Solved

Remote Desktop a client Behind SBS 2003 Server

Posted on 2008-06-11
10
976 Views
Last Modified: 2010-04-21
SBS 2003 SP2 configured with 2 Nics, internet connection is connected directly to a speedstream modem, the other connected to the internal network switch.  I am able to remote desktop into the server, I want to remote desktop into one of the client computers behind the server firewall.  I have changed the client listening port to 3390 and opened port 3390 via Routing and Remote access.  I then run the open port check tool via canyouseeme.org and the port is not open.  Is there another setting I need to make to open port?
0
Comment
Question by:StoutMan
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 21765198
Is the client firewall turned off too? i.e. on the workstation you need to access?  If it is turned on, you need to create an exception for remote desktop - especially as you have changed the port number, the default firewall settings will only open port 3389 for RDP.

Another point to note is that if you can remote desktop to the server, you can actually create another remote desktop session from the server to a client -and of course, it being from the server, you are already past one firewall.
0
 
LVL 6

Expert Comment

by:Eric
ID: 21765251
make sure you open the 3390 port on the client firewall.  also i know to change the port on a client with xp, i thought it required a registry change to force the different port number on the client to "watch"

How to change the listening port for Remote Desktop
http://support.microsoft.com/kb/306759

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21765475
There is no need for any of this. SBS is the only operating system offering Remote Web Workplace (RWW). Remote web workplace also you to connect to the SBS network using a web browser using SSL (more secure than direct remote desktop) and access the server or any PC on the network without changing listening ports or adding additional forwarders on the router. Also it eliminates the need to create custom firewall scopes due to SBS's default policies, and the need to enable routing on the SBS because of the 2 NIC's.  Once connected the RWW session is exactly the same as a Remote Desktop session.

RWW is easy to set up and implement, but you must use the wizards. It requires running the connect to the internet wizard under server management / internet and e-mail. If you also have a router you need to forward ports 443 and 4125 to the SBS.
An outline and some links with further information can be found here:
http://www.lan-2-wan.com/SBS.htm#q1
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 

Author Comment

by:StoutMan
ID: 21765959
I have made the registry change on the client computer and added firewall exception to the cleint computer.  While connected to the server I can remote into the client computer using port 3390 so I know th port is working.  Just don't know why the server firewall is not allowing the port to open.  This is a small office with only a few client computers and the office manager needs to access her computer only, or I would go the RWW route.  I have also tried to configure vpn access however I get error 723 when trying to connect, at one point it did work,now it just fails to connect.  Thanks for the help so far.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21766139
This is a complicated configuration and you have several issues to deal with if you are not going to use RWW. Firstly the exception on the client firewall by default is only for connections from the local LAN. You need to allow "all computers even those from the Internet". See:
http://www.lan-2-wan.com/RD-FW.htm
Then not only do you have to allow access from the Internet but you cannot configure the SBS firewall so you have to disable it. Next you have to configure port forwarding within RRAS to route the external packets from the WAN interface to the LAN PC.

RWW if SBS and clients were configured properly should take 5 minutes to enable. You can control who has access to it if you like.
0
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 21767267
If the remote desktop is working from the server, then the issue is the SBS firewall or the internet connection equipment.

Do you have a modem plugged directly into the SBS internet NIC, or is it a router?  Does this device have any firewall settings itself?  What modem is it?

It should be as simple as enabling exceptions in the basic firewall within RRAS to allow traffic through to the server.  Presumably this is how you got RDP to the server working in the first place?
0
 

Author Comment

by:StoutMan
ID: 21770389
The Speed Stream 5100 modem is connected directly to the Internet NIC (public).  The modem has no firewall and only stores the ATT username and password.  From the Routing and Remote access I right clicked on the network card (public) properties, services and ports and added port 3390 with the private address of 127.0.0.1.  This should open the port and allow me to scan and view it, however it comes back closed.
0
 
LVL 24

Accepted Solution

by:
purplepomegranite earned 500 total points
ID: 21770420
With the private address of 127.0.0.1, you are pointing port 3390 at the SBS server.  It comes back closed as SBS doesn't have anything listening on port 3390 (it IS closed).

You need to point it at the IP address of the client workstation.  You may wish to give this workstation a reserved IP address in DHCP to ensure it always has the same IP.
0
 

Author Comment

by:StoutMan
ID: 21770890
That did it, I don't know what I was thinking not pointing it to the worksation.  I will reserve the IP and that should be it.  Thanks for the help.
0
 

Author Closing Comment

by:StoutMan
ID: 31466405
Thanks
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now