Highlighted
Posted by JedenTag
Trigon

Unable to connect to TeamViewer ID - LAN only

I am using Windows firewall to block all connections except what is required for TeamViewer to properly function and allow connections.  However, even after opening up the required ports according to this web page, I am unable to connect to TeamViewer via the TeamViewer ID.  I can connect via LAN, but not to the TeamViewer ID.  The only way I am able to connect to the TeamViewer ID is if I allow everything through the firewall.

In addition to the below screenshots, I have also done the same thing with ports 80 and 443 at the same time.  But according to the linked web page above, I only need to open up 5938.  This is clearly incorrect, as there is more to it or I would not be having this issue.

I am using TeamViewer 12.

Here are the screenshots showing all relavent information:

Untitled.jpgimage.pngimage.png

2 Accepted Solutions

Accepted Solutions
Posted by JedenTag
Trigon
Solution

Re: Unable to connect to TeamViewer ID - LAN only

I figured it out.

You must have a bare minimum of three Windows Firewall rules in order to connect to TeamViewer via the ID#.

You can add these rules by using the following PowerShell code:

New-NetFirewallRule -DisplayName "!Allow Outbound 5938 UDP TeamViewer.exe Local Port" -Enabled True -Direction Outbound -Profile ANY -LocalPort 5938 -RemotePort ANY -Protocol UDP -Program "C:\Program Files (x86)\TeamViewer\TeamViewer.exe" -Action Allow -Description "Allows Outbound TeamViewer.exe communication via 5938 UDP."
New-NetFirewallRule -DisplayName "!Allow Outbound UDP svchost.exe" -Enabled True -Direction Outbound -Profile ANY -Protocol UDP -Program "C:\WINDOWS\system32\svchost.exe" -Action Allow -Description "Allows Outbound UDP svchost.exe."
New-NetFirewallRule -DisplayName "!Allow Outbound TCP TeamViewer.exe" -Enabled True -Direction Outbound -Profile ANY -Protocol TCP -Program "C:\Program Files (x86)\TeamViewer\TeamViewer.exe" -Action Allow -Description "Allows Outbound TCP TeamViewer.exe."

The result will look like this:

image.png

 

View solution in original post

Highlighted
Posted by JedenTag
Trigon
Solution

Re: Unable to connect to TeamViewer ID - LAN only

Edit:  It looks like you need to allow TeamViewer_Service.exe now instead of TeamViewer.exe.  Somehow that changed overnight.

It looks like TeamViewer may have changed something between yesterday and today, as TeamViewer is not allowing outside connections via the TV ID#.

To fix this, I needed to also add the TeamViewer_Service.exe firewall entries for UDP 5938 outgoing, and TCP ANY outgoing.

Updated powershell script: (to reflect only needing the TeamViewer_Service.exe)

New-NetFirewallRule -DisplayName "!Allow Outbound UDP svchost.exe " -Enabled True -Direction Outbound -Profile ANY -Protocol UDP -Program "C:\WINDOWS\system32\svchost.exe" -Action Allow -Description "Allows Outbound UDP svchost.exe."
New-NetFirewallRule -DisplayName "!Allow Outbound TCP TeamViewer_Service.exe " -Enabled True -Direction Outbound -Profile ANY -Protocol TCP -Program "%ProgramFiles% (x86)\TeamViewer\TeamViewer_Service.exe" -Action Allow -Description "Allows Outbound TCP TeamViewer_Service.exe."
New-NetFirewallRule -DisplayName "!Allow Outbound 5938 UDP TeamViewer_Service.exe Local Port " -Enabled True -Direction Outbound -Profile ANY -LocalPort 5938 -RemotePort ANY -Protocol UDP -Program "%ProgramFiles% (x86)\TeamViewer\TeamViewer_Service.exe" -Action Allow -Description "Allows Outbound TeamViewer_Service.exe communication via 5938 UDP."

 

View solution in original post

3 Replies
Highlighted
Posted by JedenTag
Trigon

Re: Unable to connect to TeamViewer ID - LAN only

An update:

After more testing, it looks like a random Outbound Local UDP port is part of the cause.

  1. I allowed UDP/TCP ports 1-55000 through the firewall.  TeamViewer would not connect via TeamViewer ID#.
  2. I allowed UDP/TCP ports 1-65535 through the firewall, then TeamViewer did allow me to connect via TeamViewer ID#.

I looked at the network connections, and seen that TeamViewer.exe is using Local ports UDP 63948 and UDP 60538.

Is there a way to limit TeamViewer to just the 5938 ports?

Posted by JedenTag
Trigon
Solution

Re: Unable to connect to TeamViewer ID - LAN only

I figured it out.

You must have a bare minimum of three Windows Firewall rules in order to connect to TeamViewer via the ID#.

You can add these rules by using the following PowerShell code:

New-NetFirewallRule -DisplayName "!Allow Outbound 5938 UDP TeamViewer.exe Local Port" -Enabled True -Direction Outbound -Profile ANY -LocalPort 5938 -RemotePort ANY -Protocol UDP -Program "C:\Program Files (x86)\TeamViewer\TeamViewer.exe" -Action Allow -Description "Allows Outbound TeamViewer.exe communication via 5938 UDP."
New-NetFirewallRule -DisplayName "!Allow Outbound UDP svchost.exe" -Enabled True -Direction Outbound -Profile ANY -Protocol UDP -Program "C:\WINDOWS\system32\svchost.exe" -Action Allow -Description "Allows Outbound UDP svchost.exe."
New-NetFirewallRule -DisplayName "!Allow Outbound TCP TeamViewer.exe" -Enabled True -Direction Outbound -Profile ANY -Protocol TCP -Program "C:\Program Files (x86)\TeamViewer\TeamViewer.exe" -Action Allow -Description "Allows Outbound TCP TeamViewer.exe."

The result will look like this:

image.png

 

View solution in original post

Highlighted
Posted by JedenTag
Trigon
Solution

Re: Unable to connect to TeamViewer ID - LAN only

Edit:  It looks like you need to allow TeamViewer_Service.exe now instead of TeamViewer.exe.  Somehow that changed overnight.

It looks like TeamViewer may have changed something between yesterday and today, as TeamViewer is not allowing outside connections via the TV ID#.

To fix this, I needed to also add the TeamViewer_Service.exe firewall entries for UDP 5938 outgoing, and TCP ANY outgoing.

Updated powershell script: (to reflect only needing the TeamViewer_Service.exe)

New-NetFirewallRule -DisplayName "!Allow Outbound UDP svchost.exe " -Enabled True -Direction Outbound -Profile ANY -Protocol UDP -Program "C:\WINDOWS\system32\svchost.exe" -Action Allow -Description "Allows Outbound UDP svchost.exe."
New-NetFirewallRule -DisplayName "!Allow Outbound TCP TeamViewer_Service.exe " -Enabled True -Direction Outbound -Profile ANY -Protocol TCP -Program "%ProgramFiles% (x86)\TeamViewer\TeamViewer_Service.exe" -Action Allow -Description "Allows Outbound TCP TeamViewer_Service.exe."
New-NetFirewallRule -DisplayName "!Allow Outbound 5938 UDP TeamViewer_Service.exe Local Port " -Enabled True -Direction Outbound -Profile ANY -LocalPort 5938 -RemotePort ANY -Protocol UDP -Program "%ProgramFiles% (x86)\TeamViewer\TeamViewer_Service.exe" -Action Allow -Description "Allows Outbound TeamViewer_Service.exe communication via 5938 UDP."

 

View solution in original post