Cannot remote desktop to work via VPN after NIS 2009 install unless I disable firewall

Hi,

Hope someone can help with this...

Did a full remove of KIS2009 and installed NIS2009. 

Then tried to VPN to work - using Nortel Client - the connecton seems to suceed but then fails at last moment. Did some googling and found a post here about creating a firewall rule allowing two ports.

Creating the rule then allow Nortel VPN to connect OK.

 

But now I cannot use Remote Desktop to connect to my work PC. If I disable the NIS2009 firewall then I can connect OK.

Any ideas on how to allow Remote Desktop?

 

Thanks! 

Hi,

Hope someone can help with this...

Did a full remove of KIS2009 and installed NIS2009. 

Then tried to VPN to work - using Nortel Client - the connecton seems to suceed but then fails at last moment. Did some googling and found a post here about creating a firewall rule allowing two ports.

Creating the rule then allow Nortel VPN to connect OK.

 

But now I cannot use Remote Desktop to connect to my work PC. If I disable the NIS2009 firewall then I can connect OK.

Any ideas on how to allow Remote Desktop?

 

Thanks! 

It says it has already created a rule for Remote Desktop - set to status of Protected.

What does this mean?

Should I just go ahead and edit the rule and add port 3389 to the Communications tab?

I assume it also uses UDP?

 

Hi Harry66,

 

Have you checked the status of mstsc.exe in the Program Control?

mstsc.exe is the executable responsible for Remote Desktop connection.

1. Start Norton Internet Security.
2. In the Internet section, click Settings.
3. Under Smart Firewall, click Configure next to Program Control.
4. In the Program Column, check whether mstsc.exe is already present.

5. If it is already present in the Program Control list, make sure that it is set to Allow for the Internet Access. Then go to Line 8.

6. If it is not present, click Add, select mstsc.exe from C:\WINDOWS\system32 folder and click Open.

7. From the drop-down box for Internet Access, selectAllow and click OK.
8. Click Apply, and then click OK.
9. Click OK.

 

Yogesh

Message Edited by yogesh_mohan on 12-24-2008 05:47 PM

Sorry for not responding earlier and for resurrecting an old thread.

I did not get time to try out the last post until today as I am stuck at home and needed to VPN in again.

Still getting the same problem - checked for mstsc.exe and it is already set to Allow under the options.

 

I didnt think the mstsc.exe was part of the problem because the vpn client fails to establish a connection whilst NIS Firewall is running - I dont even get as far as starting Remote desktop.

 

Hi harry66,

 

Please check whether VPN client(nortel client) is listed under the Program rules and make sure that it is allowed. If not, try to add the executables for your Nortel VPN client and allow the access. You can also try to create a general rule to allow the connection:

 

1. Start Norton Internet Security.
2. In the Internet pane, click Settings.
3. Under Smart Firewall, click Configure next to Advanced Settings.
4. Under Advanced Settings, click Configure next to General Rules.
5. Click Add.
6. In the Add Rule wizard, select Allow, and then click Next.
7. Select Connections to and from other computers, and then click Next.
8. Select Only the computers and sites listed below, and then click Add.

9. Select Individually, enter the Web site name to which VPN client connects and then click OK.
10. Click Next.

11. Select Only communications that match all types and ports listed below, and then click Add.

12. Select Individually specified ports, enter the port number which is required to be open(Port number:3389) and click OK.

13. Click Next.
14. If you want the logs for this rule to be saved, check Create an event log entry, and then click Next.
15. In the "What do you want to call this rule?" box, type a name for the rule, and then click Next.
16. Click Finish
17. Click Move Up to move the rule to top, and make it a higher priority.

18. Click OK, and again click OK.

19. Click OK.

 

Let us know the results.

 

Yogesh

 

I contacted Symantec support via chat and after about an hour of doing stuff the chap finally got it working by going into Smart Firewall->Advanced Settings and disabling the following:

Block all Network traffic = unblocked

Stealth Blocked Ports = Off

Stateful Protocol Filter = Off

 

I can now connect using VPN.

He also turned off System.ini, win.ini and most of the statup apps via msconfig.exe which was a bit weird. I asked him if I could then them on again and he said it was not a good idea. Does not seem like an ideal solution to me in that most of my Startup items have been disabled!!

 

The Stealth Blocked Ports feature ensures that blocked ports and inactive ports do not respond to connection attempts. When you turn on Stealth Blocked Ports, all ports on your computer are blocked from responding to incoming connection attempts. This feature also blocks unused ports.Stealth Blocked Ports can also open some ports to listen to connections from other computers. This way, it prevents active ports from responding to connection attempts with incorrect source or destination information. If blocking the Stealth ports works, then try to create a general firewall rule as I posted earlier and then check. Mostly, that port is blocked/not used currently and you have to make it open inorder to make your computer communicate through that port.

 

Also, I think that you are in some sort of clean boot mode (Selective Startup)as you said some of the startup items like system.ini, win.ini is disabled. Only basic services and some programs can work in this configuration. Please change back to normal mode. Then perform the steps exactly as I posted. Please post the results after that.

Thanks I will give this a try sometime soon and report  back here.