Sign in with
Sign up | Sign in
Your question

Remote Desktop Connection Security

Last response: in Windows XP
Share
Anonymous
June 9, 2004 12:18:01 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Hi,

I'd like to know how secure Windows Remote Desktop Connection is.
Here is my scenario.

There are two compunters behind a standard net gear router.
One computer has Windows XP Pro and another has Windows XP Home.
Both computers are kept uptodate with the latest windows update critical patches.
There are two ports open (one for each machine) that allow RDC traffic through the built in firewall of teh router.
User Accounts on both machine have a strong password (more than 8 characters and 3 different character types)

How secure is this set up?
And if not secure how do I go about securing it?
Or would I be better off using stand alone software like Norton's PC Anywhere?
Anonymous
June 9, 2004 2:34:55 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Remote Desktop is natively encrypted at a 128-bits...

http://www.microsoft.com/resources/documentation/Window...

You might consider changing the default client connection encryption level to "High" versus the
default "Client compatible" and *ALWAYS* prompt for a password.... Note this is done on the XP Pro
host machine...

http://www.microsoft.com/resources/documentation/Window...

If you need to feel a bit safer you can always change the listening port on the XP Pro box to
something other than the default TCP Port 3389 or run RD through a VPN tunnel. If you do change the
listening port then make sure you a) reboot the PC after making the change and b) make the change to
the router forwarding also.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;256986
http://support.microsoft.com/default.aspx?scid=kb;EN-US;322756

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306759
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q304304

Why do you have a second port open for XP Home? XP Home can *NOT* act as a RD host so you will not
be able to connect to it anyway using RD from a remote site...

Using a strong password with multiple character types is always a good thing...

I do not see any advantage in using PCAnywhere over Remote Desktop...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

"Superfly1611" <Superfly1611@discussions.microsoft.com> wrote in message
news:0CE79CC6-AA78-4109-AC48-4241B1F9D23B@microsoft.com...
> Hi,
>
> I'd like to know how secure Windows Remote Desktop Connection is.
> Here is my scenario.
>
> There are two compunters behind a standard net gear router.
> One computer has Windows XP Pro and another has Windows XP Home.
> Both computers are kept uptodate with the latest windows update critical patches.
> There are two ports open (one for each machine) that allow RDC traffic through the built in
> firewall of teh router.
> User Accounts on both machine have a strong password (more than 8 characters and 3 different
> character types)
>
> How secure is this set up?
> And if not secure how do I go about securing it?
> Or would I be better off using stand alone software like Norton's PC Anywhere?


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004
Anonymous
June 10, 2004 4:15:05 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

PC Anywhere has many of the same security implications as Remote
Desktop...

Jeffrey Randow (Windows Networking & Smart Display MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

On Wed, 9 Jun 2004 08:18:01 -0700, Superfly1611
<Superfly1611@discussions.microsoft.com> wrote:

>Hi,
>
>I'd like to know how secure Windows Remote Desktop Connection is.
>Here is my scenario.
>
>There are two compunters behind a standard net gear router.
>One computer has Windows XP Pro and another has Windows XP Home.
>Both computers are kept uptodate with the latest windows update critical patches.
>There are two ports open (one for each machine) that allow RDC traffic through the built in firewall of teh router.
>User Accounts on both machine have a strong password (more than 8 characters and 3 different character types)
>
>How secure is this set up?
>And if not secure how do I go about securing it?
>Or would I be better off using stand alone software like Norton's PC Anywhere?
Related resources
Anonymous
June 10, 2004 8:40:19 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

On Wed, 9 Jun 2004 10:34:55 -0500, "Sooner Al"
<SoonerAl@somewhere.net.invalid> wrote:

>...or run [Remote Desktop] RD through a VPN tunnel

I'd appreciate it if you could give a bit more detail about this
point.

Does an XP VPN connection need a specific port? I've seen port 1723
mentioned on some tutorials I've found.

Should the 3389 and 1723 (if needed) be both active and open at the
same time?

As I understand it, after VPN connections are enabled on the host
machine (XP Pro), a VPN connection from the client machine (Pro or
Home) can be initiated from a Network Connection connectoid. After
the VPN connection is established then what? Start Remote Desktop from
Programs > Accessories > Comm. > Remote Desktop Connection ?

I don't remember the exact error messages right now, but having being
able to configure both a host with XP Pro and a client with XP Home,
both being behind routers, both with dynamic IP addresses (using a
DDNS service), I am only successful when I use the client to do either
a Remote Desktop connection or a VPN connection to the host, but not
both. I think I'm missing something very simple here but I don't know
what.

If I start Remote Desktop first then VPN cannot be established and if
I start VPN first then Remote Desktop cannot be established. Also, if
a VPN connection is made from the client to the host, the client
looses all Internet access.

While I'm attempting to use this VPN tunnel for a Remote Desktop
connection, I am noticing that I have two internal LAN IPs listed for
the client machine, one 192.168.0.xxx (from the client's LAN) and one
192.168.1.yyy (from the host's LAN). Is that as expected?

Thanks in advance for any help and/or suggestions on the above.

....
Anonymous
June 10, 2004 8:50:30 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

On Wed, 9 Jun 2004 08:18:01 -0700, Superfly1611
<Superfly1611@discussions.microsoft.com> wrote:

>How secure is this set up?
>And if not secure how do I go about securing it?

I am no expert at this but I have a suggestion that you may find
useful.

Try to restrict the IP addresses that are requesting connections. If
your router won't filter IP addresses, then a software firewall on the
host PC most probably will. Even if this method adds an additional
layer of technical complexity and potential confusion, a software
firewall can be very useful for this and other purposes.

==
Anonymous
June 11, 2004 9:19:47 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

In order to do PPTP VPN through a firewall/NAT/router both TCP Port 1723 *AND* GRE Protocol 47
traffic need to be forwarded/enabled. Some firewall/NAT/router devices call the GRE Protocol 47
function "PPTP Pass Through", "VPN Pass Through", or you open a port manually with no protocol
specified or, like the XP ICF, GRE Protocol 47 traffic is enabled automagically when you forward TCP
Port 1723. Consult the manufacturers users guide or support web site for more details on that.

If you use a VPN tunnel and RD through the tunnel, then you don't need to forward/open TCP Port
3389.

The steps would be to initiate the VPN link using the public ISP assigned IP of the
firewall/NAT/router (which will redirect the tunnel to the VPN server) then the RD link using the
private LAN IP of the PC your trying to connect to.

Typically the VPN server assigns a client IP address that is different than the remote LAN IP
subnet. See these two pages for examples of that, one of which details how I setup an XP Pro box to
act as a PPTP VPN server on my local home LAN. In my example the normal private LAN IP addresses are
in the 192.168.0.X range, while my VPN server assigns client IP addresses in the 192.168.1.X range.

http://www.onecomputerguy.com/networking/xp_vpn_server....
http://members.cox.net/ajarvi/WM2003/WM2003PPTPVPN.html

Using my home LAN as an example, the PPTP VPN tunnel is established by the client calling the public
IP of the firewall/NAT/router, which is redirected to the PPTP VPN server. The client gets an IP of
192.168.1.11 assigned by the server. I would then use Remote Desktop (PocketPC Terminal Services
Client in my example) to call the PC with an address of 192.168.0.11 as an example...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

<invalid@invalid.com> wrote in message news:u9khc01j7ituf8l34osf2pnhp7qu98rptq@4ax.com...
> On Wed, 9 Jun 2004 10:34:55 -0500, "Sooner Al"
> <SoonerAl@somewhere.net.invalid> wrote:
>
>>...or run [Remote Desktop] RD through a VPN tunnel
>
> I'd appreciate it if you could give a bit more detail about this
> point.
>
> Does an XP VPN connection need a specific port? I've seen port 1723
> mentioned on some tutorials I've found.
>
> Should the 3389 and 1723 (if needed) be both active and open at the
> same time?
>
> As I understand it, after VPN connections are enabled on the host
> machine (XP Pro), a VPN connection from the client machine (Pro or
> Home) can be initiated from a Network Connection connectoid. After
> the VPN connection is established then what? Start Remote Desktop from
> Programs > Accessories > Comm. > Remote Desktop Connection ?
>
> I don't remember the exact error messages right now, but having being
> able to configure both a host with XP Pro and a client with XP Home,
> both being behind routers, both with dynamic IP addresses (using a
> DDNS service), I am only successful when I use the client to do either
> a Remote Desktop connection or a VPN connection to the host, but not
> both. I think I'm missing something very simple here but I don't know
> what.
>
> If I start Remote Desktop first then VPN cannot be established and if
> I start VPN first then Remote Desktop cannot be established. Also, if
> a VPN connection is made from the client to the host, the client
> looses all Internet access.
>
> While I'm attempting to use this VPN tunnel for a Remote Desktop
> connection, I am noticing that I have two internal LAN IPs listed for
> the client machine, one 192.168.0.xxx (from the client's LAN) and one
> 192.168.1.yyy (from the host's LAN). Is that as expected?
>
> Thanks in advance for any help and/or suggestions on the above.
>
> ...


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004
Anonymous
June 11, 2004 3:54:00 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Thank you very much for all your time and help with this issue. I was
successful in establishing both a VPN and a RD connection at the same
time but there are a couple of points I'd like to bring up if I may.


On Fri, 11 Jun 2004 05:19:47 -0500, "Sooner Al"
<SoonerAl@somewhere.net.invalid> wrote:

>In order to do PPTP VPN through a firewall/NAT/router both TCP Port 1723 *AND* GRE Protocol 47
>traffic need to be forwarded/enabled. Some firewall/NAT/router devices call the GRE Protocol 47
>function "PPTP Pass Through", "VPN Pass Through"...

I'm doing connections from home (client) to work (server). The router
at work has an option for PPTP and ITPSec Pass Through which I have
set to "allow" and apparently is the same functionality as the ports
you mention above. Since the VPN connection completes, this part looks
to be OK.


>If you use a VPN tunnel and RD through the tunnel, then you don't need to forward/open TCP Port
>3389.

OK. I've seen that on other tutorials but see below what happened when
I tried to do the Remote Desktop connection after the VPN was
established.


>The steps would be to initiate the VPN link using the public ISP assigned IP of the
>firewall/NAT/router (which will redirect the tunnel to the VPN server) then the RD link using the
>private LAN IP of the PC your trying to connect to.

After the VPN connection was established, when I tried to use the
server's LAN IP to do the Remote Connection I could not make it. The
error (I forget the number) was saying that the server cannot accept
the connection.

When I then tried to do a RD on the server's public IP I could make
it. It went through with no problem (because of port 3389 being open
probably). Does this mean that the RD connection was not using the
existing, established VPN connection?

If the only way to do RD through a VPN tunnel is to use the server's
LAN IP then what I got was two separate connections and certainly not
a RD through a VPN tunnel. Correct?

Whatever it was, the client PC was showing only one active connection
to the server and not two (using a network utility I have), if that
makes any difference whatsoever.


>The client gets an IP of
>192.168.1.11 assigned by the server. I would then use Remote Desktop (PocketPC Terminal Services
>Client in my example) to call the PC with an address of 192.168.0.11 as an example...

Let me repeat that just to make sure that I get it.

The server has a LAN IP of 192.168.1.300
and after the successful VPN connection
it assigns the client PC a LAN IP of 192.168.1.400.

What I tried was to do a RD from the client to
192.168.1.300, the server's LAN IP but I was not successful - the
connection was refused. Did I use the right IP?

Thank you very much.

==
June 11, 2004 11:56:02 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

On Fri, 11 Jun 2004 11:54:00 -0500, invalid@invalid.com wrote:

>
>
>
>Thank you very much for all your time and help with this issue. I was
>successful in establishing both a VPN and a RD connection at the same
>time but there are a couple of points I'd like to bring up if I may.
>
.. [ ... cut .. ]
>Let me repeat that just to make sure that I get it.
>
>The server has a LAN IP of 192.168.1.300
>and after the successful VPN connection
>it assigns the client PC a LAN IP of 192.168.1.400.

These are illegal (completely wrong) IP addresses. 192.168.1.1 -
192.168.1-254 are correct. I'm not sure how did you determine or set
up those two addresses, but they can not be used!

Once you are connected to the client, one way or the other, run
command prompt and run the command:

ipconfig /all

Check the address of the interface.

(or did you type it wrong here, and they are 192.168.1.30 (not 300)?)

mj

mj
>
>What I tried was to do a RD from the client to
>192.168.1.300, the server's LAN IP but I was not successful - the
>connection was refused. Did I use the right IP?
>
>Thank you very much.
>
>==
Anonymous
June 12, 2004 12:51:09 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

On Fri, 11 Jun 2004 19:56:02 -0400, x <no-email@sympatico.ca> wrote:

>These are illegal (completely wrong) IP addresses.

Oops... I was trying to give an example and I lost sense of what I'm
typing.

Assume that the IPs are what I wrote without the last 0.

Today the situation advanced one half step. I did not get an immediate
error when I tried to RD to the server's LAN IP, instead I did get the
RD screen, but it remained completely blank for a couple of minutes
and then I get the new error "the connection to the remote computer
was broken".

Something is interfering with something but I can't find out what. I
still can do a RD to the server's public IP, but not to the private
IP.

Any suggestions are welcome.

===
Anonymous
June 12, 2004 10:39:13 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

One thing I do, and this is illustrated on my PocketPC VPN page that I pointed to you earlier, is to
have the VPN server assign an IP to the client that is in a different subnet than the server local
IP address...Meaning if the VPN server is on the local subnet of 192.168.0.X, then the client is
assigned an IP in the 192.168.100.X subnet for example. From your post over on the DSL Report VPN
forum it seems you have the following situation...

Server PC with XP Pro:

WAN IP: A.B.C.D (dynamic and with a DDNS myserver.no-ip.com)
LAN IP: 192.168.1.30.
Behind a Linksys BEFSR41 (v2)
PPTP and IPSec Pass Through are both enabled.
Port 1723 and port 3389 are both forwarded to 192.168.1.30.

Client PC with XP Home:

WAN IP: E.F.G.H (dynamic and with a DDNS myclient.no-ip.com)
LAN IP: 192.168.0.50
Behind a DLink DI-604
I have not done any forwarding on this router.

And your client gets a 192.168.1.X address when connected via the VPN tunnel.

Do these steps...

1. Change the assigned VPN client subnet on the server to 192.168.100.X, ie. provide a small range
of addresses in that subnet
for client use.
2. Forward TCP Port 1723 and enable GRE Protocol 47 traffic on the D-Link DI-604 router to the
private LAN IP of your XP Home VPN client machine. (This step may not be required, but it may
help)...
3. Disable port forwarding of TCP Port 3389 on the remote end, ie. the Linksys router.

You can disable IPSec Pass Through on the Linksys router also, since your only doing PPTP VPN...Lets
plug some holes...


--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

<invalid@invalid.com> wrote in message news:D mljc0loe0uvrb72uo2t0a0d40p3glltpo@4ax.com...
>
>
>
> Thank you very much for all your time and help with this issue. I was
> successful in establishing both a VPN and a RD connection at the same
> time but there are a couple of points I'd like to bring up if I may.
>
>
> On Fri, 11 Jun 2004 05:19:47 -0500, "Sooner Al"
> <SoonerAl@somewhere.net.invalid> wrote:
>
>>In order to do PPTP VPN through a firewall/NAT/router both TCP Port 1723 *AND* GRE Protocol 47
>>traffic need to be forwarded/enabled. Some firewall/NAT/router devices call the GRE Protocol 47
>>function "PPTP Pass Through", "VPN Pass Through"...
>
> I'm doing connections from home (client) to work (server). The router
> at work has an option for PPTP and ITPSec Pass Through which I have
> set to "allow" and apparently is the same functionality as the ports
> you mention above. Since the VPN connection completes, this part looks
> to be OK.
>
>
>>If you use a VPN tunnel and RD through the tunnel, then you don't need to forward/open TCP Port
>>3389.
>
> OK. I've seen that on other tutorials but see below what happened when
> I tried to do the Remote Desktop connection after the VPN was
> established.
>
>
>>The steps would be to initiate the VPN link using the public ISP assigned IP of the
>>firewall/NAT/router (which will redirect the tunnel to the VPN server) then the RD link using the
>>private LAN IP of the PC your trying to connect to.
>
> After the VPN connection was established, when I tried to use the
> server's LAN IP to do the Remote Connection I could not make it. The
> error (I forget the number) was saying that the server cannot accept
> the connection.
>
> When I then tried to do a RD on the server's public IP I could make
> it. It went through with no problem (because of port 3389 being open
> probably). Does this mean that the RD connection was not using the
> existing, established VPN connection?
>
> If the only way to do RD through a VPN tunnel is to use the server's
> LAN IP then what I got was two separate connections and certainly not
> a RD through a VPN tunnel. Correct?
>
> Whatever it was, the client PC was showing only one active connection
> to the server and not two (using a network utility I have), if that
> makes any difference whatsoever.
>
>
>>The client gets an IP of
>>192.168.1.11 assigned by the server. I would then use Remote Desktop (PocketPC Terminal Services
>>Client in my example) to call the PC with an address of 192.168.0.11 as an example...
>
> Let me repeat that just to make sure that I get it.
>
> The server has a LAN IP of 192.168.1.300
> and after the successful VPN connection
> it assigns the client PC a LAN IP of 192.168.1.400.
>
> What I tried was to do a RD from the client to
> 192.168.1.300, the server's LAN IP but I was not successful - the
> connection was refused. Did I use the right IP?
>
> Thank you very much.
>
> ==


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.703 / Virus Database: 459 - Release Date: 6/10/2004
Anonymous
June 12, 2004 6:59:43 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

On Sat, 12 Jun 2004 06:39:13 -0500, "Sooner Al"
<SoonerAl@somewhere.net.invalid> wrote:


>1. Change the assigned VPN client subnet on the server to 192.168.100.X, ie. provide a small range
>of addresses in that subnet for client use.

OK. I changed it to 192.168.100.1 to .5 and the Server now assigned
the incoming VPN connection the 192.168.100.1 IP. However, at the
Client I see 192.168.100.2. Is that a hint of the problem maybe?

Also, as you probably read already :)  after the VPN is made, I cannot
ping the Server's LAN IP from the Client. I can ping the Server's
public IP but not it's LAN IP.


>2. Forward TCP Port 1723 and enable GRE Protocol 47 traffic on the D-Link DI-604 router to the
>private LAN IP of your XP Home VPN client machine. (This step may not be required, but it may
>help)...

I did the 1723 but I can't find how to enable GRE... I'll search more
on this.


>3. Disable port forwarding of TCP Port 3389 on the remote end, ie. the Linksys router.

Right now I've let it enabled because I assume I won't have a way to
access the Server if I close it. I am changing settings on the Server
by connecting to it with a Remote Desktop to its public IP. If this
may be hindering the RD through the VPN, then I'll try that as a last
step.

>You can disable IPSec Pass Through on the Linksys router also, since your only doing PPTP VPN...Lets
>plug some holes...

OK.

By the way, does it mean anything when I try to RD to the LAN IP, I do
get the RD window but it remains blank and then I get the "connection
to remote PC broken" ?

If I try to do an RD to an invalid IP then I immediately get the
"server cannot connect, etc". I thought maybe the fact that I do get
the initial window may be an indication of what the problem could be.

Thanks again for all your help.

==
Anonymous
June 13, 2004 9:55:41 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

That's correct. That is what you should see on the client, ie. the server will be the first IP
assigned, ie. the 192.168.100.1 IP, and the client one of the remaining IP addresses, ie. in your
case the 192.168.100.2 IP... That looks good...

Can you ping the servers 192.168.100.1 IP address? Is a firewall running on the server or target PC
that may be blocking pings, etc? If you can't ping the PC your trying to connect to while connected
via the VPN tunnel, chances are your not going to get RD to connect correctly.

This page may help with the D-Link router...

http://www.portforward.com/dlink/di-604.htm

Its possible GRE Protocol 47 traffic is enabled automagically when you enable the virtual server for
PPTP VPN on this router. However, I really don't know...

You could run this telnet test through the VPN tunnel to see if this tells you anything...

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q187628

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

<nothing@invalid.com> wrote in message news:2smmc05mn7uo3rig3hingtfo7q4qh2a5u8@4ax.com...
> On Sat, 12 Jun 2004 06:39:13 -0500, "Sooner Al"
> <SoonerAl@somewhere.net.invalid> wrote:
>
>
>>1. Change the assigned VPN client subnet on the server to 192.168.100.X, ie. provide a small range
>>of addresses in that subnet for client use.
>
> OK. I changed it to 192.168.100.1 to .5 and the Server now assigned
> the incoming VPN connection the 192.168.100.1 IP. However, at the
> Client I see 192.168.100.2. Is that a hint of the problem maybe?
>
> Also, as you probably read already :)  after the VPN is made, I cannot
> ping the Server's LAN IP from the Client. I can ping the Server's
> public IP but not it's LAN IP.
>
>
>>2. Forward TCP Port 1723 and enable GRE Protocol 47 traffic on the D-Link DI-604 router to the
>>private LAN IP of your XP Home VPN client machine. (This step may not be required, but it may
>>help)...
>
> I did the 1723 but I can't find how to enable GRE... I'll search more
> on this.
>
>
>>3. Disable port forwarding of TCP Port 3389 on the remote end, ie. the Linksys router.
>
> Right now I've let it enabled because I assume I won't have a way to
> access the Server if I close it. I am changing settings on the Server
> by connecting to it with a Remote Desktop to its public IP. If this
> may be hindering the RD through the VPN, then I'll try that as a last
> step.
>
>>You can disable IPSec Pass Through on the Linksys router also, since your only doing PPTP
>>VPN...Lets
>>plug some holes...
>
> OK.
>
> By the way, does it mean anything when I try to RD to the LAN IP, I do
> get the RD window but it remains blank and then I get the "connection
> to remote PC broken" ?
>
> If I try to do an RD to an invalid IP then I immediately get the
> "server cannot connect, etc". I thought maybe the fact that I do get
> the initial window may be an indication of what the problem could be.
>
> Thanks again for all your help.
>
> ==


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.705 / Virus Database: 461 - Release Date: 6/12/2004
Anonymous
June 15, 2004 3:52:14 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

On Sun, 13 Jun 2004 05:55:41 -0500, "Sooner Al"
<SoonerAl@somewhere.net.invalid> wrote:

>Its possible GRE Protocol 47 traffic is enabled automagically when you enable the virtual server for
>PPTP VPN on this router. However, I really don't know...

Me neither... However, while running a program to show network
activity at the Client, after the VPN is established, I see listings
for successful connections of RDS, PPTP and GRE to the Server, so
apparently that "auto-magically" that you describe looks like is in
effect.

>You could run this telnet test through the VPN tunnel to see if this tells you anything...

After the VPN is established I can telnet from the Client to the
Server to both the Server's VPN IP at port 1723 and the Server's
public IP at port 3389.

I can also ping the Server's VPN IP from the Client. But an RDC to the
Server's VPN IP fails again.

Let me ask something else. After the VPN is made is there anything in
the Client that I should see to indicate a new connection other than
the connection icon in the system tray? I don't see anything in the
Network Places or the Workgroup areas and the file manager doesn't
show any new shares. Should it?

==
Anonymous
June 15, 2004 10:01:30 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Run the telnet test to the private IP of the XP Pro Remote Desktop host your trying to reach while
connected via the VPN tunnel.

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

<nothing@invalid.com> wrote in message news:rftsc0d99r6ub1uqkakv64nikihhqkjuo3@4ax.com...
> On Sun, 13 Jun 2004 05:55:41 -0500, "Sooner Al"
> <SoonerAl@somewhere.net.invalid> wrote:
>
>>Its possible GRE Protocol 47 traffic is enabled automagically when you enable the virtual server
>>for
>>PPTP VPN on this router. However, I really don't know...
>
> Me neither... However, while running a program to show network
> activity at the Client, after the VPN is established, I see listings
> for successful connections of RDS, PPTP and GRE to the Server, so
> apparently that "auto-magically" that you describe looks like is in
> effect.
>
>>You could run this telnet test through the VPN tunnel to see if this tells you anything...
>
> After the VPN is established I can telnet from the Client to the
> Server to both the Server's VPN IP at port 1723 and the Server's
> public IP at port 3389.
>
> I can also ping the Server's VPN IP from the Client. But an RDC to the
> Server's VPN IP fails again.
>
> Let me ask something else. After the VPN is made is there anything in
> the Client that I should see to indicate a new connection other than
> the connection icon in the system tray? I don't see anything in the
> Network Places or the Workgroup areas and the file manager doesn't
> show any new shares. Should it?
>
> ==
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.706 / Virus Database: 462 - Release Date: 6/14/2004
Anonymous
June 16, 2004 12:36:32 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

On Tue, 15 Jun 2004 06:01:30 -0500, "Sooner Al"
<SoonerAl@somewhere.net.invalid> wrote:

>Run the telnet test to the private IP of the XP Pro Remote Desktop host your trying to reach while
>connected via the VPN tunnel.

From the Client, after VPN is established and the VPN Server has
assigned 192.168.100.1 to itself and 192.168.100.3 to the Client, I
can telnet successfuly to both 192.168.100.1 port 3389 and
192.168.100.1 port 1723 (I think the second is irrelevant.)

As a reminder of the situation, I cannot establish a RDC to
192.168.100.1 but I can establish a RDC to the Server's public IP.

Any other troubleshooting step would be welcome.

==
Anonymous
October 13, 2004 10:31:05 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

hey mate:it appears remote desktop only works with xp pro?
jack
Anonymous
October 13, 2004 10:39:32 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

In message <A54599A2-CE47-4A70-BC7B-E877F380092C@microsoft.com>,
"=?Utf-8?B?amFjayBjLg==?=" <jackc@discussions.microsoft.com> wrote:
>
>
>
> hey mate:it appears remote desktop only works with xp pro?

XP Pro can act as a Remote Desktop (RD) host or client. XP Home can act as
a RD client only.

Do a Google search on UltraVNC as an alternative if you want to access/control
a XP Home box...

--
Al Jarvi (MS-MVP Windows Networking)

--
Posted with Ink Spot (for PocketPC) from DejaVu Software, Inc.
Usenet wherever you are - http://www.dejavusoftware.com/
Anonymous
October 13, 2004 11:13:10 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

"Sooner Al" wrote:

> In message <A54599A2-CE47-4A70-BC7B-E877F380092C@microsoft.com>,
> "=?Utf-8?B?amFjayBjLg==?=" <jackc@discussions.microsoft.com> wrote:
> >
> >
> >
> > hey mate:it appears remote desktop only works with xp pro?
>
> XP Pro can act as a Remote Desktop (RD) host or client. XP Home can act as
> a RD client only.
>
> Do a Google search on UltraVNC as an alternative if you want to access/control
> a XP Home box...
>
> --
> Al Jarvi (MS-MVP Windows Networking)
>
> --
> Posted with Ink Spot (for PocketPC) from DejaVu Software, Inc.
> Usenet wherever you are - http://www.dejavusoftware.com/
>

what i'm trying to do is access my desktop via my pda.i have xp home on
desktop,so it appears i won't be able to do this?
is this is a true statement what do i need from vnc to establish
client-host setup?
thanks,
jack
Anonymous
October 14, 2004 9:08:37 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

What PDA? If its a PocketPC the built-in Terminal Services Client (TSC) may be used to connect to XP
Pro boxes running Remote Desktop or W2003/W2K Servers running Terminal Services via a wired/wireless
LAN connection...

To access/control an XP Home box look at using UltraVNC... Get the server software from...

http://ultravnc.sourceforge.net/

PocketPC VNC client software...

http://www.allware.com.mx/Windowsce/
http://www.cs.utah.edu/%7Emidgley/wince/vnc.html

If the XP Home box is behind a firewall/NAT/router then TCP Port 5900 must be opened...

Or, upgrade the XP Home box to XP Pro...:-)

I can't speak to Palm devices...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

"jack c." <jackc@discussions.microsoft.com> wrote in message
news:1F418DC1-C1FB-4B74-9C06-897F1F6E2B12@microsoft.com...
>
>
> "Sooner Al" wrote:
>
>> In message <A54599A2-CE47-4A70-BC7B-E877F380092C@microsoft.com>,
>> "=?Utf-8?B?amFjayBjLg==?=" <jackc@discussions.microsoft.com> wrote:
>> >
>> >
>> >
>> > hey mate:it appears remote desktop only works with xp pro?
>>
>> XP Pro can act as a Remote Desktop (RD) host or client. XP Home can act as
>> a RD client only.
>>
>> Do a Google search on UltraVNC as an alternative if you want to access/control
>> a XP Home box...
>>
>> --
>> Al Jarvi (MS-MVP Windows Networking)
>>
>> --
>> Posted with Ink Spot (for PocketPC) from DejaVu Software, Inc.
>> Usenet wherever you are - http://www.dejavusoftware.com/
>>
>
> what i'm trying to do is access my desktop via my pda.i have xp home on
> desktop,so it appears i won't be able to do this?
> is this is a true statement what do i need from vnc to establish
> client-host setup?
> thanks,
> jack
Anonymous
October 14, 2004 9:33:13 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Correction... The last statement..."I can't speak to Palm devices"...should read "I can't speak to
the ability of Palm devices to use TSC or VNC"...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

"Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
news:eEJWHXdsEHA.3324@TK2MSFTNGP15.phx.gbl...
> What PDA? If its a PocketPC the built-in Terminal Services Client (TSC) may be used to connect to
> XP Pro boxes running Remote Desktop or W2003/W2K Servers running Terminal Services via a
> wired/wireless LAN connection...
>
> To access/control an XP Home box look at using UltraVNC... Get the server software from...
>
> http://ultravnc.sourceforge.net/
>
> PocketPC VNC client software...
>
> http://www.allware.com.mx/Windowsce/
> http://www.cs.utah.edu/%7Emidgley/wince/vnc.html
>
> If the XP Home box is behind a firewall/NAT/router then TCP Port 5900 must be opened...
>
> Or, upgrade the XP Home box to XP Pro...:-)
>
> I can't speak to Palm devices...
>
> --
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no rights...
>
> "jack c." <jackc@discussions.microsoft.com> wrote in message
> news:1F418DC1-C1FB-4B74-9C06-897F1F6E2B12@microsoft.com...
>>
>>
>> "Sooner Al" wrote:
>>
>>> In message <A54599A2-CE47-4A70-BC7B-E877F380092C@microsoft.com>,
>>> "=?Utf-8?B?amFjayBjLg==?=" <jackc@discussions.microsoft.com> wrote:
>>> >
>>> >
>>> >
>>> > hey mate:it appears remote desktop only works with xp pro?
>>>
>>> XP Pro can act as a Remote Desktop (RD) host or client. XP Home can act as
>>> a RD client only.
>>>
>>> Do a Google search on UltraVNC as an alternative if you want to access/control
>>> a XP Home box...
>>>
>>> --
>>> Al Jarvi (MS-MVP Windows Networking)
>>>
>>> --
>>> Posted with Ink Spot (for PocketPC) from DejaVu Software, Inc.
>>> Usenet wherever you are - http://www.dejavusoftware.com/
>>>
>>
>> what i'm trying to do is access my desktop via my pda.i have xp home on
>> desktop,so it appears i won't be able to do this?
>> is this is a true statement what do i need from vnc to establish
>> client-host setup?
>> thanks,
>> jack
>
Anonymous
October 15, 2004 12:57:12 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

There is a PalmOS client, but it isn't freeware...
http://palmsource.palmgear.com/index.cfm?fuseaction=sof...

and there are a few others out there...

Google is your friend... :) 
---
Jeffrey Randow (Windows Networking MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows Network Technology Community -
http://www.microsoft.com/windowsserver2003/community/ce...
Windows Home Networking Community -
http://www.microsoft.com/windowsxp/expertzone/communiti...


On Thu, 14 Oct 2004 05:33:13 -0500, "Sooner Al"
<SoonerAl@somewhere.net.invalid> wrote:

>Correction... The last statement..."I can't speak to Palm devices"...should read "I can't speak to
>the ability of Palm devices to use TSC or VNC"...
Anonymous
October 15, 2004 2:06:10 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Do the palms do language recognition?

"Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
news:e$sW2kdsEHA.2668@TK2MSFTNGP12.phx.gbl...
> Correction... The last statement..."I can't speak to Palm
> devices"...should read "I can't speak to the ability of Palm devices to
> use TSC or VNC"...
>
> --
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual
> benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
> "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
> news:eEJWHXdsEHA.3324@TK2MSFTNGP15.phx.gbl...
>> What PDA? If its a PocketPC the built-in Terminal Services Client (TSC)
>> may be used to connect to XP Pro boxes running Remote Desktop or
>> W2003/W2K Servers running Terminal Services via a wired/wireless LAN
>> connection...
>>
>> To access/control an XP Home box look at using UltraVNC... Get the server
>> software from...
>>
>> http://ultravnc.sourceforge.net/
>>
>> PocketPC VNC client software...
>>
>> http://www.allware.com.mx/Windowsce/
>> http://www.cs.utah.edu/%7Emidgley/wince/vnc.html
>>
>> If the XP Home box is behind a firewall/NAT/router then TCP Port 5900
>> must be opened...
>>
>> Or, upgrade the XP Home box to XP Pro...:-)
>>
>> I can't speak to Palm devices...
>>
>> --
>> Al Jarvi (MS-MVP Windows Networking)
>>
>> Please post *ALL* questions and replies to the news group for the mutual
>> benefit of all of us...
>> The MS-MVP Program - http://mvp.support.microsoft.com
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights...
>>
>> "jack c." <jackc@discussions.microsoft.com> wrote in message
>> news:1F418DC1-C1FB-4B74-9C06-897F1F6E2B12@microsoft.com...
>>>
>>>
>>> "Sooner Al" wrote:
>>>
>>>> In message <A54599A2-CE47-4A70-BC7B-E877F380092C@microsoft.com>,
>>>> "=?Utf-8?B?amFjayBjLg==?=" <jackc@discussions.microsoft.com> wrote:
>>>> >
>>>> >
>>>> >
>>>> > hey mate:it appears remote desktop only works with xp pro?
>>>>
>>>> XP Pro can act as a Remote Desktop (RD) host or client. XP Home can act
>>>> as
>>>> a RD client only.
>>>>
>>>> Do a Google search on UltraVNC as an alternative if you want to
>>>> access/control
>>>> a XP Home box...
>>>>
>>>> --
>>>> Al Jarvi (MS-MVP Windows Networking)
>>>>
>>>> --
>>>> Posted with Ink Spot (for PocketPC) from DejaVu Software, Inc.
>>>> Usenet wherever you are - http://www.dejavusoftware.com/
>>>>
>>>
>>> what i'm trying to do is access my desktop via my pda.i have xp home on
>>> desktop,so it appears i won't be able to do this?
>>> is this is a true statement what do i need from vnc to establish
>>> client-host setup?
>>> thanks,
>>> jack
>>
>
Anonymous
October 15, 2004 7:31:20 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I don't know...I do know that "Friends don't let friends use a Palm"...:-)

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
news:u0iuIulsEHA.316@TK2MSFTNGP11.phx.gbl...
> Do the palms do language recognition?
>
> "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
> news:e$sW2kdsEHA.2668@TK2MSFTNGP12.phx.gbl...
>> Correction... The last statement..."I can't speak to Palm devices"...should read "I can't speak
>> to the ability of Palm devices to use TSC or VNC"...
>>
>> --
>> Al Jarvi (MS-MVP Windows Networking)
>>
Anonymous
October 19, 2004 12:45:06 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

They have Graffiti or the new tech which recognizes characters, but
not a transcriber type utility (at least natively)
---
Jeffrey Randow (Windows Networking MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows Network Technology Community -
http://www.microsoft.com/windowsserver2003/community/ce...
Windows Home Networking Community -
http://www.microsoft.com/windowsxp/expertzone/communiti...

On Thu, 14 Oct 2004 22:06:10 -0400, "Bill Sanderson"
<Bill_Sanderson@msn.com.plugh.org> wrote:

>Do the palms do language recognition?
>
>"Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
>news:e$sW2kdsEHA.2668@TK2MSFTNGP12.phx.gbl...
>> Correction... The last statement..."I can't speak to Palm
>> devices"...should read "I can't speak to the ability of Palm devices to
>> use TSC or VNC"...
>>
>> --
>> Al Jarvi (MS-MVP Windows Networking)
>>
>> Please post *ALL* questions and replies to the news group for the mutual
>> benefit of all of us...
>> The MS-MVP Program - http://mvp.support.microsoft.com
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights...
>>
>> "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
>> news:eEJWHXdsEHA.3324@TK2MSFTNGP15.phx.gbl...
>>> What PDA? If its a PocketPC the built-in Terminal Services Client (TSC)
>>> may be used to connect to XP Pro boxes running Remote Desktop or
>>> W2003/W2K Servers running Terminal Services via a wired/wireless LAN
>>> connection...
>>>
>>> To access/control an XP Home box look at using UltraVNC... Get the server
>>> software from...
>>>
>>> http://ultravnc.sourceforge.net/
>>>
>>> PocketPC VNC client software...
>>>
>>> http://www.allware.com.mx/Windowsce/
>>> http://www.cs.utah.edu/%7Emidgley/wince/vnc.html
>>>
>>> If the XP Home box is behind a firewall/NAT/router then TCP Port 5900
>>> must be opened...
>>>
>>> Or, upgrade the XP Home box to XP Pro...:-)
>>>
>>> I can't speak to Palm devices...
>>>
>>> --
>>> Al Jarvi (MS-MVP Windows Networking)
>>>
>>> Please post *ALL* questions and replies to the news group for the mutual
>>> benefit of all of us...
>>> The MS-MVP Program - http://mvp.support.microsoft.com
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights...
>>>
>>> "jack c." <jackc@discussions.microsoft.com> wrote in message
>>> news:1F418DC1-C1FB-4B74-9C06-897F1F6E2B12@microsoft.com...
>>>>
>>>>
>>>> "Sooner Al" wrote:
>>>>
>>>>> In message <A54599A2-CE47-4A70-BC7B-E877F380092C@microsoft.com>,
>>>>> "=?Utf-8?B?amFjayBjLg==?=" <jackc@discussions.microsoft.com> wrote:
>>>>> >
>>>>> >
>>>>> >
>>>>> > hey mate:it appears remote desktop only works with xp pro?
>>>>>
>>>>> XP Pro can act as a Remote Desktop (RD) host or client. XP Home can act
>>>>> as
>>>>> a RD client only.
>>>>>
>>>>> Do a Google search on UltraVNC as an alternative if you want to
>>>>> access/control
>>>>> a XP Home box...
>>>>>
>>>>> --
>>>>> Al Jarvi (MS-MVP Windows Networking)
>>>>>
>>>>> --
>>>>> Posted with Ink Spot (for PocketPC) from DejaVu Software, Inc.
>>>>> Usenet wherever you are - http://www.dejavusoftware.com/
>>>>>
>>>>
>>>> what i'm trying to do is access my desktop via my pda.i have xp home on
>>>> desktop,so it appears i won't be able to do this?
>>>> is this is a true statement what do i need from vnc to establish
>>>> client-host setup?
>>>> thanks,
>>>> jack
>>>
>>
>
!