Description of the Remote Assistance Connection Process (300692)


The information in this article applies to:

  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows Small Business Server 2003, Premium Edition
  • Microsoft Windows Small Business Server 2003, Standard Edition
This article was previously published under Q300692

SUMMARY

This article describes the contents of the Remote Assistance invitation file that is sent from the Novice to the Expert. This file is created when the Novice uses the Email or Save invitation as a file option in Remote Assistance. This article does not address using Windows Messenger to establish a Remote Assistance session. For additional information about Remote Assistance, click the article number below to view the article in the Microsoft Knowledge Base:

300546 Overview of Remote Assistance in Windows XP.

This article provides more in-depth information about how Remote Assistance works and assumes that you, the reader, have a general understanding of Remote Assistance as explained in the article Q300546.

MORE INFORMATION

The Remote Assistance Invitation file is written in Extensible Markup Language (XML) and can be read and edited in a text editor such as Notepad. Remote Assistance invitation files uses the following extension:

.MsRcIncident

In Windows XP, this extension is associated with Help and Support Center. When the Expert executes the .MsRcIncident file, Windows starts Help and Support, and then Help and Support passes the information to Remote Assistance. Remote Assistance then parses the file and starts the process of initiating a Remote Assistance session with the Novice computer that created the file.

In this article, the terms ".MsRcIncident file" and "the invitation" are used interchangeably. The term "ticket" refers to the record of the invitation held on the Novice's computer.

The Novice computer has a built-in local user account called HelpAssistant. This account is disabled by default and has a randomly generated strong password. The account has limited privileges and is used by the Expert to logon to the Novice computer during the Remote Assistance session.

The Novice Invites the Expert to Connect to Their Computer

When the Novice's computer creates the invitation file, the following actions occur:
  • The HelpAssistant account is enabled.
  • An entry in the Novice's table is created.
  • The following information is obtained from the Novice's computer: IP and computer name configuration information including requesting port mapping from any Universal Plug-and-Play (UPnP) Network Address Translation (NAT) servers on all interfaces on the Novice computer. If a UPnP NAT server is present, it responds with its external IP address and a port number reserved for the Novice computer. The UPnP NAT Server begins mapping traffic on the IP:PORT to port 3389 on the NAT Client Novice computer.

The Expert Executes the Invitation File

The Expert executes the invitation file to start a Remote Assistance session. On the Expert's computer a message is displayed inviting the Expert to connect to the Novice's computer. Remote Assistance uses the following information contained in the .MsRcIncident file to display this message:
  • The name that the Novice specified during the creation of the invitation, which is displayed to inform or remind the Expert who submitted the invitation:

    USERNAME="Kim Abercrombie"

  • Whether or not a Password was set by the Novice during the creation of the invitation:

    RCTICKETENCRYPTED="1"

  • The time that the invitation was set to expire at the time of creation. The Novice can expire any invitation at any time by using the View invitation status page:

    DTStart="992646863" and DTLength="60"

USERNAME="Kim Abercrombie"

The name to be used is contained in the USERNAME field as in the example above where Kim Abercrombie is the name the Novice specified when creating the invitation.

Note: When the Novice creates the invitation, Remote Assistance pre-populates the Enter your name box with the current profile name. The Novice may change this name.

RCTICKETENCRYPTED="1"

To determine whether or not to prompt the Expert for a password, Help and Support center looks at the RCTICKETENCRYPTED field. If it set to "0", the Expert is not prompted for a password. If it is set to "1", the Expert is prompted for a password. The password entered by the Expert is sent to the Novice's computer.

DTStart=="992646863" and DTLength="60"

Remote Assistance uses the DTStart and DTLength fields to calculate the expiration time set by the Novice when the invitation is created.

Note: This time will be adjusted to the local time of the Expert computer.

The expiration time as displayed to the Expert is only informational. The Novice can cause the invitation to expire at any time by clicking Expire in the View invitation status page in Help and Support Center. This causes the ticket on the Novice computer to expire. Although the message that is displayed to the Expert shows that the invitation is still open when a connection is attempted, the Novice computer refuses the connection because the ticket has expired.

If the Novice chooses to expire the ticket prior to the invitation's preset time, the Experts invitation does not reflect this change and the message displays the original expiration time that was set at the invitations creation.

You may be concerned that the Expert could "trick" the Novice computer by adjusting the time on the Expert computer; however, this is not possible. To demonstrate this, refer to the following example scenario:

Example

If an invitation is created in Dallas with an expiration time of 4:00 PM central time, and the Expert opens the invitation in a location 1 hour behind Dallas time, such as Provo Utah, at 3:35 PM Provo time (4:35 PM Dallas time) the message would show the ticket as expired because it would be 4:35 PM in Dallas, and the Novice computer would have set the status of the ticket to Expired.

If the Expert in Utah were to set the system clock on their computer in such a way as to make the invitation message appear as not expired on the Expert computer, the Expert would then be able to attempt a connection to the Novice. When the Novice computer receives the attempt it immediately declines to start a Remote Assistance session. There is no user interaction required on the Novice's computer when this occurs.

Starting the Remote Assistance Session

When the Expert clicks the Yes button, Remote Assistance calls Help and Support APIs to initiate the session. Help and Support relies on Terminal Services to negotiate the session. Help and Support Center pass the Remote Assistance invitation file to Terminal Services. Terminal Services uses the information it receives in the RCTICKET field to negotiate a connection with Terminal Services on the Novice computer.

The RCTICKET field contains a list of all IP addresses on the Novice computer at the time of the invitations creation with a port number in the format of IP:PORT.

Remote Assistance makes use of UPnP NAT management, which enables Remote Assistance to work when the Remote Assistance Novice is behind a UPnP-compliant NAT Device.

Windows XP Internet Connection Sharing is the only NAT solution that is UPnP compliant. Example

Note: The following text is wrapped for reading purposes only. 
   RCTICKET="65538,1,128.54.161.5:3389;kim.redmond.microsoft.com:
   3389;10.0.0.5:3389,5UACB9zFYZnq5tcVDHA=,Aujb46Sne5TByHUYLgGYO2oavzR+ZPBvhOo/OkTN5GI=,
   SolicitedHelp,50dQeOP0esX18JQjTVzkC/fmJFj/XxsB5DcbU8hk5k6nk+QegA03gA==,
   eS69KnKxOHg2wZtNCkm4ixs8AuI="
65538,1: This is for version information and flags.

128.54.161.5:3389;kim.redmond.microsoft.com:3389;10.0.0.5:3389: This is a list of IP addresses and port numbers that were present on the Novice computer at the time the Invitation File was created.

Terminal Services starts attempting connections with the first interface in the list, 1128.54.161.5:3389 in this case. If there is no response in 30 seconds, Terminal Services moves to the next interface, kim.redmond.microsoft.com:3389, and finally Terminal Services will try to connect to 10.0.0.5:3389.

If this connection is not successful, Terminal Services informs Help and Support Services, which in turn informs Remote Assistance which generates the following message:
Remote Assistance

A Remote Assistance connection could not be established. You may want to check for network issues or determine if the invitation expired or was cancelled by the person who sent it.

[OK]
Terminal Services on the Expert computer passes the credentials for the HelpAssistant account to the GINA on the Novice's computer. If the credentials are accepted, the Expert logs on to the Novice's computer using the HelpAssistant account.
Remote Assistance displays a message asking the Novice if they want to start a Remote Assistance session with the Expert at that time. If the Novice is logged on to multiple sessions, each session receives this prompt.


Before the Expert is allowed to connect to the Novice computer, the Group Policy Settings are checked. If the Policies do not allow the Novice to receive Remote Assistance the connection is refused.
If all the credentials are met the Remote Assistance session is established using the RDP protocol and Port 3389 through Terminal Services on the Novice and Expert computers.

At this point the Expert can only see the Novice's desktop. The Expert must request to take control of the Novice's computer and the Novice must allow control by clicking yes to the corresponding prompt. If the Novice wants to take back control at any time during the session, the ESC key can be pressed.

When the Ticket Expires


Remote Assistance maintains a table of all open tickets in the HKEY_LOCAL_MACHINE hive of the registry. When there are no open tickets, Remote Assistance disables the HelpAssistant account and removes the Allow logon through Terminal Services right in one hour. Remote Assistance also turns off any port mapping on UPnP-compliant NAT devices.

The ticket expires automatically when the time limit has expired. A user that is a member of the Owner or Administrator group on the Novice computer can also cause the ticket to expire at anytime by performing the following steps:
  1. Click Start, and then click Help and Support.
  2. Click the Remote Assistance link.
  3. Click the View invitation status link.
  4. Select the desired open ticket to expire.
  5. Click the Expire button.
When a ticket is in the expired state, any invitation files that is used to connect to the Novice computer fails and there is no message or logging to inform the Novice that Remote Assistance has declined an expired ticket.
Modification Type:MinorLast Reviewed:1/15/2006
Keywords:kbinfo KB300692
©2004 Microsoft Corporation. All rights reserved.