DameWare Home  |   Community  |   Sales  |   Resellers  |   Contact Us  
Article - #300040   

 

How to use the Proxy functionality within the DameWare Mini Remote Control program

 
The information in this article applies to:
  • DameWare Mini Remote Control
    • - Version(s) 6.0

 

Proxy functionality in version 6.x and above:

The Proxy functionality within the DameWare Mini Remote Control (DMRC) software & DMRC Client Agent Service has been completely redesigned in version 6.x and above, allowing it to behave more like a true Proxy Server.  Version 6.x of the DMRC application must be installed on the local machine, and version 6.x of the DMRC Client Agent Service on the proxy machine and all remote machines.  It is also strongly recommend that all machines run the same exact 6.x version of the software to ensure that all features function properly.

  1. The DMRC Client Agent Service must be pre-installed and running on the proxy machine as well as the destination machine.  It cannot be installed "on the fly" when using a proxy connection.  However, it can be upgraded "on the fly," provided it is currently running version 6.0 or above of the DMRC Client Agent Service.  It may be necessary to piggy-back two DMRC connections to initially get version 6.x of the DMRC Client Agent Service on the destination machine.
  2. The "Enable Proxy" setting must be enabled within the DMRC Client Agent Service on the machine that will be used as a proxy.
  3. The connection to the proxy machine is performed via a direct TCP connection, just as above.
  4. The proxy machine receives the connection and then forwards the connection request to the destination machine.
  5. Once the intended remote machine has received the connection request from the Proxy Host, the desktop of the destination machine will be visible in the DMRC window.

Advantages of the new proxy design:

  • Allows the use of a single TCP port in the remote firewall to access multiple machines on the remote network, rather than having to open a different TCP port on the remote firewall for each machine that needs to be remote controlled.
  • Allows the user to run the DMRC Client Agent Service on the same TCP port for all machines on the remote network, rather than having each machine run the DMRC Client Agent Service on different TCP ports.
  • Allows the use of the Private (LAN) IP address of the remote machine rather than having to use the Public (WAN) IP address of the router/firewall.  However, the Public (WAN) IP address for the machine running the "Proxy Enabled" DMRC Client Agent Service must be specified, as well as the correct TCP port number on which the DMRC Client Agent Service is listening.

Directions for using the Proxy feature:
On the machine that will act as the proxy for DMRC connections, simply pre-install the DMRC Client Agent Service and make sure the "Enable Proxy" setting is enabled on the Proxy Tab.  This can be done manually, from within the DMRC application, or even via an MSI package built using the new DameWare MSI Builder application (DWRCSMSI.EXE).  There are additional options as well for proxy connections to this machine.  Direct remote control connections to this machine can be disabled via the "Disable Remote Control" setting, and the user can even require a "Shared Secret" password for all proxy connections.  The optional Filter settings for these proxy connections can be defined via the IP Filter Tab using the "Enable Filter for Proxy Connections" setting.  Once the DMRC Client Agent Service is installed and configured properly on all remote machines including the proxy, a proxy connection can be established.

DameWare Connect via Proxy     DameWare MRC Client Agent Proxy     DameWare Proxy - Firewall Config  
Click image to enlarge
 

Proxy functionality in older versions, prior to 6.x:

Connecting via the Proxy Host functionality in older versions of the DMRC program was slightly different than simply connecting via a direct DMRC connection.  It was also a concept different from using a true "Proxy" server where all inbound or outbound communication is filtered through a single point of contact.

In these older versions, when a connection was made to a remote machine using the DMRC program (without the proxy), it was a direct TCP connection to the remote machine using a specific TCP port (default is 6129) provided the DMRC Client Agent Service was already installed and running on the remote machine.  The DMRC program's ability to remotely install, start, stop, or remove the DMRC Client Agent Service used the Operating System's installed protocols, File & Printer Sharing (i.e. 137-139/445).  However, it is not recommended that these ports be opened on the router/firewall because these are the same ports used by any remote service install and could potentially present security issues.

The following are the requirements to establish a proxy connection in versions of the software prior to 6.x: (note the differences compared to the five steps mentioned above)

1. The DMRC Client Agent Service must be pre-installed and running on the proxy machine and the destination machine(s).  It cannot be installed "on the fly" when using a proxy connection, nor can it be upgraded over a proxy connection (in order to upgrade it may be necessary to piggy-back two DMRC connections).

2. The "Enable Proxy" setting must be enabled on the Proxy Tab within the DMRC Client Agent Service on the machine that will be used as a proxy.

3. Only the "Encrypted Windows Logon" authentication method can be used when establishing a proxy connection; the other two authentication methods will not work.

4. The connection to the "Proxy" machine is performed via a direct TCP connection, just as above.

5. The proxy machine then attempts to forward the connection request to the destination machine.

6. Once the destination machine is contacted, the destination machine will initiate a reverse connection (outbound) back to the local machine to establish the connection.

In addition to the discrepancy in port settings, point #6 may present a challenge because the destination PC on the remote network must be able to make a reverse connection directly back to the calling PC, and it will not be attempted back through the proxy machine.

Unfortunately, the Proxy functionality in versions of the software prior to 6.x was designed this way because of the limitations within the TCP protocol, which simply did not allow the forwarding of the TCP socket to the destination machine in a manner that allowed it to assume control of the connection. That is why the remote machine must actually initiate a reverse connection back to the local machine.

However, as mentioned above, the proxy feature in version 6.x and above overcomes any TCP protocol limitations.
 
Knowledgebase Article: #300040
Category: How To Guides
Last Revised: Saturday, February 10, 2007
Keywords: proxy
Decription: Connecting to a remtote machine via a proxy connection within DameWare Mini Remote Control program.
How would you rate this article?
 12345678910 
Not HelpfulVery Helpful
Please tell us why you are rating this article this way.
If you need to enter a URL please remove "http://".
Please note: this field is required for negative responses.
No HTML please.                          
 
12345678910
Average rating:  8.5 out of 10.
12 people have rated this article.
Page Options
Print this article
Email this article
Rate this article
   ©1991-2010 DameWare Development LLC, All rights reserved.
    Privacy Statement  |  Trademarks  |  End of Life