Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

implementing remote desktop (Terminal Services web access) and domain on server 2008

Posted on 2010-09-12
6
Medium Priority
?
555 Views
Last Modified: 2013-11-30
hi,
I am the network administrator for a small private school. I am actually a teacher that has learned how to set up a network at my school. I'm running a terminal server 2008 environment. Started out with NT 4 if that says anything ;).

Because of our lack of funds our domain controller, terminal server, DNS server, DHCP server, etc. is all in one box. We are not too worried about security because the only thing that is on our server is basic programs needed for teaching computer and our personal documents. I've already heard about the many security issues with having everything in one box but that is not my concern.

Okay... now that we have that out of the way...

In my original domain set up I used a "business.local" name for my domain. However, now I want to implement remote web access (TS Web Access) for our server.  

My question is, what do I need to do to make this happen? In other words, what order do I need to proceed?

I have already installed the services necessary via Microsoft Web platform installer 2.0 and I was just completing a server certificate request (SSL) when I realize I have to have a "real" domain name.

Our school has a domain "esja.org" that is registered with Webula.com and the domain is currently being hosted on a provided school system site. I have also setup google apps with our school and have forwarded the appropriate subdomains to google...

so... I was considering the subdomain name server.esja.org for our server and configuring that as a cname at Webula.com

any guidance or help would be appreciated
0
Comment
Question by:ambantin
6 Comments
 
LVL 4

Expert Comment

by:timhodkin
ID: 33656389
Depending on who is using the server you don't have to have the full SSL setup.
If you and possibly 1-2 other people are using it just to administer the server then i wouldn't bother. Just install the self certified certificate onto the local PC's.

I would howerver setup the A record for the domain server.domain.name, remote.domain.name etc. This makes it a lot easier to use.

Here is a step by step from M$ on the setup procedure. See if you can get it running using this:

Step By step guide:
http://technet.microsoft.com/en-us/library/cc730673%28WS.10%29.aspx

0
 
LVL 8

Expert Comment

by:pvlier
ID: 33656403
The basic plan:
1. If using SSL buy a sertificate (server.esja.org)
2. create an entry in the domain dns for server.esja.org and point it to the external IP of your internet connection
3. Forward port 3389 from your internetrouter to the internal ip of your server
4. Configure terminal services and usersrights
0
 

Author Comment

by:ambantin
ID: 33657002
1. If using SSL buy a sertificate (server.esja.org)

OK used a service to create a SSL and have installed it.

2. create an entry in the domain dns for server.esja.org and point it to the external IP of your internet connection

Our school has a dynamic IP address (previously just used for plain internet access). So, as a workaround I have set up an account with dyndns.com and have chosen one of their domains for forwarding (esja.gotdns.com) And I entered that into my domain DNS as a forwarding URL. Now when I type server.esja.org it takes me to my VoIP routers GUI screen (I have my VoIP router setup on the DMZ) so at least I'm getting to my router..

3. Forward port 3389 from your internetrouter to the internal ip of your server

I set up a forward on 3389 to my server... when I open RD on my client I am able to access my login screen by esja.gotdns,com:3389     However server.esja.org does not work... Not sure what to do with this part...


4. Configure terminal services and usersrights

already done
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Accepted Solution

by:
pvlier earned 2000 total points
ID: 33665609
Hi Ambantin,
I didn't realize you didn't have a static IP. We've dont lot's of work for schools and they all had static ip's because they were connected to a special school-aimed internet-network.
Are you getting an error message when connecting to esja.gotdns.com? You should if using the SSL option. The problem now is that your certificate name doesn't match the server name (server.esja.org <> esja.gotdns.com).
Back to the 'server.esja.org does not work' problem... The redirect you setup only works for the HTTP(s) protocol. When using a browser you get redirected to esja.gotdns.com because the webserver where server.esja.org is located tells your browser to go to esja.gotdns.com instead. However it does not tell your RDP client sofware which tries to connect on port 3389 to the ip of server.esja.org (which is located your WEBSERVER and not your school) to redirect... this is because of the rdp protocol instead of the http(s) protocol.
What you need to do is remove the redirect, delete the server.esja.org record and create a new CNAME record for server.esja.org which points to esja.gotdns.com. the CNAME dns record the 'redirect' method for names.... Could be you get into trouble with the certificate name again because the rdp software want's to have the 'endpoint' name on the certificate which is esja.gotdns.com. But not sure about that... The cname should fix the 'server.ejsa.org not working' issue...
Please mind it could take minutes to a couple of hours for your ISP's dns to pickup the changes to the server.esja.org dns record and until then your computer doesn't know of the change. you'll have to wait...
0
 

Author Closing Comment

by:ambantin
ID: 33914638
dyndns.com works great... forwarding the port to my server was the answer
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question