Solved

Terminal Server Remote Apps access through Internet (From Outside)

Posted on 2013-05-25
7
752 Views
Last Modified: 2013-06-01
Current Configuration situation:
I have configured following two virtual servers.
1) Terminal Server win 2008 R2  (Only Terminal server role)
2) Terminal Server Gateway  win 2008 R2  with RD Web Access role
and I have an ADSL Modem router at home with one Static IP Address which is of course the external IP address of the router.
My router is TECHNICOLOR TG587N V3, in which we have facility for Port forwarding.
I have done port forwarding 443 and 3389 to Terminal Server Gateway (Not  to Terminal Server)
ACCESS FROM INSIDE:   Every thing is working fine and I have checked the MONITORING on TS Gateway server that User first connected to TS Gateway server and then from there can access the Terminal server Remote Apps on Terminal server through Terminal Server web access
ACCESS FROM OUTSIDE / INTERNET / PUBLIC : when I'm typing URL  then I'm getting web login  page . After Login successfully when I'm trying to access the REMOTE APP then I'm getting second time Authentication prompt, after given windows based credentials, its givien me following Error message

Error Message:
computer can't connect to remote computer because the remote desktop gateway server address is unreachable or incorrect. Please provide the correct address or name

SUMMARY:   From inside every thing is working fine but  Remote Apps can't run from outside Or public internet side.
Of course, Windows Firewall is closed on client machines and as well as on both servers.I'm not using any hardware box of Firewall. Only ADSL Router.
MY DEEP THOUGHTS:   Either do I require second Public IP from my ISP and one firewall box for NAT for TS Gateway because
i) How the public client machine (Not a part of domain ) could resolve TS Gateway name FQDN ?
I have created SELF Sign certificate which is working fine on both servers and also been distributed to client machine manually.
Your detailed response will be highly appreciated
Kind Regards
Nazim fayaz
0
Comment
Question by:nazimfayaz76
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39197308
Your port forward from the ADSL router should be for port 443 only. Do not forward 3389. The address of the RD gateway is the same address that you use to access the RD Web server from the internet. Be sure to specify that public Ares in the Rd Web app configuration.
0
 

Author Comment

by:nazimfayaz76
ID: 39197717
Hi Kevinhsieh
Now I forward the port 443 on my TS Gateway. BUT  I didn't understand your above point regarding should be Same address for RD Gateway and RD Web access?
can you elaborate how can i specify or which exact place need to change value for RD Web app configuration?
In my scenario:
i) RD Gateway and RD Web access roles on same server and RD Host server with remote apps is on another server
ii) Have one static Public IP (provided from ISP) which is already fixed on external interface of the ADSL Router /Modem.
iii) From Outside: Typing URL: https://Public IP/rdweb
Getting RD web access page and login successfully but when I click on Remote Apps getting another login prompt ,  after putting again my windows authentication  getting following error message
computer can't connect to remote computer because the remote desktop gateway server address is unreachable or incorrect. Please provide the correct address or name
NOTE: From inside every thing is working fine, while From public internet its Not
your help will be highly appreciated
Kind Regards
Nazimfayaz
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39197740
This article states how to configure Rd Web with the gateway address. The address is the public IP of your gateway server.

Note that depending on your router, you may not be able to access your Rd gateway's public IP address from inside your network.

http://technet.microsoft.com/en-us/library/cc731465.aspx
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 

Author Comment

by:nazimfayaz76
ID: 39198960
Hi kevinhsieh,
your given article didn't help me but as you mentioned above THE ADDRESS IS THE PUBLIC OF MY TS GATEWAY SERVER. its helped me to get clue about:
I Focused the Terminal Server and click on Remote App, then from right hand pane I Choose Gateway server settings, I just thought why I'm mentioning internal / windows FQDN based name of gateway server...I must should type the Public IP here.... then I typed it and tried from outside ...... Working Perfect...  Great thanks of your support.

LAST THING:  I'm trying to avoid by giving  two times authentication for accessing REMOTE APPS from RD WEB ACCESS. I want after login to RD Web access once we click on Remote Apps it shouldn't ask again windows authentication .... Is there a way for it ?
Regards
Nazim fayaz
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39199362
I am glad you got it working.

As to getting single sign on to work, that is a separate question. I don't know if it is possible for unmanaged (non domain joined) devices without individually configuring each one.
0
 

Accepted Solution

by:
nazimfayaz76 earned 0 total points
ID: 39199955
Hi Keninhsieh,
Great thanks of your support.
I'll log as a separate question for single sign On and let see. I agree from you that for non domain machines, its a bit risky to ask single sign On but you know in some organization it could be a strong requirements as its bothering to end user like  Higher management Or director levels.


Regards
Nazim fayaz.
0
 

Author Closing Comment

by:nazimfayaz76
ID: 39212600
With the help of my supporting tech person, I got clue and resolved my TS issue.
Its working fine
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question