Listening port does NOT change after following Article ID : 306759

Can someone please help me understand what I am doing wrong. These are the
facts

I have two computers running behind a WRT54G Linksys router
Port forwarding are enabled on both LAN computers 192.168.1.X
Both are Running XP Pro, SP2
Both have Remote Desktop enabled
Followed Article ID : 306759 on one LAN computer behind the Linksys router
and changed the Port Forwarding to reflect the changed port on the particular
LAN computer listed.

However upon following the article to change the listening port on one of my
LAN computers and AFTER reboot, the listening port does not change. PLEASE
HELP


--
Justice

Did you test over the local LAN to verify its not a port forwarding issue
with your router?

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

"JUSTICE" <JUSTICE@discussions.microsoft.com> wrote in message
news:3F85C65F-6F31-47AE-A9C3-05D45DFED5BB@microsoft.com...
> Can someone please help me understand what I am doing wrong. These are the
> facts
>
> I have two computers running behind a WRT54G Linksys router
> Port forwarding are enabled on both LAN computers 192.168.1.X
> Both are Running XP Pro, SP2
> Both have Remote Desktop enabled
> Followed Article ID : 306759 on one LAN computer behind the Linksys
> router
> and changed the Port Forwarding to reflect the changed port on the
> particular
> LAN computer listed.
>
> However upon following the article to change the listening port on one of
> my
> LAN computers and AFTER reboot, the listening port does not change. PLEASE
> HELP
>
>
> --
> Justice

Al,

What I am saying is that the listening port does NOT change period. When I
change the port to say 3388 or 3390 or 49555 according to the article and
restart the computer it does NOT change. I then navigate to (under the
Network Connection Settings) Windows Firewall, Advanced, Settings, Services
and click on "Edit" under Remote Desktop the following is displayed under
Service Settings (in a grayed out view)

Description of Service: Remote Desktop
TCP (is checked instead of UDP)
External number for this service: 3389
Internal number for this service: 3389

Simply put, the listening port number is not being changed on the computer
period. Should not this port listinening number change as it is populated
from the registry for this particular service AFTER following the article and
RESTARTING the computer in question?




--
Justice


"Sooner Al [MVP]" wrote:

> Did you test over the local LAN to verify its not a port forwarding issue
> with your router?
>
> --
>
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual
> benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
> "JUSTICE" <JUSTICE@discussions.microsoft.com> wrote in message
> news:3F85C65F-6F31-47AE-A9C3-05D45DFED5BB@microsoft.com...
> > Can someone please help me understand what I am doing wrong. These are the
> > facts
> >
> > I have two computers running behind a WRT54G Linksys router
> > Port forwarding are enabled on both LAN computers 192.168.1.X
> > Both are Running XP Pro, SP2
> > Both have Remote Desktop enabled
> > Followed Article ID : 306759 on one LAN computer behind the Linksys
> > router
> > and changed the Port Forwarding to reflect the changed port on the
> > particular
> > LAN computer listed.
> >
> > However upon following the article to change the listening port on one of
> > my
> > LAN computers and AFTER reboot, the listening port does not change. PLEASE
> > HELP
> >
> >
> > --
> > Justice
>
>
>

Ah the firewall...

That entry in the firewall does *NOT* get changed when you change the
listening port. That is either a bug or a design enhancement depending on
who you talk to at MS...:-)

The work around is to UNCHECK that entry in the firewall Exception list and
create a new entry with the new port.

FYI, you can verify the PC is actually listening on the new port by running
the "netstat -a" command from the command line (ie. go to "Start -> Run" and
type cmd in the window). See the "Troubleshooting" section of this page.

http://theillustratednetwork.mvps.or...eshooting.html

You can also test by temporarily disabling the firewall and connecting using
the new port then re-enabling the firewall.
--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

"JUSTICE" <JUSTICE@discussions.microsoft.com> wrote in message
news:B19CE3FC-E6E2-4DCA-AA9A-28546578F9D8@microsoft.com...
> Al,
>
> What I am saying is that the listening port does NOT change period. When I
> change the port to say 3388 or 3390 or 49555 according to the article and
> restart the computer it does NOT change. I then navigate to (under the
> Network Connection Settings) Windows Firewall, Advanced, Settings,
> Services
> and click on "Edit" under Remote Desktop the following is displayed under
> Service Settings (in a grayed out view)
>
> Description of Service: Remote Desktop
> TCP (is checked instead of UDP)
> External number for this service: 3389
> Internal number for this service: 3389
>
> Simply put, the listening port number is not being changed on the computer
> period. Should not this port listinening number change as it is populated
> from the registry for this particular service AFTER following the article
> and
> RESTARTING the computer in question?
>
> --
> Justice
>
>
> "Sooner Al [MVP]" wrote:
>
>> Did you test over the local LAN to verify its not a port forwarding issue
>> with your router?
>>
>> --
>>
>> Al Jarvi (MS-MVP Windows Networking)
>>
>> Please post *ALL* questions and replies to the news group for the mutual
>> benefit of all of us...
>> The MS-MVP Program - http://mvp.support.microsoft.com
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights...
>>
>> "JUSTICE" <JUSTICE@discussions.microsoft.com> wrote in message
>> news:3F85C65F-6F31-47AE-A9C3-05D45DFED5BB@microsoft.com...
>> > Can someone please help me understand what I am doing wrong. These are
>> > the
>> > facts
>> >
>> > I have two computers running behind a WRT54G Linksys router
>> > Port forwarding are enabled on both LAN computers 192.168.1.X
>> > Both are Running XP Pro, SP2
>> > Both have Remote Desktop enabled
>> > Followed Article ID : 306759 on one LAN computer behind the Linksys
>> > router
>> > and changed the Port Forwarding to reflect the changed port on the
>> > particular
>> > LAN computer listed.
>> >
>> > However upon following the article to change the listening port on one
>> > of
>> > my
>> > LAN computers and AFTER reboot, the listening port does not change.
>> > PLEASE
>> > HELP
>> >
>> > --
>> > Justice
>>

I forgot my other suggestion. It seems you want to access more than one PC
behind the Linksys router. While you can do that using the port change
method a more secure method is to use a VPN or Secure Shell (SSH) tunnel.
Personally I use the SSH method. You only need to open one port on your
router, versus multiple ports, and you can access any number of Remote
Desktop sessions using the default listening port.

http://theillustratednetwork.mvps.or...s/SSH-RDP.html

Once the SSH tunnel is established you can router Remote Desktop sessions
through it quite easily.

Personally I run the CopSSH server on one of my XP Pro boxes and use either
PuTTY or Tunnelier as the client on my laptop. I also use a private/public
key pair (encrypted with a strong pass phrase) for authentication. SSH is
encrypted end-to-end from the start and is very secure.

Something to think about...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

"Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> wrote in message
news:OU7ekbc7FHA.1020@TK2MSFTNGP15.phx.gbl...
> Ah the firewall...
>
> That entry in the firewall does *NOT* get changed when you change the
> listening port. That is either a bug or a design enhancement depending on
> who you talk to at MS...:-)
>
> The work around is to UNCHECK that entry in the firewall Exception list
> and create a new entry with the new port.
>
> FYI, you can verify the PC is actually listening on the new port by
> running the "netstat -a" command from the command line (ie. go to
> "Start -> Run" and type cmd in the window). See the "Troubleshooting"
> section of this page.
>
> http://theillustratednetwork.mvps.or...eshooting.html
>
> You can also test by temporarily disabling the firewall and connecting
> using the new port then re-enabling the firewall.
> --
>
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual
> benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
> "JUSTICE" <JUSTICE@discussions.microsoft.com> wrote in message
> news:B19CE3FC-E6E2-4DCA-AA9A-28546578F9D8@microsoft.com...
>> Al,
>>
>> What I am saying is that the listening port does NOT change period. When
>> I
>> change the port to say 3388 or 3390 or 49555 according to the article and
>> restart the computer it does NOT change. I then navigate to (under the
>> Network Connection Settings) Windows Firewall, Advanced, Settings,
>> Services
>> and click on "Edit" under Remote Desktop the following is displayed under
>> Service Settings (in a grayed out view)
>>
>> Description of Service: Remote Desktop
>> TCP (is checked instead of UDP)
>> External number for this service: 3389
>> Internal number for this service: 3389
>>
>> Simply put, the listening port number is not being changed on the
>> computer
>> period. Should not this port listinening number change as it is populated
>> from the registry for this particular service AFTER following the article
>> and
>> RESTARTING the computer in question?
>>
>> --
>> Justice
>>
>>
>> "Sooner Al [MVP]" wrote:
>>
>>> Did you test over the local LAN to verify its not a port forwarding
>>> issue
>>> with your router?
>>>
>>> --
>>>
>>> Al Jarvi (MS-MVP Windows Networking)
>>>
>>> Please post *ALL* questions and replies to the news group for the mutual
>>> benefit of all of us...
>>> The MS-MVP Program - http://mvp.support.microsoft.com
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights...
>>>
>>> "JUSTICE" <JUSTICE@discussions.microsoft.com> wrote in message
>>> news:3F85C65F-6F31-47AE-A9C3-05D45DFED5BB@microsoft.com...
>>> > Can someone please help me understand what I am doing wrong. These are
>>> > the
>>> > facts
>>> >
>>> > I have two computers running behind a WRT54G Linksys router
>>> > Port forwarding are enabled on both LAN computers 192.168.1.X
>>> > Both are Running XP Pro, SP2
>>> > Both have Remote Desktop enabled
>>> > Followed Article ID : 306759 on one LAN computer behind the Linksys
>>> > router
>>> > and changed the Port Forwarding to reflect the changed port on the
>>> > particular
>>> > LAN computer listed.
>>> >
>>> > However upon following the article to change the listening port on one
>>> > of
>>> > my
>>> > LAN computers and AFTER reboot, the listening port does not change.
>>> > PLEASE
>>> > HELP
>>> >
>>> > --
>>> > Justice
>>>
>
>

Al,

Thanks for the comprehensive and accurate feedback. I did as you indicated,
notwithstanding the design bug and it works perfectly - on port 3390 on the
one XP box. My wife wants to access her XP pro box from remote locations and
it was a pain to have to access the router remotely, and check and uncheck
the particular LAN machine under Port Forwarding to get the Remote Desktop
request through port 3389. Now I can use port 3390 through my WAN IP
x.x.x.x:3390 and go directly to my XP box. The changes are transparent to my
wife and not confusing to her.

As far as the security part of this, I am confident that I configured the
Encryption and Security in Terminal Services to REQUIRE the password to be
entered is sufficient notwithstanding the fact that the password is
checked/saved on the client portion. My wife and I use strong passwords for
our account passwords nonetheless. Additionally, I am bugging Linksys to
update the firmware to have it so that the "Incoming" log
feature/functionality of the router populate and save the incoming
connections for a period f time to be determined by the user so users can
monitor connections through the router. I also have enabled sucess/failure
option under the Local Security Settings\Security Settings\Local
Policies\Audit Policies\Audit logon events as another way to monitor the
times my wife and I access our XP Pro boxes while away from the house.

You are a true expert Al, and thanks for your PROFESSIONAL assistance!
--
Justice


"Sooner Al [MVP]" wrote:

> I forgot my other suggestion. It seems you want to access more than one PC
> behind the Linksys router. While you can do that using the port change
> method a more secure method is to use a VPN or Secure Shell (SSH) tunnel.
> Personally I use the SSH method. You only need to open one port on your
> router, versus multiple ports, and you can access any number of Remote
> Desktop sessions using the default listening port.
>
> http://theillustratednetwork.mvps.or...s/SSH-RDP.html
>
> Once the SSH tunnel is established you can router Remote Desktop sessions
> through it quite easily.
>
> Personally I run the CopSSH server on one of my XP Pro boxes and use either
> PuTTY or Tunnelier as the client on my laptop. I also use a private/public
> key pair (encrypted with a strong pass phrase) for authentication. SSH is
> encrypted end-to-end from the start and is very secure.
>
> Something to think about...
>
> --
>
> Al Jarvi (MS-MVP Windows Networking)
>
> Please post *ALL* questions and replies to the news group for the mutual
> benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
>
> "Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> wrote in message
> news:OU7ekbc7FHA.1020@TK2MSFTNGP15.phx.gbl...
> > Ah the firewall...
> >
> > That entry in the firewall does *NOT* get changed when you change the
> > listening port. That is either a bug or a design enhancement depending on
> > who you talk to at MS...:-)
> >
> > The work around is to UNCHECK that entry in the firewall Exception list
> > and create a new entry with the new port.
> >
> > FYI, you can verify the PC is actually listening on the new port by
> > running the "netstat -a" command from the command line (ie. go to
> > "Start -> Run" and type cmd in the window). See the "Troubleshooting"
> > section of this page.
> >
> > http://theillustratednetwork.mvps.or...eshooting.html
> >
> > You can also test by temporarily disabling the firewall and connecting
> > using the new port then re-enabling the firewall.
> > --
> >
> > Al Jarvi (MS-MVP Windows Networking)
> >
> > Please post *ALL* questions and replies to the news group for the mutual
> > benefit of all of us...
> > The MS-MVP Program - http://mvp.support.microsoft.com
> > This posting is provided "AS IS" with no warranties, and confers no
> > rights...
> >
> > "JUSTICE" <JUSTICE@discussions.microsoft.com> wrote in message
> > news:B19CE3FC-E6E2-4DCA-AA9A-28546578F9D8@microsoft.com...
> >> Al,
> >>
> >> What I am saying is that the listening port does NOT change period. When
> >> I
> >> change the port to say 3388 or 3390 or 49555 according to the article and
> >> restart the computer it does NOT change. I then navigate to (under the
> >> Network Connection Settings) Windows Firewall, Advanced, Settings,
> >> Services
> >> and click on "Edit" under Remote Desktop the following is displayed under
> >> Service Settings (in a grayed out view)
> >>
> >> Description of Service: Remote Desktop
> >> TCP (is checked instead of UDP)
> >> External number for this service: 3389
> >> Internal number for this service: 3389
> >>
> >> Simply put, the listening port number is not being changed on the
> >> computer
> >> period. Should not this port listinening number change as it is populated
> >> from the registry for this particular service AFTER following the article
> >> and
> >> RESTARTING the computer in question?
> >>
> >> --
> >> Justice
> >>
> >>
> >> "Sooner Al [MVP]" wrote:
> >>
> >>> Did you test over the local LAN to verify its not a port forwarding
> >>> issue
> >>> with your router?
> >>>
> >>> --
> >>>
> >>> Al Jarvi (MS-MVP Windows Networking)
> >>>
> >>> Please post *ALL* questions and replies to the news group for the mutual
> >>> benefit of all of us...
> >>> The MS-MVP Program - http://mvp.support.microsoft.com
> >>> This posting is provided "AS IS" with no warranties, and confers no
> >>> rights...
> >>>
> >>> "JUSTICE" <JUSTICE@discussions.microsoft.com> wrote in message
> >>> news:3F85C65F-6F31-47AE-A9C3-05D45DFED5BB@microsoft.com...
> >>> > Can someone please help me understand what I am doing wrong. These are
> >>> > the
> >>> > facts
> >>> >
> >>> > I have two computers running behind a WRT54G Linksys router
> >>> > Port forwarding are enabled on both LAN computers 192.168.1.X
> >>> > Both are Running XP Pro, SP2
> >>> > Both have Remote Desktop enabled
> >>> > Followed Article ID : 306759 on one LAN computer behind the Linksys
> >>> > router
> >>> > and changed the Port Forwarding to reflect the changed port on the
> >>> > particular
> >>> > LAN computer listed.
> >>> >
> >>> > However upon following the article to change the listening port on one
> >>> > of
> >>> > my
> >>> > LAN computers and AFTER reboot, the listening port does not change.
> >>> > PLEASE
> >>> > HELP
> >>> >
> >>> > --
> >>> > Justice
> >>>
> >
> >
>
>
>

Sooner
I saw this post and installed Tunnelier. Also using a private/public
key pair for authenication.
I am interested in the port forwarding to access a second pc through the
tunnel.

I saw your illustration using Tunnelier and I am a little confused.
I noted that you had a Tunnelier shortcut to go to machine 1 and I
assume that it is using port 3389.

And a shortcut to RDP Connection for pc2 and I assume this goes to port
3390? What is the connection IP? Would it be 127.0.0.1:3390?

I also assume that the listen port on pc2 for RDP has to be changed to
3390 correct? If so I got that.

I also saw that you had the UNC name for pc2, I think it was "Norman".
I assume you made an entry in the lmhosts file, correct?

Help me on this entry, would it be the LAN IP or the WAN?

Am I way off base on this?

This reply in a thread on the Broadband Reports forums may be of some
help...

http://www.broadbandreports.com/forum/remark,14687267

I have a "hosts" file on all of my desktops and my laptop that maps local
computer names to their static LAN IP address on my home network.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

"cdoc" <cdoc@bellsouth.net> wrote in message
news:7C5gf.46075$xK1.20505@bignews7.bellsouth.net. ..
> Sooner
> I saw this post and installed Tunnelier. Also using a private/public
> key pair for authenication.
> I am interested in the port forwarding to access a second pc through the
> tunnel.
>
> I saw your illustration using Tunnelier and I am a little confused.
> I noted that you had a Tunnelier shortcut to go to machine 1 and I assume
> that it is using port 3389.
>
> And a shortcut to RDP Connection for pc2 and I assume this goes to port
> 3390? What is the connection IP? Would it be 127.0.0.1:3390?
>
> I also assume that the listen port on pc2 for RDP has to be changed to
> 3390 correct? If so I got that.
>
> I also saw that you had the UNC name for pc2, I think it was "Norman". I
> assume you made an entry in the lmhosts file, correct?
>
> Help me on this entry, would it be the LAN IP or the WAN?
>
> Am I way off base on this?