ISP blocks RDP ports, crippling WHS 2003

Topic

New Reply

My ISP demands I pay for an expensive business plan if I want to be able to remotely connect to my home server from work/elsewhere. It has blocked the ports that my home server uses by default to allow RDP calls. Does anyone know an easy reliable workaround?
Thanks,
Todd

Reply | Quote

Replies

You could try changing the Remote Desktop port. The advice given is for XP, but it should work on WHS too. If you change it, make sure the port is allowed through your firewall.

Another alternative might be changing ISP :p. I wouldn’t take my ISP doing that to me.

Reply | Quote

Do you really need RDP access to the server? If you are just trying to access shared folders, have you considered using a free domain at homeserver.com that you are allowed with WHS?

Joe

--Joe

Reply | Quote

TeamViewer?

cheers, Paul

Reply | Quote

I dont recommend changing the terminal services listening port as mentioned above, it can break many things that depend on that port. you can however add a second listening port.

To do this, open the registry editor by hitting start > run and type regedit and hit enter. navigate to:

HKEY_LOCAL_MACHINESystemCurrentControlSetControlTerminalServerWinStationsRDP-Tcp

Right click on the RDP-Tcp registry key and select export, save the key to your desktop, giving it any name you wish, i usually just simply name it RDP. once its saved, minimized the registry editor and locate the exported reg key on your desktop, right click on it and select edit. This will open the key using notepad.

By default Terminal Services uses port 3389, the 10 ports following 3389 are unused, so i usually use 3390, if i’ve used that already, go to the next 3391 and so on.

Once the reg key is opened in notepad, the first thing you need to do is give the key a new name, this is done by editing the second line which looks like:

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp]

I usually name it by appending the new port number to it, like:

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp – 3390]

Once you’vegiven it a new name, search for the port number: hit CTRL + F and type portnumber in the search box. that should take you to this line:

“PortNumber”=dword:00000d3d

The port values are in hexadecimal, so the port number d3d = 3389, if you want to make this port number 3390 you would use the hexidecimal value d3e, for 3391 d3f, for 3392 d40 and so on.

so for port number 3390 you would edit the line to read:

“PortNumber”=dword:00000d3e

Once you have done this, click the red x in the corner to close notepad, it will ask you if you want to save the changes click Yes.

once the reg key is saved, right click on it and click select merge, a box will pop up stating the key has successfully been merged in to the registry. Now go back to regedit and look at the [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStations] key, you will now see 2 subkeys RDP-Tcp and RDP-Tcp – 3390.

You have now added a second Terminal Services listening port to your windows home server. you will need to forward that port through your firewall / router to your home server, if you need help with that reply with your router make and model and i’ll post instructions to accomplish this.

To access your server using the new port number, in the remote desktop connection box you would use the address: yourserveraddress:3390, if you have any questions feel free to ask.

Below is a sample of the full registry key with the edits made highlited in red:

Note: the sample registry key below is from a windows 7 computer so do not copy and paste it for use on your home server is will cause you problems, just make the edits as noted above.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp – 3390]
“AudioEnumeratorDll”=”rdpendp.dll”
“Callback”=dword:00000000
“CallbackNumber”=””
“CdClass”=dword:00000000
“CdDLL”=””
“CdFlag”=dword:00000000
“CdName”=””
“CfgDll”=”RDPCFGEX.DLL”
“ColorDepth”=dword:00000005
“Comment”=””
“Domain”=””
“DrawGdiplusSupportLevel”=dword:00000001
“fAllowSecProtocolNegotiation”=dword:00000001
“fAutoClientDrives”=dword:00000001
“fAutoClientLpts”=dword:00000001
“fDisableAudioCapture”=dword:00000000
“fDisableCam”=dword:00000000
“fDisableCcm”=dword:00000000
“fDisableCdm”=dword:00000000
“fDisableClip”=dword:00000000
“fDisableCpm”=dword:00000000
“fDisableEncryption”=dword:00000001
“fDisableExe”=dword:00000000
“fDisableLPT”=dword:00000000
“fEnableWinStation”=dword:00000001
“fForceClientLptDef”=dword:00000001
“fHomeDirectoryMapRoot”=dword:00000000
“fInheritAutoClient”=dword:00000001
“fInheritAutoLogon”=dword:00000001
“fInheritCallback”=dword:00000000
“fInheritCallbackNumber”=dword:00000001
“fInheritColorDepth”=dword:00000000
“fInheritInitialProgram”=dword:00000001
“fInheritMaxDisconnectionTime”=dword:00000001
“fInheritMaxIdleTime”=dword:00000001
“fInheritMaxSessionTime”=dword:00000001
“fInheritReconnectSame”=dword:00000001
“fInheritResetBroken”=dword:00000001
“fInheritSecurity”=dword:00000000
“fInheritShadow”=dword:00000001
“fLogonDisabled”=dword:00000000
“fPromptForPassword”=dword:00000000
“fReconnectSame”=dword:00000000
“fResetBroken”=dword:00000000
“fUseDefaultGina”=dword:00000000
“InitialProgram”=””
“InputBufferLength”=dword:00000800
“InteractiveDelay”=dword:00000032
“KeepAliveTimeout”=dword:00000000
“KeyboardLayout”=dword:00000000
“LanAdapter”=dword:00000000
“LoadableProtocol_Object”=”{18b726bb-6fe6-4fb9-9276-ed57ce7c7cb2}”
“MaxConnectionTime”=dword:00000000
“MaxDisconnectionTime”=dword:00000000
“MaxIdleTime”=dword:00000000
“MaxInstanceCount”=dword:ffffffff
“MinEncryptionLevel”=dword:00000002
“NWLogonServer”=””
“OutBufCount”=dword:00000006
“OutBufDelay”=dword:00000064
“OutBufLength”=dword:00000212
“Password”=””
“PdClass”=dword:00000002
“PdClass1″=dword:0000000b
“PdDLL”=”tdtcp”
“PdDLL1″=”tssecsrv”
“PdFlag”=dword:0000004e
“PdFlag1″=dword:00000000
“PdName”=”tcp”
“PdName1″=”tssecsrv”
“PortNumber”=dword:00000d3e
“SecurityLayer”=dword:00000001
“Shadow”=dword:00000001
“UserAuthentication”=dword:00000000
“Username”=””
“WdDLL”=”rdpwd”
“WdFlag”=dword:00000036
“WdName”=”Microsoft RDP 7.1”
“WdPrefix”=”RDP”
“WFProfilePath”=””
“WorkDirectory”=””
“WsxDLL”=”rdpwsx”

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-TcpTSMMRemotingAllowedApps]
“ehshell.exe”=dword:00000002

Reply | Quote

I’d say get a free account at http://www.logmein.com, works over SSL so you know it’d never get blocked.

Reply | Quote

If you still wish to use RDP it should be easy to do a port redirect on your router. You obviously have a port forward right now that looks something like.

forward tcp port 3389 > your.server.ip.address

the new redirect might look like this.

forward tcp port 3395 > tcp port 3389 your.server.ip.address

You would then point you rdp client at your.public.ip.address:3395 and the router redirects it to the correct port on the server. Your ISP has no idea what you are pointing at so unless the are blocking all ports accept web and email, you should be able to find one you can get through on. You also do not need to change anything on your server as the router is doing all the work and the server sees all traffic on the default port.

Reply | Quote

Find out if they block VPN ports.

Reply | Quote

Oh, and you could probably get LogMeIn Free to work easily.

Reply | Quote

if so i need to chage port 80 my isp is bloking port 80 and por 443 so i can not see my whs web site or remote page on line i have the wificorp.homeserver.com url i am on a nat line i have put in a static to my computer but thats onley good for internel net work not externel as thay block that but let you have it on your privite net work have a idea for me thank you brittany i know this is not the good info to put on the net but i do not have a problem with any one entering my cp so here gos i hop this can help with some configeration I copyed it from ipconfig

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : C0-A8-01-41
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.65%2
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled

Source Ports: AnySingleRange would this be myserver
Destination Ports: AnySingleRange and my internet conection

and then run the whs every thing conects green but on the free name homeserver it gives me 3 green and two red checkmarks websites and remot website are not conecting there has to be a way around this microsoft should be making a work around program as all most all isp are now blocking many ports and run on a nat . you pay good money for what ???? its no good if you cant get on the net and serve web sites thay need some kinda ssl socket to get throw it or some thing any ideas thank you

the router is a dlink model dvr-g3810bn/tl from telus in canada

Reply | Quote

ps my email add is hop i am ok to post this tank you again brittany.

Reply | Quote

MissB, I think your problem is you are using an IP V6 address on your server. Your router won’t do the conversion for you to be able to see the address outside your network. To test this I suggest you connect to your router and turn on remote management on port 80 – with a complex password to keep bad people out – then attempt to connect to the router from another location. If you can connect port 80 is OK.
Now you need an IP V4 address on the server – something like 196.168.0.2 – and then you need to set the router up to pass requests on port 80 to the server IP address.

cheers, Paul

Reply | Quote