Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Terminal Server Remote Apps access through Internet (From Outside)

Posted on 2013-05-25
7
Medium Priority
?
758 Views
Last Modified: 2013-06-01
Current Configuration situation:
I have configured following two virtual servers.
1) Terminal Server win 2008 R2  (Only Terminal server role)
2) Terminal Server Gateway  win 2008 R2  with RD Web Access role
and I have an ADSL Modem router at home with one Static IP Address which is of course the external IP address of the router.
My router is TECHNICOLOR TG587N V3, in which we have facility for Port forwarding.
I have done port forwarding 443 and 3389 to Terminal Server Gateway (Not  to Terminal Server)
ACCESS FROM INSIDE:   Every thing is working fine and I have checked the MONITORING on TS Gateway server that User first connected to TS Gateway server and then from there can access the Terminal server Remote Apps on Terminal server through Terminal Server web access
ACCESS FROM OUTSIDE / INTERNET / PUBLIC : when I'm typing URL  then I'm getting web login  page . After Login successfully when I'm trying to access the REMOTE APP then I'm getting second time Authentication prompt, after given windows based credentials, its givien me following Error message

Error Message:
computer can't connect to remote computer because the remote desktop gateway server address is unreachable or incorrect. Please provide the correct address or name

SUMMARY:   From inside every thing is working fine but  Remote Apps can't run from outside Or public internet side.
Of course, Windows Firewall is closed on client machines and as well as on both servers.I'm not using any hardware box of Firewall. Only ADSL Router.
MY DEEP THOUGHTS:   Either do I require second Public IP from my ISP and one firewall box for NAT for TS Gateway because
i) How the public client machine (Not a part of domain ) could resolve TS Gateway name FQDN ?
I have created SELF Sign certificate which is working fine on both servers and also been distributed to client machine manually.
Your detailed response will be highly appreciated
Kind Regards
Nazim fayaz
0
Comment
Question by:nazimfayaz76
  • 4
  • 3
7 Comments
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39197308
Your port forward from the ADSL router should be for port 443 only. Do not forward 3389. The address of the RD gateway is the same address that you use to access the RD Web server from the internet. Be sure to specify that public Ares in the Rd Web app configuration.
0
 

Author Comment

by:nazimfayaz76
ID: 39197717
Hi Kevinhsieh
Now I forward the port 443 on my TS Gateway. BUT  I didn't understand your above point regarding should be Same address for RD Gateway and RD Web access?
can you elaborate how can i specify or which exact place need to change value for RD Web app configuration?
In my scenario:
i) RD Gateway and RD Web access roles on same server and RD Host server with remote apps is on another server
ii) Have one static Public IP (provided from ISP) which is already fixed on external interface of the ADSL Router /Modem.
iii) From Outside: Typing URL: https://Public IP/rdweb
Getting RD web access page and login successfully but when I click on Remote Apps getting another login prompt ,  after putting again my windows authentication  getting following error message
computer can't connect to remote computer because the remote desktop gateway server address is unreachable or incorrect. Please provide the correct address or name
NOTE: From inside every thing is working fine, while From public internet its Not
your help will be highly appreciated
Kind Regards
Nazimfayaz
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39197740
This article states how to configure Rd Web with the gateway address. The address is the public IP of your gateway server.

Note that depending on your router, you may not be able to access your Rd gateway's public IP address from inside your network.

http://technet.microsoft.com/en-us/library/cc731465.aspx
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:nazimfayaz76
ID: 39198960
Hi kevinhsieh,
your given article didn't help me but as you mentioned above THE ADDRESS IS THE PUBLIC OF MY TS GATEWAY SERVER. its helped me to get clue about:
I Focused the Terminal Server and click on Remote App, then from right hand pane I Choose Gateway server settings, I just thought why I'm mentioning internal / windows FQDN based name of gateway server...I must should type the Public IP here.... then I typed it and tried from outside ...... Working Perfect...  Great thanks of your support.

LAST THING:  I'm trying to avoid by giving  two times authentication for accessing REMOTE APPS from RD WEB ACCESS. I want after login to RD Web access once we click on Remote Apps it shouldn't ask again windows authentication .... Is there a way for it ?
Regards
Nazim fayaz
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 39199362
I am glad you got it working.

As to getting single sign on to work, that is a separate question. I don't know if it is possible for unmanaged (non domain joined) devices without individually configuring each one.
0
 

Accepted Solution

by:
nazimfayaz76 earned 0 total points
ID: 39199955
Hi Keninhsieh,
Great thanks of your support.
I'll log as a separate question for single sign On and let see. I agree from you that for non domain machines, its a bit risky to ask single sign On but you know in some organization it could be a strong requirements as its bothering to end user like  Higher management Or director levels.


Regards
Nazim fayaz.
0
 

Author Closing Comment

by:nazimfayaz76
ID: 39212600
With the help of my supporting tech person, I got clue and resolved my TS issue.
Its working fine
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question