up and running you can test it from an external network, hitting the outside edge IP address including the listening port and see if your NAT pinhole passes it through as expected.
Crawl before we run, got it. Good idea, so I changed the listener port on the destination PC back to 3389, left the fire walls off, and put both PCs back on the same network. And I'm still getting the same connection issues, both PCs still have the allow remote connections settings on. I have set up a remote desktop from the same network before, the only difference I can think of was that before the router was assigning IP's, since we didn't have the Windows Server then.
 


Trouble

Noob Whisperer
#11
Did you reboot the machines after changing the registry entry?
 


Trouble

Noob Whisperer
#13
That particular registry edit requires a reboot to take effect.
Is one of the machines you're trying to connect to a 2012 R2 Server and if so is it a Domain Controller?
 


ckoh

New Member
#14
That particular registry edit requires a reboot to take effect.
Is one of the machines you're trying to connect to a 2012 R2 Server and if so is it a Domain Controller?

Well resetting the computer allowed the connection to the PC on the same network to work fine. Damn... okay, i'm going to change the settings again and reboot this time... see how it works out.
 


ckoh

New Member
#15
Not sure.... let me fire mine up and test.
You may want to first get this working with default settings on the internal network first as everything should be provided for in advance by the operating system and Windows with configure the firewall rules for you with everything set to 3389.
After you confirm that it is working as expected with default settings on the internal network, then advance one step at a time.
Change the listening port and see what happens, making sure you include the colon and the new port number in your connection (10.1.10.222:8886 ).
If the problem starts there then it's the firewall that you'll need to fix.
Once that is up and running you can test it from an external network, hitting the outside edge IP address including the listening port and see if your NAT pinhole passes it through as expected.
So it, worked when I changed all the information back to default and rebooted. Then when I changed the listener to 8888 and rebooted I tried to connect with the 10.1.10.x:8888 and it didn't work. So its a fire wall issue? I have both fire walls turned off though.
 


ckoh

New Member
#16
So it, worked when I changed all the information back to default and rebooted. Then when I changed the listener to 8888 and rebooted I tried to connect with the 10.1.10.x:8888 and it didn't work. So its a fire wall issue? I have both fire walls turned off though.

Actually , I Don't know what I typo'd but I tried it again. and now on the same network i'm getting in fine using the 10.1.10.x:8888
 


Trouble

Noob Whisperer
#17
OK, so now turn the firewalls back on.
 


#18
OK, so now turn the firewalls back on.
After messing with it some more, its up and running!

Thanks a lot for all your help Trouble.

Also one more thing, I have been looking at this list of ports would it be safe to assume that if the ports are not listed they are unused?
 


Trouble

Noob Whisperer
#19
Good to hear and glad you have managed to resolve your problem.
would it be safe to assume that if the ports are not listed they are unused?
I would think so and I believe that, that is the list I used to use. I see my old favorites have been claimed since I last looked (been awhile).
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.