?
Solved

Configure Small Business Server 2003 Remote Web Connection Use

Posted on 2006-04-04
16
Medium Priority
?
506 Views
Last Modified: 2008-01-16
Want to enable small biz server 2003 so that users can access any remote desktop, including the server, from the internet.

Questions:
What ports do I have to have open?  Already have ports 25, 80 and 443 open.
How secure will this be?
Without spending additional dollars, would there be a better way to do this?

Thanks
Eric
0
Comment
Question by:wileavere
  • 6
  • 5
  • 3
  • +1
15 Comments
 
LVL 19

Expert Comment

by:jss1199
ID: 16376209
Hi wileavere,

1.  Ports - For SBS Remote web Connection specifically, you need RTCP port 4125 open
2.  Security - As secure as other Microsoft products.
3.  Without spending more money - no.  You have purchased SBS, so take advantage of the functionality.

Cheers!
0
 
LVL 4

Expert Comment

by:omegamueller
ID: 16376210
Port is 3389
0
 
LVL 19

Expert Comment

by:jss1199
ID: 16376245
Port 3389 is for terminal server RDP whilst 4125 is used by SBS for Remote Web Workplace.  For this posters question, only 4125 should be opened.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:wileavere
ID: 16376288
Would it be more secure to use a VPN client on the users side and configure the SBS server to accept VPN connections?
0
 
LVL 19

Expert Comment

by:jss1199
ID: 16376384
No doubt that VPN is more secure.  You lose a bit of 'easy', but secure the box.  
0
 

Author Comment

by:wileavere
ID: 16376436
Jss1199,
I am actually trying to configure it so that we can have access to client's servers and workstations.  We have 3 sbs servers installed and would very much like to use what's included with sbs.

Any additional thoughts?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16377178
wileavere...

You do NOT want users accessing the server's desktop from ANYWHERE.  This is definitely a security risk.  As an administrator, you can access the server desktop for administrative purposes.  All other remote access should be via Remote Web Workplace.  It is quite secure.  (see http://sbsurl.com/security for more info)

You will also need to open port 444, by the way if you want access to companyweb remotely and 1723 for VPN access.  VPN access should be limited to those users with laptops.  Otherwise RWW is more secure and easier to use.

I'm curious about you having 3 sbs servers installed... i'm hoping that they are all in different sites.

Jeff
TechSoEasy
0
 

Author Comment

by:wileavere
ID: 16377727
Jeff,

Users will not be access anything remotely, just myself and my boss to support issues that arise.  We would like to have access to the server and to all the workstations.  The 3 SBS servers are at 3 different locations.

From what you are saying, the RWW is the easiest to use with still being secure.

Will I be able to access the server and all of the workstations?
I have port 1725 open on the router and pointing to the SBS server's internal IP address.  What changes to I need to make with regards to DNS records and so forth.  I already have an A record that points to my public IP address.  I use this for webaccess email.  I want to also use this as my RWW access, is that possible?

Thanks for any suggestions!

Eric
0
 

Author Comment

by:wileavere
ID: 16377781
Jeff,

If you could also post a link on how to configure RWW properly.

Thanks
Eric
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 16377845
If all you want to do is access the server and workstations for administrative purposes, then you should do that through Remote Desktop (port 3389) to the server and then using the server management console you can remote from the server to the workstation.  I have actually set up a pretty nifty Remote Desktop Management Console that does this for all the networks that I manage (see http://techsoeasy.com/m.jpg for a screenshot -- you'll see that there are three nested sets of connections there).

There is no "proper" configuration of RWW.  It's configured automatically during the installation of your server.  And if you have an A record that points to your public IP address then you can use that FQDN for whatever you want!  (Even use it in the Remote Desktop client instead of the IP address).  It'll work for https://server.domain.com/remote, http;//server.domain.com/exchange and even https://server.domain.com:444 for SharePoint access if you have port 444 open.

Here is the best overview of all of these settings:  http://www.microsoft.com/technet/prodtechnol/sbs/2003/plan/gsg/appx_c.mspx

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16377847
P. S. What is port 1725 open for?  VPN would be 1723, and RWW would be 4125, but there's no service for 1725.

You would NEVER need to make any manual changes to DNS records on an SBS (in most cases).  All configuration should be done with the wizards.

Jeff
TechSoEasy
0
 

Author Comment

by:wileavere
ID: 16381999
So you personally dont have an issue leaving port 3389 open?

I meant 1723 and 4125, mis-typed.

Ok, so I will open port 3389 for remote desktop to the server and then use server management to access the workstations.  I have strong passwords enabled on the network.  Is this the best I can do to keep things secure?
0
 

Author Comment

by:wileavere
ID: 16382373
Jeff,

I am having trouble.  I have opened the proper ports, but I am not able to connect to the server.  I have tried the FQDN (mail.domain.com) and also the IP address.

I get a Remote Desktop Disconnected window.  "The client could not connect to the Remote Computer.  Remote connections may not be enabled (they are).  Computer is too busy (I don't think it is).  Also possible network problems are causing the issue. Not sure able this.  I am trying to connect from with the same network using the FQDN.  I am able to resolve the FQDN to the ip add using ping.

Any suggestions?

Thanks
Eric
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16382722
After making ANY networking change, you need to rerun the Configure Email and Internet Connection Wizard (CEICW) -- listed as Connect to the Internet in the Server Management Console.

When running this wizard you need to enable the firewall and select the appropriate services to be allowed through the server.  If your router is UPnP, make sure that's enabled before running the wizard and it will configure it corrrectly as well.  

After running the CEICW, run the Remote Access Wizard.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16382919
Eric,

You may want to review the contents of this paper:  http://sbsurl.com/itpro which describes how all these cool features work on SBS.

Jeff
TechSoEasy
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question