Solved

External Connection to W2K3 Terminal Server as part of SBS2003 Domain

Posted on 2008-10-31
6
394 Views
Last Modified: 2012-06-27
I am trying to figure out how to set up external connection to Termainal Server for users. I brought in a second server running W2K3 and added it to part of the domain of the SBS2003.  I am able to connect via Remote Desktop internally (Server name and ip) but cant to seem how to figure out how mobile users can get access.  I want to keep the ability of having Terminal Server for the SBS2003 server for administrators roles but have everyone else going to W2K3.  We have ISA rules to allow for access so currently access but when ever we connect i can only get the SBS server rather than the W2k3

Have looked and cant seem to find anything.  How do you configure this for external access?

We are running SBS 2003 R2 with ISA 2004.  

ipconfig /all

LAC
physical .......               0019-b9-ec-68-32
DHCP endabled           No
Ip addr                         192.168.16.2
Subnet mask               255.255.255.0
Default Gateway
DNS Server                  192.168.16.2
Primary WINS Server   192.168.16.2

Network Connections
Physical Addr                00-19-b9-ec-68-34
DHCP endabled           No
Ip addr                         67.79.193.74
Subnet mask               255.255.255.0
Default Gateway         67.79.193.73
DNS Server                  192.168.16.2
NetBios over Tcpip      Disabled

Secondary server running W2K3 - 192.168.16.32
0
Comment
Question by:atmdman
  • 4
6 Comments
 
LVL 24

Expert Comment

by:ryansoto
ID: 22851845
Externally you shoudl set up a name such as ts.domainname.com and point it to the external interface of your firewall.
You then need to configure yoru firewall to allow traffic on port 3389  and forward to the internal IP of the terminal server.
This will get access going ... from the network standpoint.
Next you need to put all the members you want to allow access to the terminal server in the remote users group.  This will allow access from the windows standpoint.

Here are some articles you should read over...
You just cant install applications they same way your used to they have to be installed a special way.  Also configuration is critical to making a TS work well

http://technet.microsoft.com/en-us/library/cc779334.aspx
http://support.microsoft.com/kb/300847
http://support.microsoft.com/kb/306626
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22851871
not that big a deal to sort out - your issue is going to be port numbers i expect. ISA can only listen for a port ONCE per external IP address. I assume your SBS TS is listed in the rule set above the new w2k3 TS publishing rule? Can you confirm this is the case?
0
 

Author Comment

by:atmdman
ID: 22852024
Yes the rule for SBS TS rule is above the W2k3.  So I need to create another url and have it forward to a different port and have w2k3 isa rule to allow under that port?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22852859
Not quite - You need to listen externally on a different port (assuming you only have the one external IP address). for example, you could forward port 3390 through your external router to the ISA/SBS box - publish a server that listens on port 3390 but forwards on port 3389 (the normal port) to the new windows server ip address.

For external access you would simply load up rdp/client with the same fqdn but with :3390 on the end. ISA will only listen to ONE occurence of a port number per IP address. As you only have the one IP, you can't listen twice for 3389 on it - so make one 3389 like you have currently and another port listener on 3390.

You may want to change your rules around so the simple one that users have is the default 3389 - and the admins use the one where you need more than one brain cell and have to port the listener port on to the fqdn :)
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 250 total points
ID: 22852883
If you have TWO external ip's then it is dead simple. Add the second IP onto the ISA external nic - edit your first publish (TS) rule, select the listening interface (external) and click the addresses tab. Pick the IP you want. Make a second publishing (TS) trule and repeat but this time select the second ip address.

Now you can have both on 3389 because each IP address is supporting only ONE publication of 3389
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22951366
Thanks :)
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now