• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1770
  • Last Modified:

Remote Web Workspace, ports opened, works internally, doesn't through the firewall

I have searched the answers for similar problems, but it seems that some of the answers to this question get solved with permissions or rejoining PC's to the domain etc.

We have a SBS2003 server for which we are ABLE to use remote web workspace in the office.  We are able to search, find the right PC and remotely control it. From inside the office, we use the internal private IP address, http://192.168.x.x/remote.  When we try to use it from outside the firewall, we logon to the small business server using the external FQDN, find the PC, attempt to connect, then we get the message:

VBSript:  Remote Desktop Disconnected
The client could not connect to the remote computer. Remote connections might not be enabled or the computer might be too busy to accept new connections.  It is also possible that network problems are preventing your connection.  Please try connecting again later.  If the problem continues to occur, contact your administrator.  (That's me!)

I suspected ports, but these ports are ALL forwarded through the firewall currently to the private IP address of the SBS:  25, 80, 443, 3389, 4125, 1723, 500 and a couple of others.  (I'm in the process of putting an external VPN appliance in to keep from having these pinholes in the firewall.  Then I know this problem will go away because we'll be inside the network with a local private address.  But that's about 3 weeks away and I need to get this working in the meantime.)

I had also suspected that the FQDN from the outside was confusing it, so I added an internal IP address in the SBS DNS that matched the FQDN name to the local internal IP address.

I've been to several of the other answers, but I must be missing something.  Can someone help?  Thanks!!!
0
kennygeorge
Asked:
kennygeorge
1 Solution
 
vico1CIOCommented:
Did you try to run ICW (Internet Connection Wizard) from Server management console.
That a very common step overlooked.
Run it let me know if that changed anything.
PS. Unless you are using port 500 for some other APP, you dont need it.

Ray!
0
 
chris_shawCommented:
Hi,

I think the problem is that you need to forward port 444 to the server as well as ports 443 and 4125.

Regards

Chris
0
 
kennygeorgeAuthor Commented:
Well, it started working on its own.  We think that the ISP that controls the firewall, must have NOT completed all their programming before we first tested.  Or, a necessary reboot was not performed after the changes were completed until over the weekend.  

At least my question outlines all the steps we took, and it works now.  

Port 500 is for L2TP for VPN purposes.

Thanks Ray and Chris for commenting.  The ICW was run in order to get the Exchange server working properly.  

I'm not sure about port 444, but we're not using it.

Thanks guys!

Ken
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
chris_shawCommented:
Ken,

Yeah, I had a look at my firewall and I had forwarded port 444 as well.  I checked and this is required for access to the Intranet site using Sharepoint from outside.  Remote web workplace only requires 443 and 4125.

It'll help if you want to allow access to your internal website from outside though!

Regards

Chris
0
 
CetusMODCommented:
PAQed with points refunded (500)

CetusMOD
Community Support Moderator
0
 
kennygeorgeAuthor Commented:
Thanks for the suggestions, but yes, it started working on it's own after doing what I outlined in the question.  It does work just fine now, so this is a good reference for what to do.

Ken
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now