Quick tip: Saving Credentials for Multiple RDP Hosts at the Same IP Address

Wednesday, December 26, 2018

MultiPorts

Here’s a quick year end tip from Jacques Bensimon.

If you use port translation to access multiple Microsoft Remote Desktop hosts behind a single external IP address, you may have run into this annoyance if the different hosts require different logon credentials:

Say you have three RDP-accessible hosts Host1, Host2 & Host3 with corresponding LAN IP addresses IP1, IP2 & IP3, and you’ve configured your external router or firewall to perform port translation on incoming external traffic (to a single external address IPe) as follows: 

IPe:1234 à IP1:3389, IPe:2345 à IP2:3389, and IPe:3456 à IP3:3389. 

You can now create three separate RDP connections (.rdp files) to externally access the three different hosts using connection addresses IPe:1234, IPe:2345 and IPe:3456 respectively.  But if you wish the Remote Desktop Connection client (mstsc.exe) to store a different set of credentials for each of the three hosts, you quickly discover that only a single set of Remote Desktop credentials can be saved for a given IP address (or DNS name), regardless of any port considerations.  The net effect is that if you save the credentials used to access say Host1 externally, those credentials become associated with IP  address IPe and will subsequently also be used when attempting to access Host2 and Host3, resulting in logon failures after a delay and the need to enter valid credentials each time.

The easy solution:  edit the hosts file on your client machine and add three lines of the form

IPe          host1.external
IPe          host2.external
IPe          host3.external

IPe above is of course the actual external IP address (e.g. 68.196.xxx.yyy) and is used on all three lines, and “.external” can in reality be anything you like – its only purpose is to avoid interfering with name resolution to those hosts if/when the client machine is back on the LAN.

Once this is done, your RDP connections can now target host1.external:1234, host2.external:2345 and host3.external:3456, and the Remote Desktop Connection client will now obediently let you save an individual set of credentials for each host (since it now sees them as distinct target addresses).  This of course can be done similarly regardless of the actual number of RDP hosts you need to access in this fashion.

Notes:

  • A remaining annoyance with this solution is that, if the external IP address IPe occasionally changes, you’ll have to edit the hosts file accordingly each time, even if you’re in possession of a dynamic DNS name corresponding to IPe (since hosts offers no mechanism for creating aliases to a DNS name, only to explicit IP addresses).
  • If you only need to access two different hosts externally (using port translation as above) and have a corresponding DNS name available for the external IP address IPe, you can save an individual set of credentials for each one without resorting to the hosts file:  simply use the IP address IPe for the connection to one of the hosts (with the appropriate port specified), and use the DNS name for the connection to the other host – Remote Desktop Connection will again consider the two target hosts as distinct and let you save individual sets of credentials.

JB

Be sure to follow @JacqBens on twitter.

Previous
Next Post »