Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1345
  • Last Modified:

Routing custom RDP traffice through ISA Server

Network has SBS 2003 + ISA and a 2003 Server running Terminal Services. The 2003 TS Server listens on custom port 33789 rather than the default 3389.

I need to get into the Terminal Server from the Web.

I have set up a TCP protocol called RDP 33789 and set up 2 rules as follows:

Rule 1: RDP TS Inbound 33789. Action: Allow. Protocols: RDP 33789. From/Listener: External. To: MyTerminalServer. Condition: All Users.

Rule 1: RDP TS Outbound 33789. Action: Allow. Protocols: RDP 33789. From/Listener: MyTerminalServer. To: External. Condition: All Users.

Needless to say, it doen't work.

What am I missing?

Internally I can RDP to the TS on 33789 no problem.
0
richardbarlow
Asked:
richardbarlow
  • 4
  • 2
  • 2
1 Solution
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
When a Terminal Server is installed on an SBS network, a link will appear in the Remote Web Workplace called "Connect to my Application Server". When users click on that link, there are presented with a list of TS boxes on the domain. They click on the box they need to connect to and they are into their TS session.

Why not use the RWW solution instead?

Philip
0
 
richardbarlowAuthor Commented:
I need a one-click connect method, and RDP is it. Also, a workaround is not a solution.
0
 
Raj-GTSystems EngineerCommented:
You need to create a Server publishing rule and not an access rule. Also you only need to create one rule for inbound on port 33789. Also make sure your protocol definition is set to listen on TCP 33789 Inbound.

The rule should look like this...
RDP TS Inbound 33789. Action: Allow. Protocols: RDP 33789. From/Listener: External. To: MyTerminalServer.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Richard,
It is not a workaround. It is a documented feature of SBS and the Remote Web Workplace. We have many production SBS networks where they have a TS box behind SBS 2003, or now TS RemoteApps is possible behind SBS 2008 and RWW .
3389 or any other port listening on the Internet is not an option. TSGrinder.

Philip
0
 
richardbarlowAuthor Commented:
"3389 or any other port listening on the Internet is not an option" - so how do you access RWW ?
0
 
richardbarlowAuthor Commented:
You Beauty! Thank very much
0
 
Raj-GTSystems EngineerCommented:
I agree with Philip here; RWW IS a better solution.
Enabling RWW will not open port 3389 to the internet, ISA will only open the port once a client is successfully authenticated.

Raj
0
 
richardbarlowAuthor Commented:
RWW requires well-known port 4125. A custom RDP port on 62751, or whatever, is far less likely to be attacked / hacked, n'est-ce pas? Succesful authentication on ISA or succesful authentication on RDP is still authentication on the AD database
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 4
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now