We help IT Professionals succeed at work.

Can't Remote Desktop to Forefront TMG Server


I'm unable to remote desktop to my forefront TMG server running on server 2008 enterprise R2. Initially when I setup this server I was able to remote desktop to it. Though after a while remote desktop didn't work.

Allow connections only from computers running remote desktop with network level authentication is turned on. To get around this problem I had changed the port in the registry from 3389 to 3390 and this allowed me to connect. After restarting the server however I am no longer able to access it via remote desktop.

Any ideas how to fix this? I've tried adding rules in forefront to allow rdp to the server but this has made no difference.

Watch Question


Have already tried that, didn't fix it.
Restarted the server today and remote desktop worked after reboot.


I have a small lab and have RDP published as a non-web service to allow RDP to a specific management node from the outside world. I have the same problem, that rebooting the TMG server effectively disables RDP connections that originate from the internal network until I restart the "Microsoft Forefront TMG Firewall" service. Since I havent had much luck with a scheduled task set to run at startup, I thought I'd provide this simple .exe script that takes the guesswork out of it. The problem I had was a timing issue. If the TMG Firewall service was attempted to stop/start before it was completely initialized or any of its dependent services were started there were adverse consiquences. I created a new scheduled task using the .exe script to run as the "SYSTEM" account and now internal RDP is working following each test reboot to confirm.

If anyone is interested I've provided the .exe script for download here http://www.box.net/shared/6but6o1ex2 (also attached to this post). It's a .NET 4.0 project that uses the ServiceControllerStatus class to check the status of the dependent services and stop/start the TMG Firewall service once everything has stabilized. I've provided the pre-compiled .exe for convenience. I understand anyone's concern over running an unkown executable on their firewall. If you would like the original .NET solution in .zip or .rar format, please send me a provate e-mail request and I'll be happy to provide it.