Solved

Terminal Server Remote Apps access through Internet (From Outside)

Posted on 2013-05-25
7
747 Views
Last Modified: 2013-06-01
Current Configuration situation:
I have configured following two virtual servers.
1) Terminal Server win 2008 R2  (Only Terminal server role)
2) Terminal Server Gateway  win 2008 R2  with RD Web Access role
and I have an ADSL Modem router at home with one Static IP Address which is of course the external IP address of the router.
My router is TECHNICOLOR TG587N V3, in which we have facility for Port forwarding.
I have done port forwarding 443 and 3389 to Terminal Server Gateway (Not  to Terminal Server)
ACCESS FROM INSIDE:   Every thing is working fine and I have checked the MONITORING on TS Gateway server that User first connected to TS Gateway server and then from there can access the Terminal server Remote Apps on Terminal server through Terminal Server web access
ACCESS FROM OUTSIDE / INTERNET / PUBLIC : when I'm typing URL  then I'm getting web login  page . After Login successfully when I'm trying to access the REMOTE APP then I'm getting second time Authentication prompt, after given windows based credentials, its givien me following Error message

Error Message:
computer can't connect to remote computer because the remote desktop gateway server address is unreachable or incorrect. Please provide the correct address or name

SUMMARY:   From inside every thing is working fine but  Remote Apps can't run from outside Or public internet side.
Of course, Windows Firewall is closed on client machines and as well as on both servers.I'm not using any hardware box of Firewall. Only ADSL Router.
MY DEEP THOUGHTS:   Either do I require second Public IP from my ISP and one firewall box for NAT for TS Gateway because
i) How the public client machine (Not a part of domain ) could resolve TS Gateway name FQDN ?
I have created SELF Sign certificate which is working fine on both servers and also been distributed to client machine manually.
Your detailed response will be highly appreciated
Kind Regards
Nazim fayaz
0
Comment
Question by:nazimfayaz76
  • 4
  • 3
7 Comments
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39197308
Your port forward from the ADSL router should be for port 443 only. Do not forward 3389. The address of the RD gateway is the same address that you use to access the RD Web server from the internet. Be sure to specify that public Ares in the Rd Web app configuration.
0
 

Author Comment

by:nazimfayaz76
ID: 39197717
Hi Kevinhsieh
Now I forward the port 443 on my TS Gateway. BUT  I didn't understand your above point regarding should be Same address for RD Gateway and RD Web access?
can you elaborate how can i specify or which exact place need to change value for RD Web app configuration?
In my scenario:
i) RD Gateway and RD Web access roles on same server and RD Host server with remote apps is on another server
ii) Have one static Public IP (provided from ISP) which is already fixed on external interface of the ADSL Router /Modem.
iii) From Outside: Typing URL: https://Public IP/rdweb
Getting RD web access page and login successfully but when I click on Remote Apps getting another login prompt ,  after putting again my windows authentication  getting following error message
computer can't connect to remote computer because the remote desktop gateway server address is unreachable or incorrect. Please provide the correct address or name
NOTE: From inside every thing is working fine, while From public internet its Not
your help will be highly appreciated
Kind Regards
Nazimfayaz
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39197740
This article states how to configure Rd Web with the gateway address. The address is the public IP of your gateway server.

Note that depending on your router, you may not be able to access your Rd gateway's public IP address from inside your network.

http://technet.microsoft.com/en-us/library/cc731465.aspx
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:nazimfayaz76
ID: 39198960
Hi kevinhsieh,
your given article didn't help me but as you mentioned above THE ADDRESS IS THE PUBLIC OF MY TS GATEWAY SERVER. its helped me to get clue about:
I Focused the Terminal Server and click on Remote App, then from right hand pane I Choose Gateway server settings, I just thought why I'm mentioning internal / windows FQDN based name of gateway server...I must should type the Public IP here.... then I typed it and tried from outside ...... Working Perfect...  Great thanks of your support.

LAST THING:  I'm trying to avoid by giving  two times authentication for accessing REMOTE APPS from RD WEB ACCESS. I want after login to RD Web access once we click on Remote Apps it shouldn't ask again windows authentication .... Is there a way for it ?
Regards
Nazim fayaz
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39199362
I am glad you got it working.

As to getting single sign on to work, that is a separate question. I don't know if it is possible for unmanaged (non domain joined) devices without individually configuring each one.
0
 

Accepted Solution

by:
nazimfayaz76 earned 0 total points
ID: 39199955
Hi Keninhsieh,
Great thanks of your support.
I'll log as a separate question for single sign On and let see. I agree from you that for non domain machines, its a bit risky to ask single sign On but you know in some organization it could be a strong requirements as its bothering to end user like  Higher management Or director levels.


Regards
Nazim fayaz.
0
 

Author Closing Comment

by:nazimfayaz76
ID: 39212600
With the help of my supporting tech person, I got clue and resolved my TS issue.
Its working fine
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Folder Replication 4 81
Freeproxy running on Server 2012 R2 2 121
Simultaneous work of Wi-Fi and LAN on Win10 laptop 4 58
Need network only 1 user? 10 68
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question