Solved

implementing remote desktop (Terminal Services web access) and domain on server 2008

Posted on 2010-09-12
6
543 Views
Last Modified: 2013-11-30
hi,
I am the network administrator for a small private school. I am actually a teacher that has learned how to set up a network at my school. I'm running a terminal server 2008 environment. Started out with NT 4 if that says anything ;).

Because of our lack of funds our domain controller, terminal server, DNS server, DHCP server, etc. is all in one box. We are not too worried about security because the only thing that is on our server is basic programs needed for teaching computer and our personal documents. I've already heard about the many security issues with having everything in one box but that is not my concern.

Okay... now that we have that out of the way...

In my original domain set up I used a "business.local" name for my domain. However, now I want to implement remote web access (TS Web Access) for our server.  

My question is, what do I need to do to make this happen? In other words, what order do I need to proceed?

I have already installed the services necessary via Microsoft Web platform installer 2.0 and I was just completing a server certificate request (SSL) when I realize I have to have a "real" domain name.

Our school has a domain "esja.org" that is registered with Webula.com and the domain is currently being hosted on a provided school system site. I have also setup google apps with our school and have forwarded the appropriate subdomains to google...

so... I was considering the subdomain name server.esja.org for our server and configuring that as a cname at Webula.com

any guidance or help would be appreciated
0
Comment
Question by:ambantin
6 Comments
 
LVL 4

Expert Comment

by:timhodkin
ID: 33656389
Depending on who is using the server you don't have to have the full SSL setup.
If you and possibly 1-2 other people are using it just to administer the server then i wouldn't bother. Just install the self certified certificate onto the local PC's.

I would howerver setup the A record for the domain server.domain.name, remote.domain.name etc. This makes it a lot easier to use.

Here is a step by step from M$ on the setup procedure. See if you can get it running using this:

Step By step guide:
http://technet.microsoft.com/en-us/library/cc730673%28WS.10%29.aspx

0
 
LVL 8

Expert Comment

by:pvlier
ID: 33656403
The basic plan:
1. If using SSL buy a sertificate (server.esja.org)
2. create an entry in the domain dns for server.esja.org and point it to the external IP of your internet connection
3. Forward port 3389 from your internetrouter to the internal ip of your server
4. Configure terminal services and usersrights
0
 

Author Comment

by:ambantin
ID: 33657002
1. If using SSL buy a sertificate (server.esja.org)

OK used a service to create a SSL and have installed it.

2. create an entry in the domain dns for server.esja.org and point it to the external IP of your internet connection

Our school has a dynamic IP address (previously just used for plain internet access). So, as a workaround I have set up an account with dyndns.com and have chosen one of their domains for forwarding (esja.gotdns.com) And I entered that into my domain DNS as a forwarding URL. Now when I type server.esja.org it takes me to my VoIP routers GUI screen (I have my VoIP router setup on the DMZ) so at least I'm getting to my router..

3. Forward port 3389 from your internetrouter to the internal ip of your server

I set up a forward on 3389 to my server... when I open RD on my client I am able to access my login screen by esja.gotdns,com:3389     However server.esja.org does not work... Not sure what to do with this part...


4. Configure terminal services and usersrights

already done
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 17

Expert Comment

by:kadadi_v
ID: 33661394
0
 
LVL 8

Accepted Solution

by:
pvlier earned 500 total points
ID: 33665609
Hi Ambantin,
I didn't realize you didn't have a static IP. We've dont lot's of work for schools and they all had static ip's because they were connected to a special school-aimed internet-network.
Are you getting an error message when connecting to esja.gotdns.com? You should if using the SSL option. The problem now is that your certificate name doesn't match the server name (server.esja.org <> esja.gotdns.com).
Back to the 'server.esja.org does not work' problem... The redirect you setup only works for the HTTP(s) protocol. When using a browser you get redirected to esja.gotdns.com because the webserver where server.esja.org is located tells your browser to go to esja.gotdns.com instead. However it does not tell your RDP client sofware which tries to connect on port 3389 to the ip of server.esja.org (which is located your WEBSERVER and not your school) to redirect... this is because of the rdp protocol instead of the http(s) protocol.
What you need to do is remove the redirect, delete the server.esja.org record and create a new CNAME record for server.esja.org which points to esja.gotdns.com. the CNAME dns record the 'redirect' method for names.... Could be you get into trouble with the certificate name again because the rdp software want's to have the 'endpoint' name on the certificate which is esja.gotdns.com. But not sure about that... The cname should fix the 'server.ejsa.org not working' issue...
Please mind it could take minutes to a couple of hours for your ISP's dns to pickup the changes to the server.esja.org dns record and until then your computer doesn't know of the change. you'll have to wait...
0
 

Author Closing Comment

by:ambantin
ID: 33914638
dyndns.com works great... forwarding the port to my server was the answer
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Windows 7 Share with XP 22 70
MOVING OFFICE / SERVER 22 74
sync conflicts 1 27
Allow Local User to Log On FTP 8 33
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now