My friend wants to be able to access his work computer from home and I suggested using Remote Desktop. At his work, he has only 4 PC's running off one router with DSL access. My question is, how can two workers both access their respective PC's from their homes. RDP uses port 3389, but I can only forward this to one machine, so what is the solution? Maybe the answer is simple, I am just lost though!
Remote Desktop NAT Questions
- Thread starter Shooks
- Start date
- Oct 25, 1999
- 29,471
- 387
- 126
You change the ports used by RDT, giving each omputer its own unique port.
http://support.microsoft.com/default.aspx?scid=kb;en-us;306759
This page does not describe your specific configuration, but the principle can easily extrapolate to your needs.
Look at the middle of the page, http://www.ezlan.net/vnc.html
:sun:
http://support.microsoft.com/default.aspx?scid=kb;en-us;306759
This page does not describe your specific configuration, but the principle can easily extrapolate to your needs.
Look at the middle of the page, http://www.ezlan.net/vnc.html
:sun:
I think some routers offer "port translation" (I'm not sure, I always use iptables for this) so you can go from Outisideip:3389->InsidePC1:3389, outsideip:33891->insidepc2:3389
so that you don't have to edit the registry to change the RDP port (although why it's that buried, I don't know)
I do this for security purposes anyway. Somone has to do a very high port scan on my box to find any open ports except http
so that you don't have to edit the registry to change the RDP port (although why it's that buried, I don't know)
I do this for security purposes anyway. Somone has to do a very high port scan on my box to find any open ports except http
Jack, I tried to get it to work but its not going through. My parents computer is 192.168.1.103 and my computer is 192.168.1.100
I edited the registry on their computer so RD listens on port 3390 and I also forwarded that port to their IP. Using my computer I tried to RD into 192.168.103:3390 and also myexternalip:3390 and neither worked.
The error it gives is:
The client could not connect to the remote computer.
Remote connections might not be enabled or the computer might be too busy to accept new connections.
It is also possible that network problems are preventing your connection.
Nobody is logged into their computer so it cant be busy. Any ideas?
Update: Even though I changed the registry entry on my parents PC, RD is still using port 3389 because when I forward 3389 to their IP it connects perfectly.
I edited the registry on their computer so RD listens on port 3390 and I also forwarded that port to their IP. Using my computer I tried to RD into 192.168.103:3390 and also myexternalip:3390 and neither worked.
The error it gives is:
The client could not connect to the remote computer.
Remote connections might not be enabled or the computer might be too busy to accept new connections.
It is also possible that network problems are preventing your connection.
Nobody is logged into their computer so it cant be busy. Any ideas?
Update: Even though I changed the registry entry on my parents PC, RD is still using port 3389 because when I forward 3389 to their IP it connects perfectly.
did it work before you edited the registry? (local connection)
did you reboot after editing the registry?
did you reboot after editing the registry?
No I didnt reboot my parents pc after editing the registry, let me try that. thank you nweaver
Update: Reboot did not help, still cant connect
I dont get why RD is still listening on port 3389 on my parents PC even though I changed the registry key. And nweaver, I was just forwarding port 3389 to my parents PC before, so yes it worked. I want 3389 to be forwarded to my PC and 3390 to my parents PC.
Update: Reboot did not help, still cant connect
I dont get why RD is still listening on port 3389 on my parents PC even though I changed the registry key. And nweaver, I was just forwarding port 3389 to my parents PC before, so yes it worked. I want 3389 to be forwarded to my PC and 3390 to my parents PC.
Ok now this is weird, or maybe not I dont know anymore.
When I type 192.168.1.103:3390 or myip:3390 the connection fails. However when I type pcname:3390 it connects fine.
Update: Ok after accessing my parents PC using the pcname:3390 method, now everything else works!! 192.168.103:3390 and myip:3390 also work!! I dont know why, I just hope I can get my friends connetion setup right!
Thank you both for all your help!
When I type 192.168.1.103:3390 or myip:3390 the connection fails. However when I type pcname:3390 it connects fine.
Update: Ok after accessing my parents PC using the pcname:3390 method, now everything else works!! 192.168.103:3390 and myip:3390 also work!! I dont know why, I just hope I can get my friends connetion setup right!
Thank you both for all your help!
RebateMonger
Elite Member
- Dec 24, 2005
- 11,588
- 0
- 0
If your friend ever puts a server in place at the office, he'll find that MS Small Business Server 2003 has remote access that automatically does all this for you. You get a screen called "Remote Web Workplace" that lists all the PCs and Servers in the office and lets you choose which one to connect to. It works its magic through TCP Port 4125 and keeps that port closed until you pre-authenticate to a secure web site on port 443.
good to know RMonger, I will let him know. Right now his business is pretty small and they dont have a need for a server, but they are slowly growing and will eventually, thanks for the heads up!
RebateMonger
Elite Member
- Dec 24, 2005
- 11,588
- 0
- 0
I manage an MD's office, with four servers and 30+ client PCs. And NO SBS Server! It's a pain. To set up remote access on all those PCs, I'd have to do a bunch of router programming and registry edits. I'd have to use all manual (Static) IP addresses. Plus, each person would have to know the Remote Desktop port for their PC.
With SBS, it's all done for you. You can use DHCP inside the office. And its version of Remote Desktop circumvents any possibility of "Man-in-the-middle" attack (unlike the standard Remote Desktop, which requires a VPN envelope to defend against MITM).
So your using a workgroup? I mean since you don't have sbs server are you saying you don't have sbs and not using AD or just don't have sbs but using w2k3 server?
RebateMonger
Elite Member
- Dec 24, 2005
- 11,588
- 0
- 0
I'm saying that one of my clients has four Windows 2003 Servers, Active Directory, but no SBS Server. It makes my job (managing their network) MUCH more difficult. I'm going to have to figure out a good remote access strategy for me and for them. Right now, they can't remote into the office at all, except via (somewhat risky) VPN.
Their non-SBS site costs them a LOT more for me to manage than my other sites that have SBS as the root Domain Controller. And, even with four Servers, they have few of the useful business and management tools that come with one SBS Server.
RebateMonger....Why are you calling the VPN risky?
John
Their non-SBS site costs them a LOT more for me to manage than my other sites that have SBS as the root Domain Controller. And, even with four Servers, they have few of the useful business and management tools that come with one SBS Server.[/quote]
John
I'm saying that one of my clients has four Windows 2003 Servers, Active Directory, but no SBS Server. It makes my job (managing their network) MUCH more difficult. I'm going to have to figure out a good remote access strategy for me and for them. Right now, they can't remote into the office at all, except via (somewhat risky) VPN.
Their non-SBS site costs them a LOT more for me to manage than my other sites that have SBS as the root Domain Controller. And, even with four Servers, they have few of the useful business and management tools that come with one SBS Server.[/quote]
RebateMonger
Elite Member
- Dec 24, 2005
- 11,588
- 0
- 0
I consider VPNs "riskier" than Remote Desktop because a VPN, by definition, puts "foreign" computers directly onto the Office network. It's pretty tough to infect an office network using Remote Desktop, but a VPN puts the remote PC directly "inside" the office network, making it much easier to transfer worms or steal information if the remote PC has been trojan'ed.
If the remote PC is owned by the Company, is locked down via Group Policy, and if the User doesn't have Local Administrator Priviliges, then this presents a minimal risk. But I've seen far too many laptops and home PCs that are shared with family and I certainly wouldn't want them to VPN into any network that I was responsible for. Additionally, split Gateways are a pretty common solution for giving Internet access to VPN'd PCs. That's another problem....It's MUCH safer for most Users to Remote Desktop in.
TRENDING THREADS
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 10K
-
Discussion Speculation: Zen 4 (EPYC 4 "Genoa", Ryzen 7000, etc.)- Started by Vattila
- Replies: 13K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 7K
-
Facebook
Twitter