Windows XP Pro Remote Desktop configuration, use and troubleshooting help and tips

Windows XP Pro Remote Desktop
configuration, use and troubleshooting help and tips

Overview
(from the online version - Windows XP Professional Resource Kit)

Remote Desktop provides access from a remote location to a computer running the Microsoft® Windows® XP Professional operating system, giving you the flexibility to work on your Windows XP Professional–based computer from anywhere, anytime. Remote Desktop in Windows XP Professional is an extension of the Microsoft® Windows® 2000 operating system Terminal Services functionality formerly available only in the Microsoft® Windows® 2000 Server family of operating systems.

---

• Enable Remote Desktop on the host PC and add/enable Remote Desktop users
• Install Remote Desktop client software
• Enable Windows XP SP3 Network Level Authentication client support
• Windows XP SP2 x86 Network Level Authentication client support
• Test over the local LAN
• Port forwarding through a firewall
• Addressing/Calling from a remote location
• Remote Desktop logging information
• Troubleshooting help
• Disable the remote PC desktop wallpaper for faster response times
• Change the Remote Desktop listening port
• How-To Access Multiple Remote Desktop PCs behind a firewall or router

---

 

Enable Remote Desktop on the host PC and add/enable Remote Desktop users

See this article from Microsoft.

Install Remote Desktop Client software

Remote Desktop client software for PCs running Windows 2000, Windows NT, Windows Me, Windows 98 SE, Windows 98 or Windows 95 can be installed from either the Windows XP Professional or XP Home CDs or downloaded from Microsoft. Mac and UNIX clients are also available for download. Windows XP Professional and XP Home have the Remote Desktop client software built-in to the operating system.

Network Level Authentication on a Windows XP SP3 Remote Desktop Client computer

By default, Network Level Authentication is disabled in Windows XP Service Pack 3. To enable Network Level Authentication, you have to turn on the Credential Security Service Provider (CredSSP). For more information about how to turn on CredSSP read this Microsoft Knowledge Base article. After rebooting the XP SP3 client computer see the online Vista help pages for details on how to check if a client computer supports Network Level Authentication.

Network Level Authentication for Windows XP SP2 x86 Remote Desktop Client computers

Microsoft has released a standalone Remote Desktop 6.1 client for Windows XP SP2 x86 computers. For more information  read this Microsoft Knowledge Base article. After rebooting the XP SP3 client computer see the online Vista help pages for details on how to check if a client computer supports Network Level Authentication.

Test on the local LAN

You can verify correct operation of Remote Desktop by connecting from another PC on the local LAN. Use the local private LAN IP address of the PC you want to connect to or the name of the PC. To find the local LAN IP of the PC you want to connect to go to Start | Run and type cmd in the command line window. Type ipconfig at the command line and note the reported IP address.

Note - The use of a static private LAN IP address is recommended for the desktop PC acting as the Remote Desktop host.

To access a Windows XP Professional PC using Remote Desktop see the Windows XP Professional Resource Kit Establishing a Remote Desktop Session section or the Windows XP Start a Remote Desktop Session How-To article.

Port forwarding for Remote Desktop

Access to a Windows XP Professional desktop PC running Remote Desktop that is behind a firewall, NAT or router is fairly easy to configure if the user can forward TCP ports to the target PC's private LAN IP addresses. Port forwarding of TCP Port 3389 through any firewall/NAT/router is required if the user needs to access a Windows XP Professional Remote Desktop from a remote location. The Windows XP SP2 Windows Firewall can be configured to allow Remote Desktop by simply checking a checkbox in the Exceptions tab.

The following example is from a Buffalo WBR-G54 4-Port Broadband router. The screen shot is current with the Buffalo v2.20 firmware release.

Click on the image for a larger view

Port forwarding instructions for other routers may be found on the router manufacturers support web pages, in the router Users Guides or on the PortForward.com web site.

Call Schemes from a remote location

Calling the Remote Desktop host PC from a remote location is accomplished using the public IP address, as assigned by the ISP, or fully qualified domain name of the PC or router/NAT/firewall.

To find the public IP open Internet Explorer on the PC at the remote location and go to sites like http://checkip.dyndns.org/ or http://www.whatismyip.com/ and note the reported IP address. If the firewall/NAT/router is configured correctly, the call will be successfully passed to the appropriate PC.

If the ISP assigns a dynamic IP then another solution is to setup an account with one of the dynamic naming services that map a fully qualified domain name to the IP.  In my case I use a FREE service from No-IP.com. The No-IP.com software runs on my XP Pro box and on a time schedule basis contacts the No-IP.com servers. The No-IP.com servers then know what your IP is and maps that to a fully qualified domain name. That information is then propagated over the public internet. You then call the Remote Desktop host PC using the fully qualified domain name.

Dynamic DNS Services (Some free, some not)

Dynamic DNS Network Services

No-IP.com

TZO.com

---

Logging Remote Desktop connection information

The following examples illustrate log file entries on an XP Pro desktop named Ashtabula for a Remote Desktop connection from another PC named Norman, local LAN IP address 192.168.11.12, on my local home LAN.
Windows XP Security Event Viewer Log
An Audit Policy may be configured using the Group Policy editor to track logon success and failures. From the Start | Run command window type gpedit.msc. Navigate to Local Computer Policy | Computer Configuration | Windows Settings | Security Settings | Local Policies | Audit Policy | Audit logon events. Highlight and right-click and select properties. Configure as desired.

Note that logging in without a password is logged as a failure. This results in the security log filling up very fast if you log failures and have a user without a password. The result is you can not login normally. Also note, not having a password is a potential and probable security risk.
The event log can be viewed by going to Start | Control Panel | Performance and Maintenance | Administrative Tools and click on Event Viewer.

The Event Log (Security) noting a successful logon and logoff by a remote user. The user can highlight a log entry and right-click to view the event Properties for detailed information.

Look in the Event Log (Security) for a Logon/Logoff Event 528 and Logon Type 10. 

Windows XP Port Reporter Tool Log
The free Microsoft Port Reporter tool provides for additional logging...Specifically see the PR-PORTSLOG file...
Description of the Port Reporter Parser (PR-Parser) tool

Availability and description of the Port Reporter tool

Windows XP SP2 Windows Firewall Log
See the Troubleshooting the Windows Firewall Settings in Windows XP Service Pack 2 Knowledge Base article for help configuring and interpreting the firewall log file.

 

---

Troubleshooting Windows XP Professional Remote Desktop

Verify that Terminal Services is running on the XP Pro desktop

The user can verify if the Terminal Services is running on the desktop PC by executing the services.msc command from the Windows XP Start | Run command window. The server status should be Started.

Click on the image for a larger view

Verify the PC is listening on TCP Port 3389

From the Windows XP desktop Start | Run command window execute the cmd command. At the command line prompt type the command netstat -a and verify the PC is listening on TCP Port 3389.

The Microsoft PortQry tool

PortQry is a command-line utility that you can also use to help troubleshoot Remote Desktop connectivity issues. This utility reports the port status of target TCP and User Datagram Protocol (UDP) ports on a local computer or on a remote computer. See Knowledge Base Article 832919 or the January 2005 Cable Guy article for details.

The following screen shots illustrate the use of the PortQryUI (User Interface) tool to help diagnose problems with Remote Desktop connectivity. The examples are from PortQry sessions on a local Remote Desktop host, Ashtabula, on my local LAN and a Remote Desktop client PC, Norman.

The following is an example of the host by name test results when Remote Desktop is NOT enabled on the Remote Desktop host PC or the query is blocked by a firewall. The command was executed on the Remote Desktop client PC, Norman.

The following is an example of the host by name test results when Remote Desktop is enabled on the Remote Desktop host PC or the query is not blocked by a firewall. The command was executed on the Remote Desktop client PC, Norman.

The Open Port Check tool

The CanYouSeeMe.org site Open Port Check tool can quickly tell you if port forwarding through local firewall/NAT/router devices is proper configured and working correctly. You can use this site to help troubleshoot Remote Desktop connectivity issues. Note that you should run this test from the Remote Desktop host PC.