kulisncc
asked on
TS Web Access?
I am trying to help a buddy of mine who is a small business owner set up a Windows 2008 Server at his place of business. He has a few employees that work for him at his CPA firm that travel quite a bit and need to access application(s) remotely on the server. I have never configured TS Web Access before and it would be great if any of you could help a brother out. What needs to happen apparently is that the employees will need to gain access to my buddy's website from their laptops, click on either a link or an application icon that then runs an application like Quick Books remotely on the 2008 Terminal Server over a secured connection. My buddy has a static IP set up with the ISP so that is taken care of and his website is up and functional. He uses DSL in his office and a wireless router is connected to that. I have configured the DSL modem and his wireless router and set up his server which is a PowerEdge T100 with a reserved IP. The DSL modem is also configured as the acting DHCP server in this environment and uses PPoE to connect and authenticate to the ISP. I did not upgrade the server to an AD DC since it is not some large corporate environment, not even a mid size corporate environment. In fact, it is just him in the office and his employees just work from home and there is only around 3 or 4 of them. IIS 7 is running on the server also and I do not have extensive knowledge regarding this technology. My buddy initially had a consulting company attempt to set this up for him but the company was sitting on the job for 6 months or so without really doing much at all and so he just cancelled the account and got his server back from them. He then called me up and I said I would take a look at it and try and configure to the best of my ability. He is a good guy and I just want to help him out so he can have a productive little business. Going over the Invoice from the consulting company it shows that the SSL certificates were already ordered and I found those located on the server in a directory on a separate drive. Also on the Invoice it reads "Starting work on TS Remote Apps but need to get list from 'my buddy' and get proper SKU for a pair of retail Win Server 2008 RDS CALs." Apparently the CALs were never ordered since he cancelled the service with the consulting company and this is where I am at right now. Let me recap here about what my buddy wants to happen again:
1. Have employees access the public website from home or anywhere on their portable systems
2. Click on perhaps a Quick Books icon on the website that will open a secured session to the internal PowerEdge T100 (Windows Server 2008 Standard with Service Pack 2) in his office to run the QB application installed on the server.
Just so you don't think I am being lazy and trying to piggyback off of your knowledge, I am researching all this right now on the following sites:
- http://www.microsoft.com/windowsserver2008/en/us/rds-product-licensing.aspx
- http://technet.microsoft.com/en-us/library/cc771623.aspx
Thanks everyone. As always, I appreciate your help.
1. Have employees access the public website from home or anywhere on their portable systems
2. Click on perhaps a Quick Books icon on the website that will open a secured session to the internal PowerEdge T100 (Windows Server 2008 Standard with Service Pack 2) in his office to run the QB application installed on the server.
Just so you don't think I am being lazy and trying to piggyback off of your knowledge, I am researching all this right now on the following sites:
- http://www.microsoft.com/windowsserver2008/en/us/rds-product-licensing.aspx
- http://technet.microsoft.com/en-us/library/cc771623.aspx
Thanks everyone. As always, I appreciate your help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks guys I appreciate your help. I am going back over to my buddies place of business today and I will use the information given. I will let you know how it turns out.
ASKER
TS Web Access looks likes it is working on the internal side of the firewall. I am just trying to get it configured to be accessible externally. I just read on Microsoft's site that: "The server name must match what is specified in the SSL certificate for the TS Gateway server." I will go back and do a check on the TS Gateway Server settings. I will let you know how it turns out.
Ok.
Yes,
"The server name must match what is specified in the SSL certificate for the TS Gateway server."
"The server name must match what is specified in the SSL certificate for the TS Gateway server."
ASKER
Well I am confused as to what is going on now. The individual who initially tried to set this up configured an SSL cerfiticate on the server purchased from Go Daddy. Looking at the certificate I see the name but the name in the certificate is not the actual computer name of the server. When typing in what I see in the certificate in a web browser it redirects me to the ADSL router. On my buddies Go Daddy account I see that the server name is pointing to his static IP that the ISP gave him which just takes you to the ADSL router sitting next to his printer. So, am I assuming correctly that the individual screwed up when setting up the SSL certificate and inidicating the static public IP that the ISP gave him? Am I supposed to call up Go Daddy and have them correct the information? Like I said before I have not done this before so I appreciate your help. Thanks
When a certificate request is created (to later create the actual certificate) you are asked for the FQDN that is the name users will use to connect to that box like server.mycompany.com. If you enter an IP address (what seems to be the case) you are toasted basically. Some places may issue you a new one at no cost; others will simply ask you to buy another certificate.
Once you have the correct certificate all you do is to install it on the server and then configure your firewall to send the correct ports to that server.
Simple as that.
Cláudio Rodrigues
Citrix CTP
Once you have the correct certificate all you do is to install it on the server and then configure your firewall to send the correct ports to that server.
Simple as that.
Cláudio Rodrigues
Citrix CTP
ASKER
On my friends Go Daddy account the server name (server.mycompany.com) points to his ISP static IP. The server IP is just a 192.168 non routable address within the LAN. I type in the following: http://server.mycompany.com and it takes me to his ADSL router. I type in https://server.mycompany.com and it shows as a dead site because it cannot find the SSL certificate located on the server because it cannot find the server. When you say "configure your firewall to send the correct ports to that server" are you referring to port triggering or port forwarding? I did configure ports 80, 8080 and 3389.
Port forwarding. HTTPS uses 443. You must add that.
Cláudio Rodrigues
Citrix CTP
Cláudio Rodrigues
Citrix CTP
ASKER
i meant 443 sorry.
ASKER
ok i am getting irritated now. Here at my buddies he has an ADSL modem, connected to that he has a belkin wireless router. I configured NAT virtual servers on the ADSL router to allow ports 3389 and 443 to pass through. I then allowed the same on the belkin wirelss router. I know he has to purchase the TS CALs and I will configure them in TS Licensing Manager in order for the users to be able to use TS Web Access and the Remote Apps I have configured, but is there any way I can check to see if any packets are making it through the ADSL modem and the Belkin wireless router to ensure that the users can connect to Terminal Services running on the 2008 Server? Since he has a static IP set up for him by the ISP, I tried to do the following: http://<staticIP>:3389, but with no luck. How can I check to see if this is working properly so people can start remotely accessing these apps I have configured? Thanks everyone I appreciate your help.
ASKER
nevermind the above i finally was able to remote into the server from home to ensure that connectivity was successful. Now all i think i need for my buddy to do is just purchase the TS CALs for his users and configure this in the TS Licensing Manager. I will keep you guys abreast of my success or failures. I made a rhyme that was kinda cool. Thanks for your support again and I will let you know how it goes since I am going back tomorrow.
ASKER
I can access TS Web Access fine now but when i try to run one of the Remote Apps i get the following error:
The Remote computer could not be found. Please contact your helpdesk about this error.
Is this possibly due to the Windows Firewall blocking inbound connections on the server?
The Remote computer could not be found. Please contact your helpdesk about this error.
Is this possibly due to the Windows Firewall blocking inbound connections on the server?
ASKER
well that cant be it because remember i disabled the firewall on the server to test connectivity. The TS Web Access Computers group is empty so maybe that it is or what do you think Cláudio? However, the server is not running Active Directory or connected to an Active Directory network and the TS Web Access server and the Remote Desktop Session Host (RD Session Host) server that hosts the RemoteApp programs are ON ONE server. So Cláudio my friend, what advice can you serve me buddy? muchas gracias bro.
ASKER
my buddy does not have 2008 R2 so when I said "Remote Desktop Session Host (RD Session Host) server" above I actually meant Terminal Services Gateway (TS Gateway) sorry.
ASKER
okay i figured it out. I had to enable Microsoft Terminal Services Client Control and then the TS Web Access popped up with all the remote apps completely visible. Hey Cláudio, you are badass bro and I am going to give all the points to you because you led me in all the right directions. Thanks dude.
Thanks man. Appreciated.
Cláudio Rodrigues
Citrix CTP
Cláudio Rodrigues
Citrix CTP
Please check below links:
1. http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Terminal-Services-Gateway-Part1.html
2. http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Terminal-Services-Gateway-Part2.html
Thank you.