Description of the Remote Assistance Connection Process
In this article, the terms ".MsRcIncident file" and "the invitation" are used interchangeably. The term "ticket" refers to the record of the invitation held on the Novice's computer.
The Novice computer has a built-in local user account called HelpAssistant. This account is disabled by default and has a randomly generated strong password. The account has limited privileges and is used by the Expert to logon to the Novice computer during the Remote Assistance session.
The Novice Invites the Expert to Connect to Their ComputerWhen the Novice's computer creates the invitation file, the following actions occur:
- The HelpAssistant account is enabled.
- An entry in the Novice's table is created.
- The following information is obtained from the Novice's computer: IP and computer name configuration information including requesting port mapping from any Universal Plug-and-Play (UPnP) Network Address Translation (NAT) servers on all interfaces on the Novice computer. If a UPnP NAT server is present, it responds with its external IP address and a port number reserved for the Novice computer. The UPnP NAT Server begins mapping traffic on the IP:PORT to port 3389 on the NAT Client Novice computer.
The Expert Executes the Invitation FileThe Expert executes the invitation file to start a Remote Assistance session. On the Expert's computer a message is displayed inviting the Expert to connect to the Novice's computer. Remote Assistance uses the following information contained in the .MsRcIncident file to display this message:
- The name that the Novice specified during the creation of the invitation, which is displayed to inform or remind the Expert who submitted the invitation:USERNAME="Kim Abercrombie"
- Whether or not a Password was set by the Novice during the creation of the invitation:RCTICKETENCRYPTED="1"
- The time that the invitation was set to expire at the time of creation. The Novice can expire any invitation at any time by using the View invitation status page:DTStart="992646863" and DTLength="60"
The name to be used is contained in the USERNAME field as in the example above where Kim Abercrombie is the name the Novice specified when creating the invitation.
Note: When the Novice creates the invitation, Remote Assistance pre-populates the Enter your name box with the current profile name. The Novice may change this name.
To determine whether or not to prompt the Expert for a password, Help and Support center looks at the RCTICKETENCRYPTED field. If it set to "0", the Expert is not prompted for a password. If it is set to "1", the Expert is prompted for a password. The password entered by the Expert is sent to the Novice's computer.
DTStart=="992646863" and DTLength="60"
Remote Assistance uses the DTStart and DTLength fields to calculate the expiration time set by the Novice when the invitation is created.
Note: This time will be adjusted to the local time of the Expert computer.
The expiration time as displayed to the Expert is only informational. The Novice can cause the invitation to expire at any time by clicking Expire in the View invitation status page in Help and Support Center. This causes the ticket on the Novice computer to expire. Although the message that is displayed to the Expert shows that the invitation is still open when a connection is attempted, the Novice computer refuses the connection because the ticket has expired.
If the Novice chooses to expire the ticket prior to the invitation's preset time, the Experts invitation does not reflect this change and the message displays the original expiration time that was set at the invitations creation.
You may be concerned that the Expert could "trick" the Novice computer by adjusting the time on the Expert computer; however, this is not possible. To demonstrate this, refer to the following example scenario:
If an invitation is created in Dallas with an expiration time of 4:00 PM central time, and the Expert opens the invitation in a location 1 hour behind Dallas time, such as Provo Utah, at 3:35 PM Provo time (4:35 PM Dallas time) the message would show the ticket as expired because it would be 4:35 PM in Dallas, and the Novice computer would have set the status of the ticket to Expired.
If the Expert in Utah were to set the system clock on their computer in such a way as to make the invitation message appear as not expired on the Expert computer, the Expert would then be able to attempt a connection to the Novice. When the Novice computer receives the attempt it immediately declines to start a Remote Assistance session. There is no user interaction required on the Novice's computer when this occurs.
Starting the Remote Assistance SessionWhen the Expert clicks the Yes button, Remote Assistance calls Help and Support APIs to initiate the session. Help and Support relies on Terminal Services to negotiate the session. Help and Support Center pass the Remote Assistance invitation file to Terminal Services. Terminal Services uses the information it receives in the RCTICKET field to negotiate a connection with Terminal Services on the Novice computer.
The RCTICKET field contains a list of all IP addresses on the Novice computer at the time of the invitations creation with a port number in the format of IP:PORT.
Remote Assistance makes use of UPnP NAT management, which enables Remote Assistance to work when the Remote Assistance Novice is behind a UPnP-compliant NAT Device.
Windows XP Internet Connection Sharing is the only NAT solution that is UPnP compliant.
Note: The following text is wrapped for reading purposes only.
RCTICKET="65538,1,126.96.36.199:3389;kim.redmond.microsoft.com: 3389;10.0.0.5:3389,5UACB9zFYZnq5tcVDHA=,Aujb46Sne5TByHUYLgGYO2oavzR+ZPBvhOo/OkTN5GI=, SolicitedHelp,50dQeOP0esX18JQjTVzkC/fmJFj/XxsB5DcbU8hk5k6nk+QegA03gA==, eS69KnKxOHg2wZtNCkm4ixs8AuI="65538,1: This is for version information and flags.
188.8.131.52:3389;kim.redmond.microsoft.com:3389;10.0.0.5:3389: This is a list of IP addresses and port numbers that were present on the Novice computer at the time the Invitation File was created.
Terminal Services starts attempting connections with the first interface in the list, 1184.108.40.206:3389 in this case. If there is no response in 30 seconds, Terminal Services moves to the next interface, kim.redmond.microsoft.com:3389, and finally Terminal Services will try to connect to 10.0.0.5:3389.
If this connection is not successful, Terminal Services informs Help and Support Services, which in turn informs Remote Assistance which generates the following message:
A Remote Assistance connection could not be established. You may want to check for network issues or determine if the invitation expired or was cancelled by the person who sent it.
Remote Assistance displays a message asking the Novice if they want to start a Remote Assistance session with the Expert at that time. If the Novice is logged on to multiple sessions, each session receives this prompt.
Before the Expert is allowed to connect to the Novice computer, the Group Policy Settings are checked. If the Policies do not allow the Novice to receive Remote Assistance the connection is refused.
If all the credentials are met the Remote Assistance session is established using the RDP protocol and Port 3389 through Terminal Services on the Novice and Expert computers.
At this point the Expert can only see the Novice's desktop. The Expert must request to take control of the Novice's computer and the Novice must allow control by clicking yes to the corresponding prompt. If the Novice wants to take back control at any time during the session, the ESC key can be pressed.
When the Ticket Expires
Remote Assistance maintains a table of all open tickets in the HKEY_LOCAL_MACHINE hive of the registry. When there are no open tickets, Remote Assistance disables the HelpAssistant account and removes the Allow logon through Terminal Services right in one hour. Remote Assistance also turns off any port mapping on UPnP-compliant NAT devices.
The ticket expires automatically when the time limit has expired. A user that is a member of the Owner or Administrator group on the Novice computer can also cause the ticket to expire at anytime by performing the following steps:
- Click Start, and then click Help and Support.
- Click the Remote Assistance link.
- Click the View invitation status link.
- Select the desired open ticket to expire.
- Click the Expire button.
Article ID: 300692 - Last Review: 12/03/2007 03:26:58 - Revision: 6.6
- kbinfo KB300692