1

I have these two computers, both joined to my home wireless network. I frequently access either of them using RDC from the other with no problem. I have large video files to transfer via the RDC and the wireless network transfer when using Wi-Fi is very slow.

I connected the two computers together via their Ethernet ports—one directly plugged into the other—with a Cat 5 crossover Ethernet cable. With this connection they can both successfully ping each other and access shared folders between the via Windows Explorer when one or both is disconnected from the wireless network.

However, regardless of this disconnected wireless network status, RDC will not connect.

It displays the common message:

Remote Desktop can’t connect to the remote computer for one of these reasons:

1) Remote access to the server is not enabled

2) The remote computer is turned off

3) The remote computer is not available on the network

Make sure the remote computer is turned on and connected to the network, and that remote access is enabled.

I first fixed their LAN IP addresses and assigned 169.254.128.110 to one and and .112 last octet to the other, and made both use 255.255.0.0 for the subnet mask.

After that I tried connecting from one to the other on both computers with both computer names and IP addresses. I also tried disabling wireless adapter on both of them, but I cannot determine a configuration at this level that allows the connection from either of the computers.

This is something that I usually do when I want to connect to my laptop, I connect the laptop to one of these with the cable, then disable network adapter on the laptop, that it can be reachable just from cable and run RDC on the PC and done! But I don't know what is wrong between PCs.

What else should I check to find the problem or what else should I further troubleshoot?

My Configuration

I have what we'll name PC1, PC2 and Laptop1 in a home network. They all happily connect each other via RDC when they can reach each other through WLAN.

When I disconnect them from wireless network and wire two of them up at a time using same crossover wire, Laptop1 connects both PC1 and PC2 and vice versa. But PC1 and PC2 wont connect each other, however, they can ping each other.

There is no firewall appliance, no router, no gateway, same subnet mask and assigned static IPs from same range but different from wireless network IP range. PC1 and PC2 are running Win 7 x86 and the laptop is running Win 8.1 x64.

Improve this question
0

2 Answers 2

Reset to default
2
+50

Troubleshooting RDP Access

Note: In this case to be thorough with testing, I suggest disabling both the Wi-Fi adapters beforehand. You may also want to test all these options thoroughly and be sure to only use what's needed to allow the access if you can pinpoint the specific settings so I'll give a "general" breakdown to assist.

  1. Assign a valid IP Address... The 169.254.X.X subnet range is an indicator that the NIC tried to get an IP address via DCHP but couldn't get one and thus it assigned an Automatic Private IP Addressing (APIPA). This just means you should configure static IP addresses between the two machine's LAN port on the same subnet so perhaps 192.168.2.10 on one and then 192.168.2.11 on the other and just give them a subnet mask of 255.255.255.0 and leave both the default gateways blank—not confirm both can ping each other and get a response of success.

  2. Enabled Remote Desktop Access... To ensure Remote Desktop access is enabled on the machines you wish to RDC into, you want to run this command from administrator elevated command prompt.

    • reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

  3. Confirm if Windows Firewall is blocking... To test to ensure the Windows Firewall is not blocking the TCP port 3389 traffic, you can disable the firewall on both Windows machines using an administrator elevated command prompt with the command listed below and the test to see if you can connect. If so, the culprit is the Windows Firewall.

    • Disable Windows Firewall Command: advfirewall set allprofiles state off
    • Re-Enable Windows Firewall Command: advfirewall set allprofiles state on

  4. Open Windows Firewall for RDC access... If it is determined that the Windows Firewall is blocking the traffic, you can add a new Windows Firewall rule from an administrator elevated command prompt on both machines with the below syntax to tell it to accept TCP port 3389 connections from machines on the 192.168.2.0/24 subnet in the domain, private and public network profiles. I named the rule below __Allow Inbound RDP so if you go to wf.msc and then look in the Inbound Rules, you can see the settings this sets there.

    • netsh advfirewall firewall add rule name="__Allow Inbound RDP" dir=in action=allow protocol=TCP localport=3389 remoteip=192.168.2.0/24 enable=yes profile=domain,private,public

    Additionally, to go along with the above #4 custom Windows Firewall rule, consider checking the default Inbound rule named Remote Desktop (TCP-In) rule from the same wf.msc and check the Scope tab and consider adding the 192.168.2.0/24 subnet range, and from the Range tab, consider checking all the Profiles there but play with the settings and test to see which options work for you that are the most restrictive if you can.

Additional Issues

If you connect to the RDP session of a machine and get an error or quick pop up indicating You cannot proceed because authentication is require, then you can run the below command in an administrator elevated command prompt to change the SecurityLayer setting in the registry. In some cases the pop up is quick and hard to see so it may be worth setting this if you get a quick pop up but cannot see the error detail and the connection is not established.

  • reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v SecurityLayer /t REG_DWORD /d 0 /f

Security Considerations

It sounds like you only have these machines connected to a local crossover cable from LAN-to-LAN port so if that's the case and you do not allow TCP port 3389 to be directed from your WAN Internet connection of your router to either of these machines IP addresses on Wi-Fi or LAN, then you likely don't have much to worry about assuming you don't have these connected to a large network with lots of people that access it. So if you trust the devices connected to your local network via the Wi-Fi or Ethernet, then don't worry if you don't have this opened from the network.

If you do have these machines connected to a large network that many people access and there would be a concern with someone running brute force attacks internally to gain the RDC access guessing at the password, then there are a few things to consider.

  1. Be sure the local accounts on the laptop that are allowed Remote Desktop access have super long and complex passwords such as "Th1s 1s my r3mot3 m@ch1n3!!" so as long as it around 14 characters or longer you can make it cryptic yet a phrase that's easy to remember as in the example I wrote there.
    • If there are any built-in account or other local account, be sure those are disabled or change the password on them to be super long and cryptic and if possible, disallow those accounts RDP access entirely.

  2. You also want to be sure the local accounts are set to lock out after 3-5 authentication failures for the account that failed to authenticate. Read over the Windows 7 ��� How to set up a Password and Account Lockout Policy for more detail on some of this.

  3. Lastly, it may be best also to only enable the Windows Firewall rule that allows this access from the machine(s) when you need to use the RDC access. This way the machine(s) is/are only vulnerable during the period you wish to use the protocol for access.

Further Resources

Improve this answer
0

If the computers can see each other but you are unable to connect via RDC, then you'll want to check the firewall settings on the destination machine; ensure that port 3389 is allowing traffic through in order for Remote Desktop to connect successfully.

Improve this answer
9
  • Is that something that may differ when I use different interfaces? Because at the time I can connect when both are connected via WLAN.
    – saastn
    Commented Jan 18, 2019 at 16:29
  • Have you tried entering the destination machine's IP Address instead of the hostname?
    – Rowan Richards
    Commented Jan 18, 2019 at 16:34
  • Yes, I have, but no difference.
    – saastn
    Commented Jan 18, 2019 at 16:35
  • Compare the properties of the network profiles (wireless and wired) on one or both of the computers and identify what's different
    – Rowan Richards
    Commented Jan 18, 2019 at 16:37
  • 2
    It is possible that your wireless connection is set home network, while the wired connection is being identified as public and has different firewall rules.
    – user218076
    Commented Jan 24, 2019 at 14:11

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .