Apple Remote Desktop Problem with Observing / Controlling outside LAN
 

Hi guys.

When the App store opened I saw that ARD was being sold at a really good price so I grabbed it! I was at my parents home at the time and set it up to see how it worked. I was controlling my parents' iMac and having great fun with playing around with all the settings! I'm now back at University and was hoping to be able to use ARD to help troubleshoot any problems they have.

The problem is that although ARD can see their iMac and receive reports, send Unix commands etc - I can't actually control or observe it. I just get a connection failed message. I have set up port forwarding and can access the iMac using screen sharing (connecting through the Finder sidebar) but not through ARD :confused: I've turned the firewall off to troubleshoot but even when it is on - Remote Management is in the list of exceptions.

I just wondered if anyone else had had a similar problem with controlling / observing Macs from outside their home network. (I've been searching around Apple discussions etc but the threads usually come to an end without a solution)

Thanks

oroberts

Exactly what ports are you forwarding in the router? Are you forwarding both TCP and UDP on those ports?

Trevor

VNC ports 5800 need to be forwarded to the client if it is behind NAT

I've forwarded:

5900 TCP
5900 UDP
5988 TCP
5988 UDP
3283 TCP
3283 UDP

Haven't tried 5800 though Tlarklin. I'll try that out later when their iMac is back on. Would that be TCP or UDP?

When the machine is on, I can still operate it using screen sharing from the Finder Sidebar, could this be causing some sort of conflict with ARD?

I also had back to my Mac enabled (on my parents' iMac) but I disabled that and it didn't seem to make a difference.

I can post a screen shot of the router settings page if that would help?

Forgot to mention Admin and Client are both 10.6.6 with ARD 3.4

I never open up and route VNC/ARD ports on the WAN, asking for trouble IMHO.
I always use a secure VPN or SSH tunnel into remote network or something like Sharetool, LogMeIn, Teamviewer.

@tlarkin port 5800 ?? never used that non standard port (maybe typo ;-)

ARD ports
3283 TCP/UDP Net Assistant Apple Remote Desktop 2.0 or later (Reporting feature)
5900 TCP Virtual Network Computing (VNC) Apple Remote Desktop 2.0 or later (Observe/Control feature) Screen Sharing (Mac OS X 10.5 or later)

Screen sharing should be off and Remote Management (with all advanced options on) should be turned on.

Port 5800 is the http port used to serve the Java VNC viewer through a browser.* This is included with many Windows VNC implementations, I'm not sure if it's available for the Mac. Google: VNC Port 5800.

Trevor



*Technically, it should be written as port 5800+N, where N is the VNC screen used, and is a number from 0 - 9. This is also true of port 5900, which should be 5900+N, where N is the VNC screen used, between 0 and 9. There are 10 total screens that you can choose from in VNC. If you are using screen 1, for example, then you need to open 5901 (and 5801 if you use the Java browser viewer).

I meant 5900, I had mild case of the misplaced finger syndrome when i typed that I suppose.

Never used it on Mac.
I use Tight VNC/Real VNC on Windows which from memory used 5900 and have never used Java VNC on Port 5800.

;-) those darn fingers...

I think I might have to do this - I spent hours trying to solve the problem yesterday but still haven't worked it out!

I checked Network Utility for open ports and it didn't have 5900 listed. I just wondered if I'm missing something really obvious - is there a setting on the Mac to manage ports?

Ports Mapping is generally done on routers.
What router do you have a remote end ?

I can really recommend Sharetool as a great Mac option for secure access to remote machines. It effectively creates a secure SSH tunnel and then you have control of Mac using ARD/Screen sharing.

It's a BT home hub Version 2 (Black one) and I have an Airport Extreme at my end. The BT hub is managed using the browser as it does not have it's own dedicated app.

That sounds good - are you still able to send unix commands etc using ARD? I tried an app called Slink yesterday and that got screen sharing working but stopped reports etc in ARD!

"send unix commands " through ARD not sure....but you can SSH into machine once Sharetool has done its magic and do the command through terminal.

OK - thanks for the info. I'll download the trial tonight and see what happens.

Just a bit of advice with sharetool. When you setup at remote end use a fixed port that maps automatically. Does the remote end have a fixed IP if not get a dyndns hostname for free. You have to have Remote login turned on remote machine and screen sharng, fiel sharing etc. The router configuration is downe by UPNP or NAT-PMP so need that on on router.

Good luck and feel you will have better luck & more secure network using this method.

I have used web based products like logmein.com to access my parents computer(s) from home to fix them. After about the third time of driving 30 miles to go their house to fix a computer problem I just installed a web based remote desktop client. That way, no matter where they are at, as long as they can get online I can remote into their systems.

I did briefly give logmein ago - worked ok.

Even though my university doesn't have a slow connection and neither does my parents' home, screen sharing / logmein seems a bit choppy / jerky.

That's what I like about ARD (control /observe),you can reduce the image quality of the transmitted screen from the remote machine using the slider - this is great if you're on a slower connection - black and white is fine to do most things.

I'll have to see if other products have options to reduce the quality of the transmitted screen.

Yeah well my family uses Windows boxes, so ARD Admin is not really an option. Plus a few of them actually use Linux (simple users they just need a web browesr) and a few use Macs, but mainly Windows. Microsoft remote desktop and even ARD admin require all this fancy setup with forwarding ports. Logmein is web based all I need is the client installed.

Even if I did do the port forwarding for remote desktop clients, I would still have to track their IP addresses via dynamic DNS or something, which involves yet another account to set up and more stuff to configure.

There are other web based services like logmein that may perform better, and there are even enterprise solutions as well like webex, but those are not free.

I find it more practical to use the client driven web based stuff rather than the network dependent enterprise tools. I would consider remote desktop and all other forms similar enterprise tools since you set them up and configure them to run on your network.

Just my opinion.

Hi Olof here, the Slink Developer. This issue with ARD is that some if its functions, like reports, are partially based on UDP. Solutions like Slink (and ShareTool) are based on SSH port forwarding and only support TCP based services.

Happy to answer any questions you may have on Slink,

--Olof

Perhaps you could user Little Snitch to sniff out the ports you need. I've run it, but my free license has expired, so I not sure what information it reports.

Little Snitch informs you whenever a program attempts to establish an outgoing Internet connection.
http://www.obdev.at/products/littlesnitch/index.html

Thanks for the info - I'll give it a try and see what it reports.

It's so strange because if I disable Port Forwarding completely ARD stops working, but no matter what I try I cannot get port 5900 to work properly.

UPDATE:

This is what Little Snitch reports on the admin machine - 5900 is not listed - is this what is likely to be causing the problem I wonder?

http://img249.imageshack.us/img249/1...ttlesnitch.jpg

5900 is for the VNC server so unless you are actually connected I don't think that port would have a connection over it.

http://support.apple.com/kb/ts1629

There is the kbase on all the network ports apple uses.