Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

External Connection to W2K3 Terminal Server as part of SBS2003 Domain

Posted on 2008-10-31
6
Medium Priority
?
405 Views
Last Modified: 2012-06-27
I am trying to figure out how to set up external connection to Termainal Server for users. I brought in a second server running W2K3 and added it to part of the domain of the SBS2003.  I am able to connect via Remote Desktop internally (Server name and ip) but cant to seem how to figure out how mobile users can get access.  I want to keep the ability of having Terminal Server for the SBS2003 server for administrators roles but have everyone else going to W2K3.  We have ISA rules to allow for access so currently access but when ever we connect i can only get the SBS server rather than the W2k3

Have looked and cant seem to find anything.  How do you configure this for external access?

We are running SBS 2003 R2 with ISA 2004.  

ipconfig /all

LAC
physical .......               0019-b9-ec-68-32
DHCP endabled           No
Ip addr                         192.168.16.2
Subnet mask               255.255.255.0
Default Gateway
DNS Server                  192.168.16.2
Primary WINS Server   192.168.16.2

Network Connections
Physical Addr                00-19-b9-ec-68-34
DHCP endabled           No
Ip addr                         67.79.193.74
Subnet mask               255.255.255.0
Default Gateway         67.79.193.73
DNS Server                  192.168.16.2
NetBios over Tcpip      Disabled

Secondary server running W2K3 - 192.168.16.32
0
Comment
Question by:atmdman
  • 4
6 Comments
 
LVL 24

Expert Comment

by:ryansoto
ID: 22851845
Externally you shoudl set up a name such as ts.domainname.com and point it to the external interface of your firewall.
You then need to configure yoru firewall to allow traffic on port 3389  and forward to the internal IP of the terminal server.
This will get access going ... from the network standpoint.
Next you need to put all the members you want to allow access to the terminal server in the remote users group.  This will allow access from the windows standpoint.

Here are some articles you should read over...
You just cant install applications they same way your used to they have to be installed a special way.  Also configuration is critical to making a TS work well

http://technet.microsoft.com/en-us/library/cc779334.aspx
http://support.microsoft.com/kb/300847
http://support.microsoft.com/kb/306626
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22851871
not that big a deal to sort out - your issue is going to be port numbers i expect. ISA can only listen for a port ONCE per external IP address. I assume your SBS TS is listed in the rule set above the new w2k3 TS publishing rule? Can you confirm this is the case?
0
 

Author Comment

by:atmdman
ID: 22852024
Yes the rule for SBS TS rule is above the W2k3.  So I need to create another url and have it forward to a different port and have w2k3 isa rule to allow under that port?
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22852859
Not quite - You need to listen externally on a different port (assuming you only have the one external IP address). for example, you could forward port 3390 through your external router to the ISA/SBS box - publish a server that listens on port 3390 but forwards on port 3389 (the normal port) to the new windows server ip address.

For external access you would simply load up rdp/client with the same fqdn but with :3390 on the end. ISA will only listen to ONE occurence of a port number per IP address. As you only have the one IP, you can't listen twice for 3389 on it - so make one 3389 like you have currently and another port listener on 3390.

You may want to change your rules around so the simple one that users have is the default 3389 - and the admins use the one where you need more than one brain cell and have to port the listener port on to the fqdn :)
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 1000 total points
ID: 22852883
If you have TWO external ip's then it is dead simple. Add the second IP onto the ISA external nic - edit your first publish (TS) rule, select the listening interface (external) and click the addresses tab. Pick the IP you want. Make a second publishing (TS) trule and repeat but this time select the second ip address.

Now you can have both on 3389 because each IP address is supporting only ONE publication of 3389
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22951366
Thanks :)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question