Remote Desktop issues
Posted by LatiBerg@reddit | sysadmin | View on Reddit | 20 comments
Hi all,
I have a computer I use for my business that I leave at home. I always need the ability to connect remotely to it. I've been using remote desktop for many years, with no issues.
In the past few weeks, I constantly get the dreaded "Because of an error in data encryption, this session will end."
However, it only does it when I connect from the outside (I have a static IP address and have my router forward 3389 to my business computer). It doesn't when I connect from say, a laptop, inside my home network.
I tried all of the fixes I could find online, like disabling unloading large packets or all of those. None of them fix it. I tried disabling Windows Defender, thinking it was a firewall issue, and it doesn't solve the problem.
Anyone have any ideas? It's driving me nuts, and I don't want to have to reinstall Windows clean on my business PC to make this stop.
Thanks all.
LatiBerg@reddit (OP)
Thanks everyone. I don't actually use 3389, I was just saying that to make it easier to explain. I actually use a random port that isn't used for anything common, and when I connect, I connect to mycomputer.net:XXXX
Someone would have to listen in on that port AND know my password which is a random string of numbers and letters I don't use for anything else.
I tried NordVPN a while ago, but split tunneling simply didn't work with apps I needed it to, so I uninstalled. I'll try the RSAMACHINEKEYS fix when I get home.
StiuNu@reddit
You're telling me your router has no vpn in the settings? Just use that to connect to your home Dinamic dns your ip if it's not fixed and vpn on to your router. If the router has no VPN, just install a VPN on the machine, SoftEther VPN, and forward the required ports so you can vpn into it
LatiBerg@reddit (OP)
I have an Eero so I don’t think it has native VPN. So i install the VPN on the remote server? thank you
StiuNu@reddit
Sry bro I'm on the road, just type "SoftEther VPN acces home pc rdp" in chat gpt and it will give 90% of the solution, you'll figure the rest out
LatiBerg@reddit (OP)
Thanks, I downloaded SoftEther, got it set up on both computers, and it connected fine, but it just doesn't work. On the client, it still shows the IP address of where the client is connected, and not the server.
I'm going to try to find a VPN device that I can put behind my Eero and have the Eero forward to it.
StiuNu@reddit
You install it on the pc you want to remote into Then you fw the ports and after you connect from the internet to the VPN server, you rdp on the standard port
itskdog@reddit
Or just use Tailscale and let them handle the VPN side for you.
Stonewalled9999@reddit
oh so that means it will take a hacker 6 seconds to bust in stead of 2. Yeah, real sure.
itskdog@reddit
It doesn't matter what port you use - changing the port is security through obscurity. It takes maybe a minute to scan all 65,536 ports to see what services are open.
CPAtech@reddit
Changing the port doesn't make anything safer.
uselessInformation89@reddit
Please use a VPN anyway. Changing the RDP port doesn't help anymore, every port gets scanned all the time nowadays. Maybe your router supports wireguard or (even easier) use Tailscale.
NetOps5@reddit
3389 public facing and open to the public internet is a ticking time bomb. It's going to get compromised, just a matter of time.
Box should be behind the firewall and use VPN client to securely connect and access your RDP connection. IF you have to (not recommended) keep it public facing without the use of a VPN... at least place the authorized connection sources in the allowlist and deny all other locations.
NocturnalGenius@reddit
In your case RDP stands for Ransomware Deployment Protocol ... do not open 3389 like that only bad things will happen.
gratuitous-arp@reddit
It sounds like the underlying network transport connecting you to the Internet may have some reliability issues / packet loss (packet mangling, ISP or router problems not shedding packets, flaky NIC offload behavior, or MTU miss-match issues). Have you tried switching RDP to run over TCP only and disabling UDP as a transport option?
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\ClientDWORD: fClientDisableUDP = 1Secondly, to echo others who've already chipped in - it's considered better not to expose RDP directly to the public Internet. Do you have an MSP helping you manage IT in your business? I work for a company that builds ZTNA software (VPN replacement) exactly for use-cases like this, and we work with a lot of MSPs. I'd be happy to make some introductions for you.
Icolan@reddit
That is very, very bad. RDP is not a secure protocol and should never be available unprotected on the internet. This should never be done.
You need to put a VPN with MFA in front of that so it is protected.
rynoxmj@reddit
r/techsupport r/homenetworking
CPAtech@reddit
You are going to get ransomed like that.
Ecstatic-Hat-3377@reddit
Have you tried using VPNs? Do you still get the error when/if tunneled? I would strongly suggest not keeping that port forwarded. It's not if, it's when you will get hacked.
joerice1979@reddit
If this is open to the internet on 3389 then close it immediately, it's not safe.
VPN in first or restrict to known IP addresses you use.
As for the problem, sounds like something else might either be listening or intercepting 3389 to me.
Other than that, and I can't remember too well but resetting a set of files called something like "RSAMACHINEKEYS" (after a full image backup of course) on the target computer fixed a similar one for me a while back.
Worth a Google perhaps.
Shroobinator@reddit
Please do NOT port forward 3389 ever. Use a VPN solution instead.