Windows 7 / Getting Started

How Remote Assistance Works

The two parties in a Remote Assistance session are called the novice and the expert. (On some screens and in some documentation, the expert is referred to as the helper.) To use Remote Assistance, both parties must be using a Windows version that includes Remote Assistance (Windows 7, Windows Vista, Windows XP, Windows Server 2003, or Windows Server 2008), both must have an active internet connection or be on the same local area network, and neither can be blocked by a firewall.

The connection between novice and expert can be established in a variety of ways. If both parties are using Windows 7, a new Easy Connect feature is the simplest approach; a simple password exchange is all that's required. Alternatively, the novice can send a Remote Assistance invitation, using an instant messenger program or e-mail. The expert then accepts the invitation and enters an agreed-upon password. Finally, the novice approves the expert's acceptance.

After the connection has been established, a terminal window on the expert's computer displays the desktop of the novice's machine. The expert views the desktop in a read-only window and exchanges messages with the novice using text chat. If the expert wants to work with objects on the novice's computer, he or she can request control.

In a slight variation of this process, the expert can initiate the Remote Assistance session, perhaps in response to a telephone plea for help from the novice. We describe both connection processes in detail in the sections that follow.

At the heart of each Remote Assistance connection is a small text file called an RA ticket. (More formally, its type is Windows Remote Assistance Invitation and its extension is .msrcincident.) This file uses encrypted data in XML fields to define the parameters of a Remote Assistance connection. When you use Windows Live Messenger to manage the connection, the RA ticket is never visible. (In fact, Messenger uses a connection string that includes only part of the RA ticket information-just enough to establish connection.) When a novice sends a Remote Assistance request via e-mail, however, the RA ticket rides along as an attachment to the message. The expert has to double-click this file to launch the Remote Assistance session.

Without the use of a relay server, Remote Assistance is able to reach computers behind nearly any NAT router. It simultaneously attempts several types of connections until it finds one that works:

  • IPv4 address This type of connection is used when both computers can be directly addressed using IPv4, such as on a local area network or when both computers have public IP addresses.
  • IPv6 address This type of connection is used when both computers are on an IPv6 network.
  • UPnP NAT address This type of connection is used to connect through a UPnP router, which provides NAT traversal.
  • NAT traversal via Teredo And this type of connection is used when all the other methods fail. After using a public Teredo server to determine NAT port mapping and to initiate communication, this connection then encapsulates IPv6 data in IPv4 packets, enabling it to tunnel through an IPv4 network.
TROUBLESHOOTING

Teredo can't make a connection
If you can't make a connection and you're certain that a firewall isn't blocking the connection, be sure that UPnP is enabled on your router. (See the instructions for your router for details. If you no longer have the manual, check the manufacturer's website.) Teredo doesn't work with routers that use symmetric NAT. To find out if you have an incompatible router, at a command prompt type netsh interface teredo show state. (This can be abbreviated as netsh int ter sho st.) If the Type line shows Symmetric or Port Restricted, your best bet is UPnP.

With the Windows XP version of Remote Assistance, connecting two systems behind NAT routers was difficult at best. Trying to explain to an inexperienced user who's already flustered because of computer problems all the complex configuration steps needed to bypass NAT made Remote Assistance impractical for most such setups. NAT is a great system for extending the limited number of available IP addresses and for securing computers on a small network. But it is the bane of users trying to make peer-to-peer connections, whether for voice, video, gaming-or Remote Assistance. Now, the only obstacle to end-to-end connections for Remote Assistance on computers running Windows Vista or Windows 7 is a firewall.

Windows Firewall has an exception defined for Remote Assistance. (An exception is a group of rules that enable an application to communicate through the firewall.) By default, the exception is enabled only for private networks, such as a workgroup in a home or small office. The exception is disabled for public networks (such as an internet cafe or public Wi-Fi hotspot) and for domain networks. If you try to make a Remote Assistance connection when the exception is disabled, you'll see a message like "This Computer is not set up to send invitation".

To correct the problem, click Repair. The troubleshooter will figure out what's wrong and then present a Try These Repairs As An Administrator link. Click that link, give the troubleshooter a moment or two to carry out the necessary repair, and you should be good to go. If the troubleshooter for any reason doesn't perform as expected, open Windows Firewall. In the left pane, click Allow A Program Or Feature Through Windows Firewall. Then click Change Settings (requires administrator privileges), select Remote Assistance, and click OK.

Know the rules

The specific rules that make up the Remote Assistance exception vary depending on the profile type. For example, UPnP connections are enabled only in the private and domain profiles-not in the profile for public networks. Teredo connections are enabled only in the private and public profiles to prevent its use on corporate domains. The domain profile contains additional rules that enable help-desk personnel to offer assistance using Distributed Component Object Model (DCOM). You might want to examine the rules that define the Remote Assistance exception, whether it's to satisfy your innate curiosity or to configure comparable rules for a third-party firewall. To do so, follow these steps:

  1. Open Windows Firewall With Advanced Security.
  2. In the console tree, select Inbound Rules or Outbound Rules.
  3. In the actions pane, click Filter By Group, Filter By Remote Assistance.
  4. In the details pane, double-click a rule to review its specifics.
[Previous] [Contents] [Next]