The Offer Remote Assistance feature does not work when you use a VPN to connect a Windows Vista-based computer to a corporate network

Article translations Article translations
Article ID: 954386 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

Consider the following scenario. You use a virtual private network (VPN) to connect a Windows Vista-based computer to your corporate network. After you connect to the corporate network, you experience an issue with your computer, and you contact your corporate helpdesk to resolve the issue. You provide the VPN IP address to the helpdesk agent. In this scenario, the helpdesk agent cannot use the Offer Remote Assistance feature to connect to your computer.

CAUSE

This issue occurs if the following local firewall exceptions are not included on the Windows Vista-based computer:
  • The Raserver.exe program
  • The TCP 135 port (You must add this firewall exception manually.)
In a typical VPN scenario, there are two network connections that are created:
  • A domain connection
  • A private connection or a public connection
In this scenario, Windows Firewall applies the private or public firewall profile on the computer and across both the connections. Therefore, the domain exceptions that are required for the Offer Remote Assistance feature are overridden by the private or public network connection profile. The Offer Remote Assistance connection fails if the DCOM port (port 135) and the Raserver.exe program are not added to the firewall exceptions on the Windows Vista-based computer.

RESOLUTION

To resolve this issue, follow these steps:
  1. Create a firewall exception for DCOM port 135. To do this, follow these steps:
    1. Click Start
      Collapse this imageExpand this image
       Start button
      , type gpedit.msc in the Start Search box, and then press ENTER.

      Collapse this imageExpand this image
       User Account Control permission
      If you are prompted for an administrator password or for confirmation, type your password, or click Continue.
    2. In the Local Group Policy Editor Microsoft Management Console (MMC) snap-in, expand Local Computer Policy, expand Computer Configuration, and then expand Administrative Templates.
    3. Expand Network, expand Network Connections, expand Windows Firewall, and then click Domain Profile.
    4. In the details pane, double-click Windows Firewall: Define inbound port exceptions.
    5. On the Setting tab, click Enabled, and then click Show.
    6. In the Show Contents dialog box, click Add.
    7. In the Enter the item to be added box, type 135: TCP, and then click OK two times.
    8. In the Windows Firewall: Define inbound port exceptions Properties dialog box, click Apply, and then click OK.
  2. Create a firewall exception for the Raserver.exe program, To do this, follow these steps:
    1. In the Local Group Policy Editor MMC snap-in, double-click Windows Firewall: Define inbound port exceptions.
    2. On the Setting tab, click Enabled, and then click Show.
    3. In the Show Contents dialog box, click Add.
    4. In the Enter the item to be added box, type %systemroot%\system32\Raserver.exe:*: Enabled:Raserver, and then click OK two times.
    5. In the Windows Firewall: Define inbound program exceptions Properties dialog box, click Apply, and then click OK.
  3. Create incoming firewall rules for DCOM port 135 and for the Raserver.exe program. To do this follow these steps:
    1. In the Local Group Policy Editor MMC snap-in, expand Computer Configuration, expand Windows Settings, expand Security settings, expand Windows Firewall with Advanced Security, expand Windows Firewall with Advanced Security - Local Group Policy Object, and then click Inbound Rules.
    2. On the Actions menu, click New Rule.
    3. In the New Inbound Rule Wizard, click Port, and then click Next.
    4. On the Protocols and Ports page, click TCP, click Specific local ports, type 135, and then click Next.
    5. On the Action page, click Allow the connection, and then click Next.
    6. On the Profile page, make sure that only the Private check box is selected, and then click Next.
    7. Specify a name and a description for the rule, and then click Finish.
    8. In the details pane, double-click the rule that you created, and then click the Programs and Services tab.
    9. In the Programs area, click This program, type %systemroot%\system32\svchost.exe; Svc=RPCSS, click Apply, and then click OK.
    10. Double-click the rule, and then click the Advanced tab.
    11. In the Interface types area, click Customize.
    12. In the Customize Interface Types dialog box, click These interface types, click to select the Remote access check box, and then click OK.
    13. Click Apply, and then click OK.
    14. Right-click Inbound Rules, and then click New Rule.
    15. On the Rule Type page, click Program, and then click Next.
    16. Click This program path, type %systemroot%\system32\Raserver.exe, and then click Next.
    17. On the Action page, click Allow the connection, and then click Next.
    18. On the Profile page, make sure that only the Private check box is selected, and then click Next.
    19. Specify a name and a description for the rule, and then click Finish.
    20. Double-click the rule that you created for the Raserver.exe program, and then click the Advanced tab.
    21. In the Interface types area, click Customize.
    22. In the Customize Interface Types dialog box, click These interface types, click to select the Remote access check box, and then click OK.
    23. Click Apply, and then click OK.

Properties

Article ID: 954386 - Last Review: July 22, 2008 - Revision: 1.1
APPLIES TO
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Ultimate
  • Windows Vista Home Basic
  • Windows Vista Home Premium
  • Windows Vista Enterprise 64-bit Edition
  • Windows Vista Ultimate 64-bit Edition
  • Windows Vista Business 64-bit Edition
  • Windows Vista Home Basic 64-bit Edition
  • Windows Vista Home Premium 64-bit Edition
Keywords: 
kbexpertiseadvanced kbtshoot kbprb KB954386

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com