Remote Desktop Connection (RDP) - HELP!

Discussion in 'ESET Smart Security' started by JustAnotherUser, Dec 6, 2007.

Thread Status:
Not open for further replies.
  1. JustAnotherUser

    JustAnotherUser Registered Member

    Joined:
    Oct 31, 2007
    Posts:
    14
    Location:
    London, UK.
    Has ANYONE been able to setup the firewall for RDP connection IN to the machine?
    I tried the advanced setup and created a rule that allowed port 3389 TCP & UDP to ALLOW traffic in and out.
    The tried connecting to the box. No luck.
    I then decided to RDP OUT to another box and see what rule it created.
    Ok, it created on, outbound only, I changed this to in bound and made suire it was for Local and External traffic and I STILL can't get to the machine form an other PC.

    Has ANYONE got any ideas? I'm going nuts!
    It looks like a good product.... but if it can't do the basics, why did I upgrade to it?
    :(
     
  2. markjrenna

    markjrenna Registered Member

    Joined:
    Dec 7, 2007
    Posts:
    15
    Change to Interactive Mode from Automatic.
    I had to allow access to SVCHOST.EXE
     

    Attached Files:

  3. ASpace

    ASpace Guest

    In the rule markjrenna posted about , I would only add a specific IP adress which can get into the computer because a rule to allow all kind of communitcation to from/all ports for svchost is a little bit risky , I think.
     
  4. JustAnotherUser

    JustAnotherUser Registered Member

    Joined:
    Oct 31, 2007
    Posts:
    14
    Location:
    London, UK.
    markjrenna and HiTech boy, thanks, but in reality, I can't just allow one IP address, the whole point of having the PC able to be RDP'ed to is that I can be anywhere (in the world) and still get back to the PC.

    I will try markjrenna's idea, even though SVCHOST.EXE is already listed as being able to get through the fire wall for a couple of other app's, but it's worth the try.

    Will post back soon.

    Cheers.
     
  5. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    452
    in which case i would recomend changing from the default rdp port, and create a VERY secure password/passphrase

     
  6. JustAnotherUser

    JustAnotherUser Registered Member

    Joined:
    Oct 31, 2007
    Posts:
    14
    Location:
    London, UK.
    kC,

    Thnaks for the tip, I do this normally by default, not this port, but it doesn't matter which port, just as long as it's not the normal one.
    I'm leaving everything as completely startdard until I get it working properly, then I'll change it to my normal setup.
    And what? Passwords and not done standard as STRONG passwords, i.e. numbers, letters, special chars and upper and lower case? The mind boggles! ;)

    Well, I tried the SVCHOST.EXE and guess what.... Nope, no access from the outside.
    Have also noticed that the Steam Engine when starting up doesn't actually manage to get out to the outside world, even when creating rules for the TCP & UDP ports that it supposedly uses.

    I am SURE that this HAS to be a great firewall, it's even stopping things from getting out that I want out let a lone getting in, but I just need to configure it so that it DOES work like it says on the can.

    All help is greatly appreciated. Thanks everyone and anyone.
     
  7. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    452
    yeh doesnt matter on the port, i just put that as an example.

    i did notice when i first installed ess beta1 i couldnt get rdp working from wan.
    but then after a reboot it did prompt for it, and have never had problems since.

    is the windows firewall definatley set to off? because obviously if that was on, it would block rdp and ess wouldnt warn you..

    also i take it that the correct lan ip is forwarded in your router?


    if nothing working i would suggest
    1. uninstal ess
    2. reboot
    3. delete the folder C:\Documents and Settings\YOURUSERNAME\Application Data\ESET
    4. reinstal ESS in interactive mode
    5. reboot
    6. attempt remote desktop connection, and it "should" prompt you
     
  8. JustAnotherUser

    JustAnotherUser Registered Member

    Joined:
    Oct 31, 2007
    Posts:
    14
    Location:
    London, UK.
    kC, thanks for the suggestion.
    I did EXACTLY as you said, and...
    It's now working! Cheers!

    But WHY exactly it didn't work the FIRST time? Is beyond me.
    I think that there are some issues that need to be sorted in the install.

    But for now, I'm happy, now I can install on the other 6 machines, just replicating these rules with a export and import of the rules. (And THAT is a good feature as well, good thinking there ESET)
     
  9. terran

    terran Registered Member

    Joined:
    Jan 5, 2008
    Posts:
    3
    I've got a similar issue, except that I cannot use Remote Desktop to connect to another machine. So, in this case, I'm trying to connect OUT, whereas, JustAnotherUser was trying to connect IN.

    The details:
    This is my home computer (with ESET) and I'm trying to connect to my work computer. We connect to a VPN before we're able to use Remote Desktop (it's Check Point's SecureClient VPN application). I'm assuming that ESET has the rules necessary for the VPN (it's allowing In and Out), as I'm able to connect to it as normal. Now, I fire up RD for the first time, and ESET prompts me for an outbound rule. I allow it, and try to connect, but nothing happens. I've changed the rule to allow In and Out (also tried doing the same for svchost), and also tried adding the 3389 incoming port. No change. No connection.

    I even followed the directions for uninstalling and reloading. Same process, no connection. I'm also noticing that Outlook Web Access for work is also not loading up (even though the VPN is working).

    Any ideas why this wouldn't work? Any special rules I would need to add for the VPN app?

    Thanks for any insight!
     
  10. JustAnotherUser

    JustAnotherUser Registered Member

    Joined:
    Oct 31, 2007
    Posts:
    14
    Location:
    London, UK.
    Hi terran,

    Can I ask you to shutdown Smart Security,
    i.e. Double lick on the ESET Smart Security Icon in the system tray to bring up the ESET Smart Security window.
    Then click on Setup.
    Then click on Personal firewall.
    Then click on (on the right hand side) Disable filtering: allow all traffic

    This will then effectively turn off the firewall. I will be assuming that your machine is sitting behind a router and you are allocated an IP address from the router something like 192.168.x.x, if this is the case then the machine is not exposed to the outside world directly (unless you have set up rules on your router to allow certain ports to be re-routed to this machine)

    Then can I ask you to try connecting to work. Do the process that you normally do and then confirm that the problem is with ESET Smart Security or not.

    If this then works, the problem is more than likely to be with ESET Smart Security, I am not saying that it will be for sure, but it more than likely points in this direction.

    We can then look at possible ways to fix from this point onwards.

    Cheers.
     
  11. terran

    terran Registered Member

    Joined:
    Jan 5, 2008
    Posts:
    3
    Thanks for your response!

    - I Disabled the firewall, as you described.
    - Yes, 192.168.x.x is how my router hands out IPs...this computer is set up with a static IP, so it always has the same number.
    - Connected to the VPN, just fine.
    - Remote Desktop connected to my work computer just fine, too!

    Just for kicks, after I connected to Remote Desktop, I came back to ESET and re-enabled the Firewall. I could click back to the Remote Desktop screen of my work computer, but I couldn't do anything on the screen except move the mouse...couldn't click buttons, use shortcut keys, or anything. Disabling the ESET Firewall once again on my computer (with Remote Desktop still connected) allowed me to control my work computer yet again.

    As a follow-up test (why didn't I think of this before? duh!), I tried connecting to another computer on my home network via Remote Desktop. I tried it with no VPN (because it's not needed) and with the ESET Firewall enabled (so this would determine if the Firewall was allowing or blocking Remote Desktop). I got through immediately! So it appears that RD is being allowed properly!

    So, I guess that means that the VPN may have another component that is getting blocked. I took a look and already have three of my VPN's ".exe" components listed in the rules for the Firewall...perhaps there are more that I need to investigate? I suppose it's possible that the Login/Authentication components are filtered properly (allowing me to log in, as I'm doing now), but perhaps there is one or more additional components that actually carry the "data payload" for Remote Desktop, etc?

    Does that sound like a fair assumption? Additional thoughts? Thanks!
     
  12. JustAnotherUser

    JustAnotherUser Registered Member

    Joined:
    Oct 31, 2007
    Posts:
    14
    Location:
    London, UK.
    Hi terran,

    Yes, sounds like a fair assumption, that being that there may be more items that need allowing through the firewall.

    My first suggestion is to see if you can get some background information on CheckPoints SecureClient to see if there is anything that they can point you towards.

    The next suggestion is... (I don't think your gonna like this one though) and that is, remove (delete) the current rules you have for the SecureClient VPN software in ESS, then REINSTALL the SecureClient VPN software and then try connecting.
    This should (I say SHOULD because I haven't tried it with this scenario here, so I cannot guarantee it will) re-alert you as things wanting to go in and out of ESS.

    Failing this... the work around is... and this is not something I would like to condone, disable ESS connect the VPN and RDP and work away making absoultely SURE that you do NO OTHER Internet based activities on this machine WHILE ESS is turned off, I know it's not nice, but it is a work around if everything else fails, or, at least until you find a solution.

    I am pining my thoughts on that it will be more things need to be enabled in ESS to allow comms.

    Also, when you have deleted the existing rules for RDP and SecureClient VPN don't forget to go through and check for any others that are saying they are STOPPING things from being sent out or coming in. It may just be one of these things that is stopping the comms.

    Let me know how you got on.

    Cheers.
     
  13. terran

    terran Registered Member

    Joined:
    Jan 5, 2008
    Posts:
    3
    Here's what I did:

    1. Connected to work and Grabbed the install package from my work server. Surprisingly, it was an updated version from what I had installed!
    2. Deleted the rules in the Firewall for the VPN.
    3. Uninstalled the VPN software.
    4. Reboot
    5. Installed the new/updated VPN software.
    6. Reboot
    7. The VPN icon did not appear in the system tray (like it usually does), but ESET prompted to add a rule for the new VPN software...I allowed it.
    8. Rebooted again, to let the rule take effect.
    9. No further prompt, and still no icon in the tray, so I manually added the other rules that I had in there before (the original 3 VPN components I mentioned in my other post).
    10. Reboot.
    11. Icon appeared in the tray, so I tried connecting. Success!
    12. Tried Remote Desktop to connect to work. DOUBLE SUCCESS !

    So now I'm good to go! I'm not sure if it was simply the updated VPN software that worked better with the Firewall or if it was something else, but regardless, everything's working as it should!

    Happy happy! Thanks for the suggestions, JAU!
     
  14. JustAnotherUser

    JustAnotherUser Registered Member

    Joined:
    Oct 31, 2007
    Posts:
    14
    Location:
    London, UK.
    Well, your more than welcome, just trying to help, and it's always good to get someone else's eyes on an issue, if for nothing else than to tell you your not going insane!

    Best of luck going forward.

    Kind regards

    JAU
     
Thread Status:
Not open for further replies.