How Remote Assistance Works

The two parties in a Remote Assistance session are called the novice and the expert. (On some screens and in some documentation, the expert is referred to as the helper.) To use Remote Assistance, both parties must be using a Windows version that includes Remote Assistance (Windows Vista, Windows XP, or Windows Server 2003) and both must have an active internet connection or be on the same local area network, and neither can be blocked by a firewall.

To create a Remote Assistance session, the novice sends a Remote Assistance invitation, typically using an instant messenger program or e-mail. The expert then accepts the invitation and enters an agreed-upon password. Finally, the novice approves the expert's acceptance. A terminal window on the expert's computer that displays the desktop of the novice's machine then opens.

The expert views the desktop in a read-only window and exchanges messages with the novice using text chat. In order to work with objects on the novice's computer, the expert must request control, and the novice must approve the request.

In a slight variation of this process, the expert can initiate the Remote Assistance session, perhaps in response to a telephone plea for help from the novice. We describe both connection processes in detail in the sections that follow.

At the heart of each Remote Assistance connection is a small text file called an RA ticket. (More formally, its type is Windows Remote Assistance Invitation and its extension is .msrcincident.) This file uses encrypted data in XML fields to define the parameters of a Remote Assistance connection.

When you use Windows Live Messenger to manage the connection, the RA ticket is never visible. (In fact, Messenger uses a connection string that includes only part of the of the RA ticket information - just enough to establish connection.) When a novice sends a Remote Assistance request via e-mail, however, the RA ticket rides along as an attachment to the message. The expert has to double-click this file to launch the Remote Assistance session.

What happens next behind the scenes is the biggest improvement in the Windows Vista version of Remote Assistance: Without the use of a relay server, Remote Assistance is able to reach computers behind nearly any NAT router. It simultaneously attempts several types of connections until it finds one that works:

• IPv4 address is used when both computers can be directly addressed using IPv4, such as on a local area network or when both computers have public IP addresses.
• IPv6 address is used when both computers are on an IPv6 network; most routers and switches currently in use do not support IPv6 addressing.
• UPnP NAT address is used to connect through a UPnP router, which provides NAT traversal.
• NAT traversal via Teredo is used when all the other methods fail. After using a public Teredo server to determine NAT port mapping and to initiate communication, this connection then encapsulates IPv6 data in IPv4 packets, enabling it to tunnel through an IPv4 network.

With previous versions of Remote Assistance, connecting two systems behind NAT routers was difficult at best. Trying to explain to an inexperienced user who's already flustered because of computer problems all the complex configuration steps needed to bypass NAT made Remote Assistance impractical for most such setups.

NAT is a great system for extending the limited number of available IP addresses and for securing
computers on a small network. But it is the bane of users trying to make peer-to-peer connections, whether for voice, video, gaming or Remote Assistance. Now, the only obstacle to end-to-end connections for Remote Assistance on computers running Windows Vista is a firewall.

Windows Firewall has an exception defined for Remote Assistance. (An exception is a group of rules that enable an application to communicate through the firewall.) By default, the exception is enabled only for private networks, such as a workgroup in a home or small office. The exception is disabled for public networks (such as an internet cafe or public Wi-Fi hotspot) and for domain networks. If you try to make a Remote Assistance connection when the exception is disabled, you'll see a message pop-up.

To enable the exception in Windows Firewall, open Windows Firewall. In the left pane, click Allow A Program Through Windows Firewall (requires administrator privileges). On the Exceptions tab, select Remote Assistance and then click OK.

Tags: firewall,ip address,network,wifi,wireless

Related Articles