Allowing Accessing to Terminal Server via Internet

Terminal Services Operates on Port 3389 - this port must be publically accessible (or better yet, a VPN should be setup so you're not doing things insecurely).

To access via Internet Explorer - AND ONLY Internet Explorer (Not Netscape/Firefox/Mozilla/Opera), you need to setup the Terminal Server Web client on a public web server.  Then the users will connect the web server and an ActiveX control will be installed on their system that allows Terminal Services to connect to a specified server.

Have a look here:
http://blogs.msdn.com/tristank/archive/2004/03/18/91806.aspx

And download here:
http://www.microsoft.com/windowsxp/downloads/tools/rdwebconn.mspx

Hello

I have been using terminal services via the internet for several years, it works well for a lot of applications.  VPN connections will improve security, thought I have not experienced any attacks on the terminal server.  And like "leew" said it is really pretty simple, once port 3389 is opened on the firewall and you have setup the Terminal Server Web client the users should be able to connect, I might note that if they do not agree to the ActiveX control installation they will not be able to access the server.

Pls post any further questions.

Lyle

what version of windows server are you using... 2003 SBS comes with a web terminal services option...

Okay, that makes sense to me so far.  However here is the first problem, I think.  Keep in mind I'm not very good with Terminal Services.

With in my network I can use a Terminal Service client to connect to the server.  I logs me in with a user name and password all by inself and brings up the 1 application I want people to have access to.  When I close the application it disconnects the session.  All this is wonderful.  However if I try to use remote desktop with in my network, it will not connnect at all?  I think this is where I need to start, correct?

I am using Windows Server 2003 standard edition.

I have installed the web client that Leew gave me a link to.  However, not sure what else needs to be done.  Again, I believe my firewall and router are all set with allow access to the Server.

Another thing is I've been told I need to allow the UDP protocol to pass throught the firewall to, is that true or is that specific to the application.

by remote desktop are you meaning the web client? or the remote desktop client for windows xp?

You cannot remotly connect to the server via name or IP?  Once terminal services is installed you should be able to connect via remote desktop from a XP client.

Lyle

The only port needed to make Terminal Services work is TCP 3389

I believe that the protocol that you need to have open is the TCP protocol.

Lyle

I am trying to establish a connection via remote desktop built in to XP by the IP address with in my network.  Figured that would be the best first step.  Works with TS Client with in my network, just not remote desktop built into XP.

IP is supposely passing through my firewall.  My firewall people said they were able to telnet to my server.  

That doesn't mean they opened the right port - Telnet uses port 23, RDP uses 3389 - your network people should know that, but if they don't know what you're doing, then they might not have set things up correctly.

Are you using remote desktop over a WAN?  From inside your network you should be able to connect to the server with no problem since you are on the same subnet.  I am a bit confused why you need the firewall to access internal resources.

Lyle

I guess the remote desktop feature does not really matter.  I was just trying to verify remote desktop worked before I went any farther.  As I said before I can us the Terminal Service Client and connect to the box with in my network, however I can not use remote desktop built into xp with in my network to connect to it, even as Administrator.

Okay, I put my internal IP address in to remote desktop and it functioned exactly how I expected it to.

However when I put the internal IP in Internet Explorer it did not work.  I tried it with :80 and :3389 after the IP.  Am I doing this right?

try http://{internal ip address}/tsweb

I believe that you would have to enter the name you configured in the Terminal Services Web client.  

Lyle

No, Internet Explorer cannot be used to connect to a Remote Desktop connection.  You can use a web page, VIEWED with internet explorer, that will install an ActiveX control on your computer and then permit you to connect.

Have a look at this link I posted earlier for a hopefully better explanation:
http://blogs.msdn.com/tristank/archive/2004/03/18/91806.aspx

okay remote desktop is working on both internallly and externally.

now all I need is the web portion to work.

What?  You can't specify http://servername:3389 and connect to the session.

Using the Remote Desktop Web Connection, you can connect using IP Addresses (I just did it - you just can't specify alternate ports)

When you try to connect via the web, how are you trying to connect - copy and paste the URL you are using

okay, i had someone try to connect to http://ipaddress:3389 and it did not work.  Do I need to bring up the web page on my server? or do something else with the web software.

We do not host are own webserver here.

So if I edit my home page so that it has a link to my terminal server it will work or do I actually need to install software on the webserver?

You need that software installed on a web server.  HTTP: is MUCH different from RDP: Terminal Services is a RDP: based thing, Web pages (and IE) are HTTP: based things.  The Web Connection software is a gateway between the two.

This is what you need to see on the web page (although this is customized for use with this company - uncustomized, it will work generically)
http://dpasysops.hss.state.ak.us/tsweb/Default.htm

okay so I guess this will never work unless I host my own web server, right?

Either way you have all been a huge help in getting this setup. Exspecially you Leew.

Not sure how I'm going to split up all the points but Leew you have been the most help.  Any suggestion on how I shoud split them up?

you can install iis on your server and access it via the ip address... independent of where your website is actually hosted... then put a link on your website to the ip address of your terminal server which would bring up the webpage...

kain21 is generally correct.  As long as you have a server running IIS5 or IIS6, you can install the TSWEB software on that server.  You would then have to open ports in a firewall and allow the site to be accessed externally.  Assuming it is, you can then use the terminal server.

I would instead recommend you put the RDP Client (available here: http://www.microsoft.com/windowsxp/downloads/tools/rdclientdl.mspx ) on to a public web server so you can always download it and install it to any computer.  Once installed, you can run it any time.  This client is better than the web one because you can control things like color depth, wallpaper, sound, etc coming through the connection - items that can significantly slow down your performance.  (Note - not all this applies to all connections - when connecting to a Win2K system, your depth is limited to 256 Colors and you can't transfer sound, etc (only printers)).

Again, Thank you all of your help.

Okay, I've install IIS on my Terminal Server but did not configure it in anyway.  Also I put a link to the IP address of my terminal server on my web site.  Do I need to include a port in the link?  If so do I just put a <:3389> after the IP address?  

As for putting the http://www.microsoft.com/windowsxp/downloads/tools/rdclientdl.mspx on the webserver, are you talking the software or just the link?  I'm sure I can not add software to the web server as it is housed by a third party.

the software you need to install on your terminal server is at this site... it should configure iis for you...  http://www.microsoft.com/windowsxp/downloads/tools/rdwebconn.mspx     the link you need to put on your website will more than likely need to be http://(your terminal servers ip address)/tsweb

Either the link or the software can be put on the web server - the idea being to provide you and/or your company an easy way to get the software when traveling/at home.

Otherwise, the Remote Desktop Web Connection software kain linked you too is what you need.  

Okay,

  Here's what I did.  Since IIS was not installed when I orginally installed TSWeb, I reinstalled the TSWeb software.  

Then I changed the link on my home page to http://ipaddress/tsweb - Page still times out.

Do I need anythig else?  Share the TSWeb folder?  Also someone mentioned above that it would not work with an IP address it had to be a server name, is that correct or was that person misspeaking?  Also Leew a few submitts before when you gave an example you used a server name and not an IP address.

okay, I think I got it to work.  Howeverwhen the webpage open it asked for a server name.  Is there anyway to bypass this?

unfortunately.. i don't believe so... you always have to tell it what server you want to connect to... it allows you to connect to workstations as well...

As kain21 said you will have to tell the TSWeb connection where you would like to connect, I believe the default is the server itself (the one with the software installed on it).  Glad to hear that you were able to get the service up and running.  

Lyle

Sorry, guess it's not fixed.  Some how it works for me but not from another person outside the company.  This is a far as I've made it so I thought it was working but once I had an outsider try it doesn't work.

Any more ideas why?  

do they see the webpage? if not are they trying to access the webpage by ip address? another problem could be port 80 isn't making it to your server from the outside.. if they can see the webpage but can't launch the remote desktop connection then port 3389 may not be making into your network from the outside or they may not be able to install the activex control required to launch the remote desktop connection...

So here's the deal.

    If I go to my home page and click on the link it redirects me and allows me in.

   If an outsider open Remote Desktop and types in my public IP address it lets them in.

   If an ousider goes to my home page and clicks on the link it times out and does not find the server.  

I'm sure I'm real close.  

How do I have them install the active X control?  

It never makes it to the web page.

sounds like you need to call your firewall people and have them allow port 80 in to your network...

the activex control doesn't get installed until you get the website and attempt to connect to a server...

Okay, let me try that....

I thought open up port 3389 was enough, but I guess I'll need to open up port 80 also.  Does that sound right?

ahh, I see..  Thanks, I'll call my fireawll people.

Okay you guys are geniuses and are getting me closer with each step.

Now they are able to get to my remote desktop.  However if they put the server name in they don't get in.  If they put the IP address in for server name, it works?  Any idea why this work, that way?

do you mean get in by getting to the website?

if you use the ip address to get to the website it will work because no name resolution is having to take place... if you use the server name then you would have to have dns setup somewhere to resolve the server name to the ip address...

DNS.  There must be a DNS entry on a publically accessible DNS server for the users to put in a name instead of a number.

Ahh,  I see.  Can I add that to my Terminal Server, if so, how's?  Not too good at DNS (Surprise).. :)


Thanks again, guys..

you would need to call the company that hosts your dns and ask them to create a new A host record... something like remote.(yourdomainname).com ... and have them point it to your ip address... or you could register a new domain name and have it point to your ip address...

Not really.  The DNS server, to be appropriately available would have to be registered with a Domain Registrar.  You would be better off contacting the company that hosts your web site - they probably run your DNS as well.  Ask them to add an entry for your Terminal server and clients.

Okay, you guys have been great.  I will split up the points accordingly.
 
I am new to this service so please let me know if you think this would be appropriate.

Leew = 250
Kain21 = 200
lyle-granger = 50


Does that sound fair to everyone?  

If not let me know and I'll figure out something that works for everyone.

works for me

No objection from me (wouldn't care much about the points, but I do hope to list EE on my resume... so the ranking with points is nice...)

Not sure how the points even work for you guys but they must be nice to have.

Have a great day...

Now I will be able to go on vacation.

What a great use of $10 a month.

No Prob here..Thanks...its a pleasure to help.  Enjoy your vacation :-)