Unable to connect to XP Remote Desktop Connection Host after updating to 3.0

First, let me say that I LOVE CPF! I’ve been using it for over a year and would never go back to any other firewall. Having said that, after the last update for 3.0, where a message appeared indicating that the config file format had changed and the file should be updated, I mistakenly said yes to the conversion before noting my global rules. Ever since then, I’ve been unable to connect to my desktop via Remote Desktop Connection. I’m running XP Pro SP2 on all my systems.

I was able to connect to it every time prior to that one update. Now, try as I might, I can no longer connect. I’ve tried every combination of rules that I can think of with no success. I haven’t changed the port number from the default (3389) and I’ve made no changes to the ports open on the router’s firewall. The only change has been to the CFP configuration on my desktop (the RDC host). I’ve search the threads for possible answers and have found none.

I depend on connecting to my host when at my clients’ facilities (I’m a PC/Systems Consultant) and have had to resort to using LogMeIn (not a bad free product, just not as fast/reliable as RDC). Has anyone else had this issue with v 3.0 and resolved it?

Thanks in advance for any help and/or guidance you can give me… :BNC

Clem

Clem,

I’ve used XP Remote Desktop successfully from work to home.

You’ll need to add a global rule to allow incoming RDP and an application rule.

First the Global Rule:

  • Allow and log TCP In
  • Source Addr: Any
  • Dest Addr: Any
  • Source Port: Any
  • Dest Port: 3389

Next the Application Rule - add it to svchost.exe:
You probably already have a rule for ‘C:\WINDOWS\system32\svchost.exe’, but if you don’t add one. Add the following rule to svchost.exe:

  • Allow TCP In
  • Source Addr: Any
  • Dest Addr: Any
  • Source Port: Any
  • Dest Port: 3389

That should be it. I’d recommend trying it at your host system location by dialing out with a notebook or second computer and coming back into your internal network. That way if it doesn’t work you can check the Firewall logs on the host to see where the problem is and make adjustments. The Global Rule should leave a log record for every connection attempt.

Another item to check. If you have a dynamic IP address at the host location, verify that the URL resolves to the correct IP address. (Trying pinging your host URL and verify that you get the correct IP address.)

Good luck!
Frank

Hi Frank,

Thanks for the quick reply. As soon as I’m back at my desktop, I’ll try your suggestion and see if it works. As I mentioned in my post, I was always able to use RDC (and have used it for several years now!), until the last update to v3.0.

I’ll let you know what happens.

Thanks again,

Clem

Hi Frank,

I was able to easily add the global rule. However, I’m having problems adding and application rule to the existing svchost.exe rule. I’ve looked at the help screens but they’re no help when it comes to adding to an existing rule.

Any guidance would be truly appreciated!

Thanks,
Clem

Clem,

It should be fairly easy.

  • Double click on the C:\WINDOWS\system32\svchost.exe in the Application Rules list.

  • Verify that ‘Use a Custom Policy’ is selected. If not, then selected it.

  • If ‘Use a Predefined Policy’ was initially selected then you may not have an outgoing rule and you will need to add one first. If an outgoing rule is present, then skip to ‘Add Incoming Rule’ below.

  • Add Outgoing Rule (If one is not already present)

    • Select Add
    • Select Allow, IP, Out
    • Verify that Source Address, Destination Address and IP Details are all ‘Any’.
    • Apply
  • Add Incoming Rule:

    • Select Add
    • Select Allow, TCP, and In.
    • Select Source Address Tab - Any
    • Destination Address Tab - Any
    • Source Port Tab - Any
    • Destination Port Tab - A Single Port, enter 3389
    • Apply
  • Apply

  • Apply

That should create the rule.

Frank

Thanks Frank. I’ll give that a try. I was concerned because when I tried adding it after double-clicking the existing rule, the existing rule was replaced by the rule I created.

I’ll let you know what happens…

Clem

Hi Frank,
It worked! Thanks for all your help. I do have one more question. I’ve noticed that after logging onto my host, when I’m ready to disconnect, if I disconnect using the Start\Disconnect method, after I click OK on the dialog that appears asking if I really want to disconnect, nothing happens. I have to disconnect using the connection bar that appears at the top of the screen. Does this have anything to do with any ports controlled by Comodo?

Thanks again for all your help!

Clem

Clem,

Glad to hear it worked!!!
I haven’t used Remote Desktop much since I set it up so I tried connecting, then disconnecting and also logging off. In both cases the Remote Desktop client closed automatically after I initiated the disconnect or log off process.
It doesn’t seem like Comodo Firewall would be responsible for client failing to close. As far as I know, Remote Desktop gets everything it needs over port 3389.

Frank