Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 763
  • Last Modified:

Terminal Server Remote Apps access through Internet (From Outside)

Current Configuration situation:
I have configured following two virtual servers.
1) Terminal Server win 2008 R2  (Only Terminal server role)
2) Terminal Server Gateway  win 2008 R2  with RD Web Access role
and I have an ADSL Modem router at home with one Static IP Address which is of course the external IP address of the router.
My router is TECHNICOLOR TG587N V3, in which we have facility for Port forwarding.
I have done port forwarding 443 and 3389 to Terminal Server Gateway (Not  to Terminal Server)
ACCESS FROM INSIDE:   Every thing is working fine and I have checked the MONITORING on TS Gateway server that User first connected to TS Gateway server and then from there can access the Terminal server Remote Apps on Terminal server through Terminal Server web access
ACCESS FROM OUTSIDE / INTERNET / PUBLIC : when I'm typing URL  then I'm getting web login  page . After Login successfully when I'm trying to access the REMOTE APP then I'm getting second time Authentication prompt, after given windows based credentials, its givien me following Error message

Error Message:
computer can't connect to remote computer because the remote desktop gateway server address is unreachable or incorrect. Please provide the correct address or name

SUMMARY:   From inside every thing is working fine but  Remote Apps can't run from outside Or public internet side.
Of course, Windows Firewall is closed on client machines and as well as on both servers.I'm not using any hardware box of Firewall. Only ADSL Router.
MY DEEP THOUGHTS:   Either do I require second Public IP from my ISP and one firewall box for NAT for TS Gateway because
i) How the public client machine (Not a part of domain ) could resolve TS Gateway name FQDN ?
I have created SELF Sign certificate which is working fine on both servers and also been distributed to client machine manually.
Your detailed response will be highly appreciated
Kind Regards
Nazim fayaz
0
nazimfayaz76
Asked:
nazimfayaz76
  • 4
  • 3
1 Solution
 
kevinhsiehCommented:
Your port forward from the ADSL router should be for port 443 only. Do not forward 3389. The address of the RD gateway is the same address that you use to access the RD Web server from the internet. Be sure to specify that public Ares in the Rd Web app configuration.
0
 
nazimfayaz76Author Commented:
Hi Kevinhsieh
Now I forward the port 443 on my TS Gateway. BUT  I didn't understand your above point regarding should be Same address for RD Gateway and RD Web access?
can you elaborate how can i specify or which exact place need to change value for RD Web app configuration?
In my scenario:
i) RD Gateway and RD Web access roles on same server and RD Host server with remote apps is on another server
ii) Have one static Public IP (provided from ISP) which is already fixed on external interface of the ADSL Router /Modem.
iii) From Outside: Typing URL: https://Public IP/rdweb
Getting RD web access page and login successfully but when I click on Remote Apps getting another login prompt ,  after putting again my windows authentication  getting following error message
computer can't connect to remote computer because the remote desktop gateway server address is unreachable or incorrect. Please provide the correct address or name
NOTE: From inside every thing is working fine, while From public internet its Not
your help will be highly appreciated
Kind Regards
Nazimfayaz
0
 
kevinhsiehCommented:
This article states how to configure Rd Web with the gateway address. The address is the public IP of your gateway server.

Note that depending on your router, you may not be able to access your Rd gateway's public IP address from inside your network.

http://technet.microsoft.com/en-us/library/cc731465.aspx
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
nazimfayaz76Author Commented:
Hi kevinhsieh,
your given article didn't help me but as you mentioned above THE ADDRESS IS THE PUBLIC OF MY TS GATEWAY SERVER. its helped me to get clue about:
I Focused the Terminal Server and click on Remote App, then from right hand pane I Choose Gateway server settings, I just thought why I'm mentioning internal / windows FQDN based name of gateway server...I must should type the Public IP here.... then I typed it and tried from outside ...... Working Perfect...  Great thanks of your support.

LAST THING:  I'm trying to avoid by giving  two times authentication for accessing REMOTE APPS from RD WEB ACCESS. I want after login to RD Web access once we click on Remote Apps it shouldn't ask again windows authentication .... Is there a way for it ?
Regards
Nazim fayaz
0
 
kevinhsiehCommented:
I am glad you got it working.

As to getting single sign on to work, that is a separate question. I don't know if it is possible for unmanaged (non domain joined) devices without individually configuring each one.
0
 
nazimfayaz76Author Commented:
Hi Keninhsieh,
Great thanks of your support.
I'll log as a separate question for single sign On and let see. I agree from you that for non domain machines, its a bit risky to ask single sign On but you know in some organization it could be a strong requirements as its bothering to end user like  Higher management Or director levels.


Regards
Nazim fayaz.
0
 
nazimfayaz76Author Commented:
With the help of my supporting tech person, I got clue and resolved my TS issue.
Its working fine
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now