[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How do I connect to multiple Remote Desktop PC's which are behind a NAT firewall (no VPN)

Posted on 2007-10-15
14
Medium Priority
?
955 Views
Last Modified: 2013-11-21
Hello,
I installed remote desktop web connection on a windows 2003 server.  I have port 3389 forwarded to this server through the firewall.   When I got to http:\\publicip\tsweb  I get the good screen.  If I put the private ip address here (or local computer name), I can get to all 10 windows xp remote desktop pc's when I am on the local network but not from the public internet.  

So I know each pc is setup correctly, the firewall is port forwarding to the Remote Desktop web connection server ok.   Am I misunderstanding how RDWC works?  Do I have to create a custom port for each desktop pc (3390, 3391, etc) and just forward those directly to the pc's?  If so, what is the use of RDWC?  

I hope I am just missing something.    And yes, VPN will solve this.

Thanks in advance,
Berne
0
Comment
Question by:fitzpab
  • 7
  • 5
  • 2
14 Comments
 
LVL 6

Expert Comment

by:karlwilbur
ID: 20082522
I think that your simplest solution would be to create multiple ports as you suggested.
0
 
LVL 1

Author Comment

by:fitzpab
ID: 20082557
Thanks for responding.  I know that will be a solution.   I was just wondering what the use of remote desktop web connection is then.   It is easier to create a local remote desktop icon to go straight through everything.   It seems the RDWC is for connecting to multiple pc's (like you can do with SBS 2003).  Am I missing something?
0
 
LVL 6

Expert Comment

by:karlwilbur
ID: 20082603
RDWC is mainly for systems that do not have a RDP Client. It allow these systems to use an activex control from within IE to connect to the RDP server.

There is also the added benefit of being able to pass connection through to other servers, which is what you are doing.

To achieve that you'd do something like this (assuming the default configuration):
http://publicip/TSWeb/default.htm?Server=servername

or this:
http://publicip/TSWeb/default.htm?Server=serverip
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
LVL 5

Expert Comment

by:thecomputerdocs
ID: 20082665
I wouldn't recommend opening ports in your firewall for remote desktop. Opening any ports in your firewall has risks associated with it.
How about using something like logmein.com....It's free, and you can enjoy the ability to connect to multiple connections. It also creates logfiles of your connections, for support accountability...
AND, I love this....check out their logmein ignition program...it's like an instant messaging application, but lets you fire off remote connections as easily as how you'd IM someone...
Hope that helps...
0
 
LVL 6

Expert Comment

by:karlwilbur
ID: 20082682
I have to agree whole heartedly. Opening firewall ports for RDP is not a good idea.
0
 
LVL 5

Expert Comment

by:thecomputerdocs
ID: 20082742
0
 
LVL 1

Author Comment

by:fitzpab
ID: 20082769
Thanks guys,
Yeah, I'm a big Logmein user.  I have already been using that, it's just the free version doesn't let you remote print or transfer files.  I might to back to it if this is what I'm thinking it is.

Your post about the pass-through is a little confusing.  Does this mean if I put RDWC additionally on the XP PC's, I can get to them?  Your "default.htm?Server=servername" extension makes me think that.  Right now if I put that server or IP name in, I just get an error.

http://publicip/TSWeb/default.htm?Server=servername

or this:
http://publicip/TSWeb/default.htm?Server=serverip
0
 
LVL 1

Author Comment

by:fitzpab
ID: 20944864
In good conscious, none of the responses answered the issue so I don't want to accept anything and mislead other techs when they search.  Please close with no solution
0
 
LVL 6

Expert Comment

by:karlwilbur
ID: 20945075
fitzpab,
Sorry, I didn't see you post above ( ID: 20082769 ) until just this minute.

What error are you getting from the private IP address?

You may need to have a public IP address for each system.

A little Googling turned up this web page, which might help explain the URL params a little more:
http://dev.remotenetworktechnology.com/urlparams.htm
0
 
LVL 6

Expert Comment

by:karlwilbur
ID: 20945096
this:
http://publicip/TSWeb/default.htm?Server=servername
or this:
http://publicip/TSWeb/default.htm?Server=serverip

Could be something like:
http://www.somedomain.tld/default.htm?Server=host1.local
or:
http://www.somedomain.tld/default.htm?Server=192.168.0.1

But I can't recall if the ipaddress / hostname needs to be public (i.e Public IP or FQDN with public DNS record). Please let me know what error you are getting.
0
 
LVL 1

Author Comment

by:fitzpab
ID: 20951272
Hello Karl,
thanks for the response
http://dev.remotenetworktechnology.com/urlparams.htm is not a valid site (or it's down right now)

I know I could do seperate public IP's for each RDP connection and just forward port 3389.   I don't have that many public IP's.

The error is related to the private IP's can't be found on the public internet.
-B
0
 
LVL 6

Expert Comment

by:karlwilbur
ID: 20951348
0
 
LVL 6

Accepted Solution

by:
karlwilbur earned 2000 total points
ID: 20951619
I think that you may not be able to make this work without port forwarding. RDWC only provides a way to tie into the RDP server without having RDP client installed by implementing an activex control. It looks like you cannot "pass through" a server. You need to have direct access to the intended box (via port forwarding if needed).

I was certain that I had done it before. But now, after thinking about it a bit more, I recall that I did end up opening ports for clients to use public ports for RDP adn just forwarded a single port to a single box. The TS Web was working for Intranet, but in those cases the private IP address was directly accessible.

I used non-standard ports on the public interface, but if I were going to do such a thing again, I'd recommend looking in to "port knocking" before just opening up public ports directly into a RDP server.

0
 
LVL 1

Author Closing Comment

by:fitzpab
ID: 31408180
Thanks Karl,
That was what I figured but I wanted to check.
Regards,
Berne
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question