TCP 3389 and Remote Desktop

Thank you very much for you suggestions.

"Sooner Al [MVP]" wrote:

> For help accessing multiple PCs behind a router see this page...
>
> http://theillustratednetwork.mvps.or...ple_PC_RD.html
>
> Alternatives would be to setup a VPN or SSH server on your network and
> access all PCs with Remote Desktop through the one hole in the router
> without needing the port hack.
>
> In all cases use a *strong* password...
>
> http://www.microsoft.com/protect/you...d/checker.mspx
>
> --
>
> Al Jarvi (MS-MVP Windows – Desktop User Experience)
>
> Please post *ALL* questions and replies to the news group for the
> mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
> How to ask a question
> http://support.microsoft.com/KB/555375
>
> "ThomFromPhilly" <ThomFromPhilly@discussions.microsoft.com> wrote in message
> news:47CC1496-6818-4A3D-91EE-C633D700DACA@microsoft.com...

> > Is there any way to change the default port for Remote Desktop from 3389
> > for
> > a host computer running WinXP Professional? There is a conflict using a
> > Linksys wireless router for a peer to peer network when trying to access
> > more
> > than one PC remotely as 3389 must be assigned to each static IP in
> > addition
> > to the unique port number used in the URL. I am not an advanced user, any
> > detailed suggestions would be of great assistance. A Microsoft tech
> > provided
> > instructions for changing the remote port using RegEdit, but it did not
> > solve
> > the problem. Only one PC is remotely accessable on the network using a
> > unique port and the default port 3389 for Remote Desktop. No other PCs
> > are
> > not accessable with a unique IPs with two unique ports assigned including
> > the
> > default 3389.

>

Your suggestion to change the default port 3389 via RegEdit does not solve
the problem, unfortunately. To access one PC on my peer to peer network
through a Broadband modem and wireless router, it appears two ports need to
be opened, the default 3389 and a second port with a unique number, both
assigned to one static IP. Opening only 3389 assigned to a static IP does not
allow access. It seems there must be a second port open for the same IP with
a unique number. If only one port is necessary, it would facilitate changing
the default port from 3389 using RedEdit in order to allow access to several
PCs with unique static IPs and default port numbers as you have suggested.
However, unless I am doing something wrong, changing the default port using
RedEdit and assigning a second unique port to the same unique IP does not
work. Any suggestions would be greatly appreciated and thank you in advance.

"Sooner Al [MVP]" wrote:

> For help accessing multiple PCs behind a router see this page...
>
> http://theillustratednetwork.mvps.or...ple_PC_RD.html
>
> Alternatives would be to setup a VPN or SSH server on your network and
> access all PCs with Remote Desktop through the one hole in the router
> without needing the port hack.
>
> In all cases use a *strong* password...
>
> http://www.microsoft.com/protect/you...d/checker.mspx
>
> --
>
> Al Jarvi (MS-MVP Windows – Desktop User Experience)
>
> Please post *ALL* questions and replies to the news group for the
> mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
> How to ask a question
> http://support.microsoft.com/KB/555375
>
> "ThomFromPhilly" <ThomFromPhilly@discussions.microsoft.com> wrote in message
> news:47CC1496-6818-4A3D-91EE-C633D700DACA@microsoft.com...

> > Is there any way to change the default port for Remote Desktop from 3389
> > for
> > a host computer running WinXP Professional? There is a conflict using a
> > Linksys wireless router for a peer to peer network when trying to access
> > more
> > than one PC remotely as 3389 must be assigned to each static IP in
> > addition
> > to the unique port number used in the URL. I am not an advanced user, any
> > detailed suggestions would be of great assistance. A Microsoft tech
> > provided
> > instructions for changing the remote port using RegEdit, but it did not
> > solve
> > the problem. Only one PC is remotely accessable on the network using a
> > unique port and the default port 3389 for Remote Desktop. No other PCs
> > are
> > not accessable with a unique IPs with two unique ports assigned including
> > the
> > default 3389.

>

ThomFromPhilly wrote:

> Is there any way to change the default port for Remote Desktop from
> 3389 for a host computer running WinXP Professional? There is a
> conflict using a Linksys wireless router for a peer to peer network
> when trying to access more than one PC remotely as 3389 must be
> assigned to each static IP in addition to the unique port number
> used in the URL. I am not an advanced user, any detailed
> suggestions would be of great assistance. A Microsoft tech
> provided instructions for changing the remote port using RegEdit,
> but it did not solve the problem. Only one PC is remotely
> accessable on the network using a unique port and the default port
> 3389 for Remote Desktop. No other PCs are not accessable with a
> unique IPs with two unique ports assigned including the default
> 3389.

ThomFromPhilly wrote:

>snip>
> To access one PC on my peer
> to peer network through a Broadband modem and wireless router, it
> appears two ports need to be opened, the default 3389 and a second
> port with a unique number, both assigned to one static IP.

In order to access (using remote desktop/remote assistance in Windows XP) a
_single_ computer behind a router (like a netgear/d-link/linksys home router
you would get at Circuit City, Best Buy, Wal~Mart, etc...) you need only to
forward port 3389 on the router to the local IP of the machine you want to
remotely connect to *and* open up port 3389 through whatever software
firewall you utilize on said computer *and* have Remote Desktop turned on
(default settings) on the machine *and* have accounts on that machine with
passwords that are members (directly or by inheritance) of the "Remote
Desktop Users" group.

This assumes your modem is purely a modem - not a NAT device in its own
right (or those features have been disabled.)

> Opening only 3389 assigned to a static IP does not allow access.
> It seems there must be a second port open for the same IP with a
> unique number.

Not for a single machine - see above.

> If only one port is necessary, it would facilitate
> changing the default port from 3389 using RedEdit in order to allow
> access to several PCs with unique static IPs and default port
> numbers as you have suggested

One method of accessing several machines behind a single router is to change
the listening port for Remote Desktop on the computers behind said router
and then forward the appropriate port(s) to the approproate machine(s) on
the router itself... Then when using the remote desktop client -
router-iport is entered instead of just router-ip (specifying the port to
specify the machine.) There *are* other methods.

> However, unless I am doing something
> wrong, changing the default port using RedEdit and assigning a
> second unique port to the same unique IP does not work.

Somehow I feel you are making this more complicated than it should be.

> Any suggestions would be greatly appreciated and thank you in
> advance.

1) Leave one machine that is behind the router untouched - at least as far
as the port that is used to listen for remote desktop requests (3389.)
Assign this machine a static IP.
2) On each of the other machines, change the port - for example, let's say
you have four total machines... Leaving one at 3389, change the listening
port on the next one to 3390, the next to 3391 and the last to 3392. Assign
each these other machines static IPs.
3) On your router, create forwards for each port (3389, 3390, 3391, 3392) to
each corresponding static IP for the machines.
4) Ensure Remote Desktop is enabled on each of the machines.
5) Ensure you have valid username/passwords for each of the machines.
6) Ensure the software firewalls of each of the machines are allowing the
repective port/application through the firewall (Remote Desktop.)
7) Make sure the user you will be utilizing to remote to the machines is a
member of the Remote Desktop Users group (or is a member of the
administrators group - which makes them a member of the other group
automatically.)

If you have all of those done for each of the machines on your private
network, then when you are away you merely need to know the IP address for
the router and which machine you wish to connect to (and the
username/password of course.) When running the Remote Desktop Client - for
all of the machines that are *not* using port 3389 (the default one) - you
will put the ip-addressort... The PUBLIC IP Address of the router, colon,
the port of the machine you wish to connect to.

http://whatismyip.com/

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Each PC must have its own private static LAN IP. For example port forwarding
to PC-A on TCP Port 3389 and PC-B on TCP Port 3391 would then work as
illustrated in the first reference. Remember that when you do the registry
hack to change the listening port on PC-B you need to reboot PC-B (or any PC
you change the RDC listening port on).

You call each using the public IP of your router and appending the port to
the address.

Example - 12.34.56.78:3389 for PC-A and 12.34.56.78:3391 for PC-B. Carry out
that port changing scheme and addressing for each additional PC, ie. PC-C ->
12.34.56.78:3392, PC-D -> 12.34.56.78:3393 and so on.

You may, or may not, find it easier to setup a VPN or SSH tunnel. Then you
can access any PC on your network through the VPN or SSH tunnel and not have
to change any registry entries.

--

Al Jarvi (MS-MVP Windows – Desktop User Experience)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375

"ThomFromPhilly" <ThomFromPhilly@discussions.microsoft.com> wrote in message
news:ADA5E2AA-4D9E-4D8B-96EA-A444353F544A@microsoft.com...

> Your suggestion to change the default port 3389 via RegEdit does not solve
> the problem, unfortunately. To access one PC on my peer to peer network
> through a Broadband modem and wireless router, it appears two ports need
> to
> be opened, the default 3389 and a second port with a unique number, both
> assigned to one static IP. Opening only 3389 assigned to a static IP does
> not
> allow access. It seems there must be a second port open for the same IP
> with
> a unique number. If only one port is necessary, it would facilitate
> changing
> the default port from 3389 using RedEdit in order to allow access to
> several
> PCs with unique static IPs and default port numbers as you have suggested.
> However, unless I am doing something wrong, changing the default port
> using
> RedEdit and assigning a second unique port to the same unique IP does not
> work. Any suggestions would be greatly appreciated and thank you in
> advance.
>
> "Sooner Al [MVP]" wrote:
>

>> For help accessing multiple PCs behind a router see this page...
>>
>> http://theillustratednetwork.mvps.or...ple_PC_RD.html
>>
>> Alternatives would be to setup a VPN or SSH server on your network and
>> access all PCs with Remote Desktop through the one hole in the router
>> without needing the port hack.
>>
>> In all cases use a *strong* password...
>>
>> http://www.microsoft.com/protect/you...d/checker.mspx
>>
>> --
>>
>> Al Jarvi (MS-MVP Windows – Desktop User Experience)
>>
>> Please post *ALL* questions and replies to the news group for the
>> mutual benefit of all of us...
>> The MS-MVP Program - http://mvp.support.microsoft.com
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights...
>> How to ask a question
>> http://support.microsoft.com/KB/555375
>>
>> "ThomFromPhilly" <ThomFromPhilly@discussions.microsoft.com> wrote in
>> message
>> news:47CC1496-6818-4A3D-91EE-C633D700DACA@microsoft.com...

>> > Is there any way to change the default port for Remote Desktop from
>> > 3389
>> > for
>> > a host computer running WinXP Professional? There is a conflict using a
>> > Linksys wireless router for a peer to peer network when trying to
>> > access
>> > more
>> > than one PC remotely as 3389 must be assigned to each static IP in
>> > addition
>> > to the unique port number used in the URL. I am not an advanced user,
>> > any
>> > detailed suggestions would be of great assistance. A Microsoft tech
>> > provided
>> > instructions for changing the remote port using RegEdit, but it did not
>> > solve
>> > the problem. Only one PC is remotely accessable on the network using a
>> > unique port and the default port 3389 for Remote Desktop. No other PCs
>> > are
>> > not accessable with a unique IPs with two unique ports assigned
>> > including
>> > the
>> > default 3389.

>>

You did reboot after changing the port number in the registry, right?

ThomFromPhilly wrote:

> Your suggestion to change the default port 3389 via RegEdit does not
> solve the problem, unfortunately. To access one PC on my peer to
> peer network through a Broadband modem and wireless router, it
> appears two ports need to be opened, the default 3389 and a second
> port with a unique number, both assigned to one static IP. Opening
> only 3389 assigned to a static IP does not allow access. It seems
> there must be a second port open for the same IP with a unique
> number. If only one port is necessary, it would facilitate changing
> the default port from 3389 using RedEdit in order to allow access to
> several PCs with unique static IPs and default port numbers as you
> have suggested. However, unless I am doing something wrong, changing
> the default port using RedEdit and assigning a second unique port to
> the same unique IP does not work. Any suggestions would be greatly
> appreciated and thank you in advance.