Routing custom RDP traffice through ISA Server

Network has SBS 2003 + ISA and a 2003 Server running Terminal Services. The 2003 TS Server listens on custom port 33789 rather than the default 3389.

I need to get into the Terminal Server from the Web.

I have set up a TCP protocol called RDP 33789 and set up 2 rules as follows:

Rule 1: RDP TS Inbound 33789. Action: Allow. Protocols: RDP 33789. From/Listener: External. To: MyTerminalServer. Condition: All Users.

Rule 1: RDP TS Outbound 33789. Action: Allow. Protocols: RDP 33789. From/Listener: MyTerminalServer. To: External. Condition: All Users.

Needless to say, it doen't work.

What am I missing?

Internally I can RDP to the TS on 33789 no problem.
richardbarlowAsked:
Who is Participating?
 
Raj-GTConnect With a Mentor Systems EngineerCommented:
You need to create a Server publishing rule and not an access rule. Also you only need to create one rule for inbound on port 33789. Also make sure your protocol definition is set to listen on TCP 33789 Inbound.

The rule should look like this...
RDP TS Inbound 33789. Action: Allow. Protocols: RDP 33789. From/Listener: External. To: MyTerminalServer.
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
When a Terminal Server is installed on an SBS network, a link will appear in the Remote Web Workplace called "Connect to my Application Server". When users click on that link, there are presented with a list of TS boxes on the domain. They click on the box they need to connect to and they are into their TS session.

Why not use the RWW solution instead?

Philip
0
 
richardbarlowAuthor Commented:
I need a one-click connect method, and RDP is it. Also, a workaround is not a solution.
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Richard,
It is not a workaround. It is a documented feature of SBS and the Remote Web Workplace. We have many production SBS networks where they have a TS box behind SBS 2003, or now TS RemoteApps is possible behind SBS 2008 and RWW .
3389 or any other port listening on the Internet is not an option. TSGrinder.

Philip
0
 
richardbarlowAuthor Commented:
"3389 or any other port listening on the Internet is not an option" - so how do you access RWW ?
0
 
richardbarlowAuthor Commented:
You Beauty! Thank very much
0
 
Raj-GTSystems EngineerCommented:
I agree with Philip here; RWW IS a better solution.
Enabling RWW will not open port 3389 to the internet, ISA will only open the port once a client is successfully authenticated.

Raj
0
 
richardbarlowAuthor Commented:
RWW requires well-known port 4125. A custom RDP port on 62751, or whatever, is far less likely to be attacked / hacked, n'est-ce pas? Succesful authentication on ISA or succesful authentication on RDP is still authentication on the AD database
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.