Edit1 Summary
ScreenConnect needs to be exposed to external users for them to be able to join sessions. This is typically accomplished by forwarding ports on your firewall or router. This article details the steps to forward the ports.
Edit2 More Information
Edit2.1 Determine server internal IP address
The first thing you must do is to determine the internal IP address of the server. You can determine the IP address by opening a command prompt and using the command
IPCONFIG. You should see results similar to the results below, where the ScreenConnect server IP address is 192.168.1.3:
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
Once you have identified the IP address of the server, you are ready to forward the ports to
this IP address.
Edit2.2 Identify required ports
ScreenConnect listens externally on TCP ports 8040 and 8041 by default. However, if you have changed these ports (see
HOWTO-0003: Changing ScreenConnect ports), you will need use ports you have defined.
Edit2.3 Forward ports on router
Because of the differences in configuration of each firewall and router, we recommend an external tool for configuration. To open the ports:
- Open the port forwarding guide for ScreenConnect in your browser window.
- Choose your router.
- PortForward will display an advertisement for their product that helps with forwarding ports. The product is not necessary and the advertisement can be skipped. (Fig. 1)
 Fig. 1: Skipping the PortForward.com advertisement |
4. Follow the directions on the wizard, but if you've
changed ScreenConnect ports, enter your ports instead of 8040 and 8041.
Note: In version 1.1 and below, to connect to the Relay, the web server does a DNS lookup of the host address in the user's address bar and uses the resulting IP address with the Relay port to connect to the Relay. In version 1.2 and above, the client does the DNS lookup itself, ensuring it resolves to the same address used to contact the web server.Edit2.4 Open ports on personal firewall
If you have a personal firewall installed on the ScreenConnect server, you will need to add exceptions for it also, using ports 8040 and 8041. If you've changed ScreenConnect ports, enter your ports instead of 8040 and 8041.
Windows firewall versions:
Other personal firewalls:
Edit2.5 Test ports for external accessibility
Test that your efforts were successful by using our
Port Test Tool.
The port test tool will pre-populate itself with your external IP address and ports 8040 and 8041.
The status tab on the
administration page will also provide some diagnostic information for external accessibility.
Edit2.6 Troubleshooting
If the external connection fails, there are typically four reasons why that could happen.
- Incorrect URL - When opening ScreenConnect through the Windows start menu, the page will open in a browser with the local address in the address bar. For guests from outside of your network to connect to your ScreenConnect installation, they must use your external location that is accessible across networks. You can find your external location (external IP address) at What is My IP?.
- Ports on the router need to be forwarded - You will need to access your router's administration page (the IP address is usually found on the router itself) and forward specific ports. See INFO-0004: Example of Port Forwarding for more information.
- The Windows Firewall is blocking the program
- An antivirus firewall is blocking the program
Edit3 References