Fog Creek Software
Discussion Board




Remote control tech support

Here's the problem: we sell FogBUGZ, a server product that runs on NT. It comes with a SETUP program that works fine in 95% of the situations, but occasionally something goes wrong and we get a tech support call.

If we could somehow remote-control our customers' computers, it would take us about 3 minutes to get FogBUGZ up and running. Instead we have to try to tell them what to do over the phone, without seeing what's going on, which can take an hour or more. There are plenty of remote control programs (PC Anywhere, VNC, NT Terminal Services, etc.) but they all seem to have two problems:

1 a complicated install for the server, often requiring the original NT CD and a reboot, and
2 they act as traditional servers, listening on a port, which doesn't work behind firewalls.

What I would love to have is a version of the VNC server that ran as an ActiveX control. Then I could tell my clients to go to a web page and allow the control to run. We would also need a reflector that lived outside their firewall.

Does anyone have a good solution to this problem? Commercial, Open Source, whatever.

Joel Spolsky
Tuesday, July 30, 2002

Joel, try Remote Administrator ( http://www.famatech.com/ ). It's $35, and is the fastest remote control app I've used yet. Even though the installer asks for a reboot, it doesn't actually need one. I think it asks for the reboot so the service can start, but I've run it on dozens of boxes for a few years, and never restarted a single one of them before using the software (and never seen anything added to the copy-after-reboot list). After installation, don't reboot -- just use the "Start Remote Administrator Service" icon, and it works just fine. For quickies, you can even uninstall it after you've done what you need to do, and no reboots were ever needed.

Another nice thing about it is that on a busy or slow network, it's quite a bit more responsive than pcAnywhere or VNC. It also costs much less than pcAnywhere, and has never blue-screened me, unlike PcAnywhere which seems to consider blue screens an operating requirement.

Troy King
Tuesday, July 30, 2002

It doesn't look like it will work when the server is behind a firewall...

Joel Spolsky
Tuesday, July 30, 2002

It works fine for us behind a firewall on both the client and the server. You can control the port it uses -- try setting it to a port that has a hole in the firewall already, but isn't otherwise in use on that server. I've used it on existing open ports in some cases, and have specifically opened its default port on a firewall other cases.

I understand your customer may not have control over their firewall -- so the trick is to use port 25 or something else their server doesn't use or can suspend during the support session.

Troy King
Tuesday, July 30, 2002

Remote Administrator also has a "connect through host" setting. That's useful for installing a machine outside their firewall, and giving just that machine permissions to cross their firewall. You then connect to it, and it connects to the target. Is that what you meant by a reflector outside their firewall?

I personally have only used that feature once, and that was about three years or so ago, so I don't k now how well it works. I've never had a problem getting a hole put in the firewall or using an existing hole.

Troy King
Tuesday, July 30, 2002

We have started using a product called WebEx for situations like this.

http://www.webex.com/home/default.htm

It is really pretty slick.  It has about a 20-30 second download, doesn't require a reboot, and works through firewalls.  It has desktop sharing and remote control features.

I have actually found myself using this product to help me communicate with remote developers.

Emily Doherty Harris
Tuesday, July 30, 2002

GoToMyPc should work.  A coworker of mine used it at a company I used to work for and it doesn't have any problems with firewalls unless outbound connections are filtered.

https://www.gotomypc.com/

(you will be redirected to https if you try http)

Anthony Rubin
Tuesday, July 30, 2002

What about ssh/cygwin?

JW
Tuesday, July 30, 2002

Just wanted to offer another vote for WebEx. It's expensive, but very, very good.

Tim Sullivan
Tuesday, July 30, 2002

Joel, used LiveHelper (www.livehelper.com)  about a year ago when it was free.  Although there might still be a free version available it may not have the remote control feature.  I believe the remote control feature required no install or very minimal install without reboot and it worked nicely.  I don't recall if it work through firewalls but it may have as I think the initiation was done perhaps on the client side once connected with the chat application.  I don't remember as it was tech support who actually used the software day in and day out.

Also, VNC will work fine through firewalls as you can establish a connection from the machine that you want to connect to using VNC Viewer in listen mode.  You'll have to check the documentation on how to do that but we have used it successfully many times in this kind of setup.

Tim (http://www.kosmo.com/blogs/TimsBlog)

Tim
Tuesday, July 30, 2002

Joel,
  I've been using VNC a bit.  One nice thing that I've found is it has a built in web-server. It takes about 30 secs. to install.  When the cust.  has a problem, you can tell them how to start it up and then connect to there computer the following way

http://192.168.0.0:5800 (replace ip with cust ip)
then type in a password.

just type that in any web browser from anywhere.  You have instant full control over the pc.  I've found it to be very fast, and very well done

I'm sure you could get some type of installer that woudl automate the process for the customer.

Kurt Hines
Tuesday, July 30, 2002

The trouble is that most of our customers have firewalls and don't accept these incoming connections.

But I'm playing around with VNC's listen mode which allows connections backwards (from the server to the client) which might work.

Joel Spolsky
Tuesday, July 30, 2002

What about Netmeeting Desktop Sharing?  Windows 2000 has Netmeeting installed by default - so if your clients are running at least 2000, you should be okay.  I've never actually used this feature, but I'd imagine it should work fine...

Giorgio Galante
Tuesday, July 30, 2002

Oops, you said NT - Well, regardless - your clients can still download it from Microsoft - that's not a big deal.  The only concern I have is the firewall issue - but what if you host the "call" (meeting, whatever) and the client tries to connect to you?

Giorgio Galante
Tuesday, July 30, 2002

Joel,  This problem is a universal problem.  I hope you let us all know (on your home page) if you find a good solution.  Since this problem is so universal, if there currently is no good solution, perhaps there is money to be made, and a new product for Fog Creek to write.

Glade Warner
Tuesday, July 30, 2002

I would add a vote for GoToMyPC.

I've been using it for six months and have never had a problem.  It's firewall-friendly (outbound connections only, for both server & client), secure, fast enough.  I don't recall how much you have to go through to set it up on the server machine, but I believe it's pretty quick.  There is no client setup whatsoever, although that doesn't really matter to you.

John Hart
Tuesday, July 30, 2002

I have used WebEx from the customer end, and I really was impressed.  We have a firewall and there was no problem getting connected.  Especially important to me is that I was in control of the process; the connection was initiated and broken from MY end.

RH
Tuesday, July 30, 2002


What about RemotelyAnywhere?

Leonardo Herrera
Tuesday, July 30, 2002

ssh with remote X forwarding.  Very secure, goes through fire walls.

Sorry, just had to say that.

Nat Ersoz
Tuesday, July 30, 2002

We're going to try TightVNC (a compressed version of VNC) using "listen" mode; this system seems to allow the server to connect to the client instead of vice versa, which solves the firewall problem. And I've got the install down to two files (EXE + DLL) which I can distribute from our web site as a self-extracting ZIP.

It's still a little bit of a pain for the user (see the instructions I put together on http://www.fogcreek.com/rc.html) but only takes about 1 minute to set up, doesn't install anything permanently, works behind most firewalls and NATs, etc.

Joel Spolsky
Tuesday, July 30, 2002

back orifice is open source. role your own

cj
Tuesday, July 30, 2002

Admin's don't scale.  Neither do tech support or programmers, so I think you are going with the wrong solution.  While it may be easier now to just go in an fix the problem, what happens when you sell thousands of copies?  Why not figure out what happens in that 5% and have the install program handle the situation?  Or write better install documentation, or something, other than fixing it on the customer's machine.

I know plenty of network admins who would be horrified at the thought of someone having remote access to one of their machines---worse if it's through the firewall (since that's what the firewall is there to begin with!). 

Sean Conner
Tuesday, July 30, 2002

I thought the built in Windows XP Remote Assistant will work through firewalls.

Steve M
Tuesday, July 30, 2002

No one seems to have mentioned ExpertCity's DesktopStreaming.  It is comparable to a few of the other solutions mentioned:  The client downloads an executable, it connects back to the support person, and you can chat and / or screen share with them.

I have used it; it works well.

http://www.desktopstreaming.com/

Eric Hancock
Tuesday, July 30, 2002

For tech support, you don't need to move the cursor or type anything. If it really just takes 3 minutes to fix it,
the client can let you see the screen remotely, and you
tell them what to type or click. Since this is one-way only, there should be no serious firewall problem at all.

Firewall is supposed to protect the server. Any means to by-pass all types of firewalls is not a good idea. What if this becomes a common practice? I believe Joel's tech support guys won't do something funny on my server, but who can guarantee this for other companies?

Sam Wong
Tuesday, July 30, 2002

Joel,
Our company's product is a "Call Centre over IP" product
including remote control, VoIP, and chat.  It features
ActiveX download, full encryption, firewall handling,
bi-directional remote control and has very competitive voip
and remote control performance.  This seems like it would
suit your needs.

See www.namzak.com. (Namzak Labs, Ontario, Canada)

Nathan Konrad
Technical Director, Namzak Japan

Nathan Konrad
Tuesday, July 30, 2002

Temporary VPN access always helps to get out of a firewall problem. Then you could install VNC and use it normally.

Giampiero De Ciantis
Wednesday, July 31, 2002

"If we could somehow remote-control our customers' computers"

You could get blamed for any subsequent fuckups.


Wednesday, July 31, 2002

Webex isn't cheap, but it is very, very easy to set up. It is, as you suggested, simply an ActiveX client that install autmatically within MSIE.

It works through *almost* every firewall. Technically, it does require the ability to send out data on a port other than 80, but it's outbound, which most firewalls allow. The only firewall so far that has blocked it belonged to a bank client of mine. Even then, if you want to pay even more, you can pay extra for the SSL option, which gets you back onto only standard ports again, 80 and 443.

VNC in listen mode is obviously much more difficult to set up, but is also free.

P.S. You can try out Webex for 10 minutes at a time for free at their website. If you didn't mind the public image, you could probably do that forever, in 10 minute chunks. Note that only gets you access to the full-blown meeting manager. I most often use the Support Session capability, which is much more simple for both the end user and me.

Phillip Winn
Wednesday, July 31, 2002

I actually tried Webex and literally could not get the client to set up on my machine. Combined with the per-minute billing, I gave up on this idea, but I know many other people are using it happily.

In retrospect I'm actually happy the VNC solution uses an EXE instead of an ActiveX control, for security reasons -- I don't want to leave this potential security hole around in my customers' cache. With an EXE I can make sure they delete the file before they get off the phone with us. The only remaining annoyance with this solution is that I need two files (EXE+DLL) instead of just one EXE, which means I have to make a self-extracting archive and all that instead of just telling them to download&run a single file. If I have time I'll probably recompile TightVNC myself so it doesn't require the DLL.

Joel Spolsky
Wednesday, July 31, 2002

Here's a vote for desktopstreaming.com. It's the support version of ExpertCity's gotomypc.com.

Not sure if a one-seat license is going to be a bit costly on a monthly basis for fog creek, but the tech is solid and the company is professional.

cheapo
Wednesday, July 31, 2002

You know, I bet if you call Webex and they could just remote control your computer for about three mintues...

I'm sorry, what was the question?

ID10T
Wednesday, July 31, 2002

Yep, WebEx. we use it all the time. little slow at times but allows remote control if you need it, or you can just watch what their doing and direct as needed. also suports multiple 'watchers' so very handy for conference type stuff and demos.

Ian White
Wednesday, July 31, 2002

You might try PE Bundle to put the exe and dll into a single package.  It's available from http://www.collakesoftware.com/

Cory
Wednesday, July 31, 2002

Try Webex, It's Really cool and useful. We handle all out tech support issues through WebEx.

Sachin Joshi
Thursday, August 01, 2002

I use GoToMyPC all the time to telecommute and it works great. The parent company, Expertcity, also sells a product called DesktopStreaming for remote support:
http://www.desktopstreaming.com/ad/corp/home

I have also used WinVNC on NT which also works well.
http://www.uk.research.att.com/vnc/winvnc.html

Good Luck!

It may be possible to write an executable script to "fix" the issues/registry keys/etc.

Mike Lohse
Thursday, August 01, 2002

Joel: If I have time I'll probably recompile TightVNC myself so it doesn't require the DLL.

I think it requires the DLL to install global Windows hooks, so you can't recompile it without the DLL.

Frederik Slijkerman
Thursday, August 01, 2002

PC Magazine had a recent review of remote access solutions.

Check out the review at: http://www.pcmag.com/article2/0,4149,271566,00.asp

In my experience, the choice of the remote control solution depends in large part of the customer's IT security policy and what they already have in place.

The larger the customer, the more difficult it is to setup a remote access/control/support solution on an on-going basis.

alex zaks
Thursday, August 01, 2002

Not to sound like a wize guy, but why don't you fix the setup?  Then, you wouldn't need the bandaid.

Why don't you post the problem you are having with it.  You could probably get some help from your many readers.

David Lanouette
Thursday, August 01, 2002

I'd separate the firewall issue from the remote control issue by having the customer's machine instantiate an ssh connection to a server at Fog Creek, with a remote port forward.

The remote port forward essentially works like this:  Connect from machine A to machine B using TCP, listen for TCP connections on machine B port X, and forward all those connections through the secure tunnel to machine A port Y.

You could then use VNC or a variety of other TCP-based remote control tools through this tunnel.  The server at Fog Creek just needs to run an ssh daemon, which is quite easy to set up.

An example command line for ssh would be "ssh -R 1234:127.0.0.1:5900 installhelp.fogcreek.com".  This forwards connections to port 1234 on installhelp.fogcreek.com to port 5900 (vnc default) on the customer's machine.  Installhelp.fogcreek.com can be configured to only accept connections on port 22 (ssh) from the outside, so only Fog Creek employees could connect to port 1234 and ultimately the customer's computer.

If you want to experiment with the tunnelling, I suggest you try putty and plink, both available at

http://www.chiark.greenend.org.uk/~sgtatham/putty/

- Marty

Marty Lamb
Friday, August 02, 2002

You might look into PC-Duo by NetSupport (http://www.pcduo.com). I have used it for over a year and it really works well.

John S. Dawson
Friday, August 02, 2002

Joel's idea about using TightVNC in listen mode sounds promising. 

In his instructions at http://www.fogcreek.com/rc.html he tells his client to use the address: fogcreek.com. 

So Joel has a dedicated IP address and the server at this address will be running the TightVNC viewer in -listen mode.

Would someone please elaborate about the setup required at the listening end if the listening end is behind a NAT that does not have a dedicated IP address?

RWilde
Saturday, August 03, 2002

You might want to look into Lotus's Sametime product. It installs as a dedicated server to which both parties connect, supports HTTP:80 tunnelling for the important bits (chat, whiteboard/screen-sharing), and supplies a couple of Java applets on the client side.  If you are interested in its many other features (IM server, authentication, A/V) Sametime becomes quite inexpensive for what it does; if all you want is half an hour per week for support stuff, it's obviously overkill.

Steve Kradel
Sunday, August 04, 2002

Try eGain Control. It uses http/https and works well through firewall. All it needs is fairly new version of IE browser on server machine and your machine.

http://www.egain.com/pages/Level2.asp?SectionID=2&PageID=918

Jack Chawla
Monday, August 05, 2002

Just as a quick note, I have used upx at upx.sourceforge.net to cut the size of our internet downloadable distributions.

Example:  15M dll ->  700K dll
(Now, I may be cheating a little.  A lot of the size of this dll is embedded XML resources, but other dlls and exes show similar results...)

Jeff Lewis
Monday, August 05, 2002

Simple is best:

Get the customer to take a screenshot using the "Print Screen" button and email it to you. You tell him what to do next. Repeat.

No installing software, no spending money, no punching through firewalls.

Matthew McNaughton
Monday, August 05, 2002

I've been using VNCX which is an ActiveX control and it works great.

http://tummy.veridicus.com/tummy/programming/vncx/

Brent Eldstrom
Saskatoon, SK Canada

Brent Eldstrom
Monday, August 05, 2002

Eventhough PCAnywhere is a hassle when installing, it works effeciently.
The firewall challenge can be defeated by setting up a RAS connection to a stand alone server with one sole purpose - to accept ras connections. From here, you can control the remote site via TCPIP over a ras line without fear of viruses entering your true network.
If this was a stupid idea, I apologize; I was only trying to share my suggestion.

David T Phan
Tuesday, August 06, 2002

Netopia has a Web-enabled remote control with web enabled remote control that utilizes the thinnest remote-control client available: 400K (PC/Mac ready)

You can also share files, push urls, and much more - all browser based.

http://www.netopia.com/en-us/ebusiness/products/ecare.html

Tal
Thursday, August 08, 2002

Joel,

You state above that you wish your solution consisted of one executable file. Why not give PEBundle a try.

http://www.collakesoftware.com/PEBundle/CSPEBundle.htm

Brent...

Brent Eldstrom
Monday, August 12, 2002

DesktopStreaming certainly worked for us. I used it for support at gateway.com and eventually brought it into our software company for remote support. It's not inexpensive, and the licensing structure was pretty inconvenient last time we checked, but then again...

ER
Friday, August 30, 2002

How about Dameware's mini remote control? It does a very simple remote install without reboot, and can even remove itself after you've finished. We use it for our remote network administration.  I think it's around $90?

Nick Coyne
Wednesday, September 04, 2002

Joel,

Most setup programs have a mode where they can generate a log file of what they do. You can have the client email you this logfile.
This might solve your problem.

Greg Bronner
Wednesday, September 18, 2002

hi,
i just was an client on the www.bestsella.com system.
it was impressing how easy it worked. but it costs about 15 euro min. per month

luke

Luke
Wednesday, May 21, 2003

Expertcity is the Best!

I use it and have had very good success.  Both Desktop Streaming and GotoMyPC are great!  I use GotoMyPC all of the time.  I'm amazed how fast and well it works.  It only takes 2 minutes and you are up and ready to go!  Try it out, you won't be disappointed!

Rachel Sky
Tuesday, June 03, 2003

Joel,

I'm curious where do you run the TightVNC listener on your end?

Ideally, I envision each FogBUGZ customer support person running the vnc listener on their own machine. If this is the case, how do you establish and manage connections? Can multiple sessions run simultaneously?

Obviously some external port routing is in order here. How did you solve this dilemma?

Matt Young
Thursday, June 12, 2003

Joel,

I'm glad you found my suggestion of VNC in listen mode to work out for you. I like the way you set it up with the instructions etc.

Regards,
Tim - http://www.kosmo.com/blogs/TimsBlog

Tim A
Friday, July 25, 2003

I'd recommend nTeras' RapidAssist.  It solved our problems with reaching clients behind firewalls and proxies.  It runs from their server or we can install it on our server and then runs through a browser. 

It is a lot less than WebEx...and does the job. If you're interested in video conferencing, etc. then maybe WebEx is the way to go, but other than that RapidAssist handled all of the troubles we were experiencing...especially with firewall issues.

Craig Horton
Thursday, August 28, 2003

Download and play with VNC reflector . It acts as a many to one vnc proxy  :

(Client) <---> (vnc reflector) <---> (Support)

DR. Frankenstein
Thursday, March 04, 2004

Does anyone know the answer to this.

Joel try using port 5500 that should get the job done.  Or just use your netstat -a command to determine the right listening port.

David Smith
Thursday, March 11, 2004

Joel...

Have yuou gotten this to work with TightVNC yet?
I have seen this work, so I know it can be done.
If you have any info or links that put the answer into perspective.. Please post or forward them to me.

Thanks....
Steve

Steve
Friday, May 14, 2004

I have set this up successfully and it is dirt simple.  The listening daemon runs on port 5500.  On the tech side, start TightVNC in listen mode.  You will need a static IP address on the outside and a PAT for 5500 or you can use NAT.  If you are doing this on Windows, I would suggest locking down the port map to 5500/TCP only.  The client must have TightVNC running and all they do is right click on the icon and select "Add Client" and type your IP::5500 in the dialog box and off you go.  No NAT/PAT or firewall rules should be necessary on the client (5500TCP is required outbound).  This works on Linux as well and is a great way to prevent your clients from exposing themselves by opening firewall rules. 

Daniel Flick
Friday, May 28, 2004

Try out WebEx Support Center.

14 day free trial
http://try.webex.com/mk/get/sc_free_trial?TrackID=1001883


Starter Pack
http://try.webex.com/mk/get/buyonline_sc

Jack Chawla
Thursday, July 22, 2004

*  Recent Topics

*  Fog Creek Home