Solved

Remote Desktop a client Behind SBS 2003 Server

Posted on 2008-06-11
10
958 Views
Last Modified: 2010-04-21
SBS 2003 SP2 configured with 2 Nics, internet connection is connected directly to a speedstream modem, the other connected to the internal network switch.  I am able to remote desktop into the server, I want to remote desktop into one of the client computers behind the server firewall.  I have changed the client listening port to 3390 and opened port 3390 via Routing and Remote access.  I then run the open port check tool via canyouseeme.org and the port is not open.  Is there another setting I need to make to open port?
0
Comment
Question by:StoutMan
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 21765198
Is the client firewall turned off too? i.e. on the workstation you need to access?  If it is turned on, you need to create an exception for remote desktop - especially as you have changed the port number, the default firewall settings will only open port 3389 for RDP.

Another point to note is that if you can remote desktop to the server, you can actually create another remote desktop session from the server to a client -and of course, it being from the server, you are already past one firewall.
0
 
LVL 6

Expert Comment

by:Eric
ID: 21765251
make sure you open the 3390 port on the client firewall.  also i know to change the port on a client with xp, i thought it required a registry change to force the different port number on the client to "watch"

How to change the listening port for Remote Desktop
http://support.microsoft.com/kb/306759

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21765475
There is no need for any of this. SBS is the only operating system offering Remote Web Workplace (RWW). Remote web workplace also you to connect to the SBS network using a web browser using SSL (more secure than direct remote desktop) and access the server or any PC on the network without changing listening ports or adding additional forwarders on the router. Also it eliminates the need to create custom firewall scopes due to SBS's default policies, and the need to enable routing on the SBS because of the 2 NIC's.  Once connected the RWW session is exactly the same as a Remote Desktop session.

RWW is easy to set up and implement, but you must use the wizards. It requires running the connect to the internet wizard under server management / internet and e-mail. If you also have a router you need to forward ports 443 and 4125 to the SBS.
An outline and some links with further information can be found here:
http://www.lan-2-wan.com/SBS.htm#q1
0
 

Author Comment

by:StoutMan
ID: 21765959
I have made the registry change on the client computer and added firewall exception to the cleint computer.  While connected to the server I can remote into the client computer using port 3390 so I know th port is working.  Just don't know why the server firewall is not allowing the port to open.  This is a small office with only a few client computers and the office manager needs to access her computer only, or I would go the RWW route.  I have also tried to configure vpn access however I get error 723 when trying to connect, at one point it did work,now it just fails to connect.  Thanks for the help so far.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21766139
This is a complicated configuration and you have several issues to deal with if you are not going to use RWW. Firstly the exception on the client firewall by default is only for connections from the local LAN. You need to allow "all computers even those from the Internet". See:
http://www.lan-2-wan.com/RD-FW.htm
Then not only do you have to allow access from the Internet but you cannot configure the SBS firewall so you have to disable it. Next you have to configure port forwarding within RRAS to route the external packets from the WAN interface to the LAN PC.

RWW if SBS and clients were configured properly should take 5 minutes to enable. You can control who has access to it if you like.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 24

Expert Comment

by:purplepomegranite
ID: 21767267
If the remote desktop is working from the server, then the issue is the SBS firewall or the internet connection equipment.

Do you have a modem plugged directly into the SBS internet NIC, or is it a router?  Does this device have any firewall settings itself?  What modem is it?

It should be as simple as enabling exceptions in the basic firewall within RRAS to allow traffic through to the server.  Presumably this is how you got RDP to the server working in the first place?
0
 

Author Comment

by:StoutMan
ID: 21770389
The Speed Stream 5100 modem is connected directly to the Internet NIC (public).  The modem has no firewall and only stores the ATT username and password.  From the Routing and Remote access I right clicked on the network card (public) properties, services and ports and added port 3390 with the private address of 127.0.0.1.  This should open the port and allow me to scan and view it, however it comes back closed.
0
 
LVL 24

Accepted Solution

by:
purplepomegranite earned 500 total points
ID: 21770420
With the private address of 127.0.0.1, you are pointing port 3390 at the SBS server.  It comes back closed as SBS doesn't have anything listening on port 3390 (it IS closed).

You need to point it at the IP address of the client workstation.  You may wish to give this workstation a reserved IP address in DHCP to ensure it always has the same IP.
0
 

Author Comment

by:StoutMan
ID: 21770890
That did it, I don't know what I was thinking not pointing it to the worksation.  I will reserve the IP and that should be it.  Thanks for the help.
0
 

Author Closing Comment

by:StoutMan
ID: 31466405
Thanks
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now