Solved

Terminal Server Remote Apps access through Internet (From Outside)

Posted on 2013-05-25
7
736 Views
Last Modified: 2013-06-01
Current Configuration situation:
I have configured following two virtual servers.
1) Terminal Server win 2008 R2  (Only Terminal server role)
2) Terminal Server Gateway  win 2008 R2  with RD Web Access role
and I have an ADSL Modem router at home with one Static IP Address which is of course the external IP address of the router.
My router is TECHNICOLOR TG587N V3, in which we have facility for Port forwarding.
I have done port forwarding 443 and 3389 to Terminal Server Gateway (Not  to Terminal Server)
ACCESS FROM INSIDE:   Every thing is working fine and I have checked the MONITORING on TS Gateway server that User first connected to TS Gateway server and then from there can access the Terminal server Remote Apps on Terminal server through Terminal Server web access
ACCESS FROM OUTSIDE / INTERNET / PUBLIC : when I'm typing URL  then I'm getting web login  page . After Login successfully when I'm trying to access the REMOTE APP then I'm getting second time Authentication prompt, after given windows based credentials, its givien me following Error message

Error Message:
computer can't connect to remote computer because the remote desktop gateway server address is unreachable or incorrect. Please provide the correct address or name

SUMMARY:   From inside every thing is working fine but  Remote Apps can't run from outside Or public internet side.
Of course, Windows Firewall is closed on client machines and as well as on both servers.I'm not using any hardware box of Firewall. Only ADSL Router.
MY DEEP THOUGHTS:   Either do I require second Public IP from my ISP and one firewall box for NAT for TS Gateway because
i) How the public client machine (Not a part of domain ) could resolve TS Gateway name FQDN ?
I have created SELF Sign certificate which is working fine on both servers and also been distributed to client machine manually.
Your detailed response will be highly appreciated
Kind Regards
Nazim fayaz
0
Comment
Question by:nazimfayaz76
  • 4
  • 3
7 Comments
 
LVL 42

Expert Comment

by:kevinhsieh
Comment Utility
Your port forward from the ADSL router should be for port 443 only. Do not forward 3389. The address of the RD gateway is the same address that you use to access the RD Web server from the internet. Be sure to specify that public Ares in the Rd Web app configuration.
0
 

Author Comment

by:nazimfayaz76
Comment Utility
Hi Kevinhsieh
Now I forward the port 443 on my TS Gateway. BUT  I didn't understand your above point regarding should be Same address for RD Gateway and RD Web access?
can you elaborate how can i specify or which exact place need to change value for RD Web app configuration?
In my scenario:
i) RD Gateway and RD Web access roles on same server and RD Host server with remote apps is on another server
ii) Have one static Public IP (provided from ISP) which is already fixed on external interface of the ADSL Router /Modem.
iii) From Outside: Typing URL: https://Public IP/rdweb
Getting RD web access page and login successfully but when I click on Remote Apps getting another login prompt ,  after putting again my windows authentication  getting following error message
computer can't connect to remote computer because the remote desktop gateway server address is unreachable or incorrect. Please provide the correct address or name
NOTE: From inside every thing is working fine, while From public internet its Not
your help will be highly appreciated
Kind Regards
Nazimfayaz
0
 
LVL 42

Expert Comment

by:kevinhsieh
Comment Utility
This article states how to configure Rd Web with the gateway address. The address is the public IP of your gateway server.

Note that depending on your router, you may not be able to access your Rd gateway's public IP address from inside your network.

http://technet.microsoft.com/en-us/library/cc731465.aspx
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:nazimfayaz76
Comment Utility
Hi kevinhsieh,
your given article didn't help me but as you mentioned above THE ADDRESS IS THE PUBLIC OF MY TS GATEWAY SERVER. its helped me to get clue about:
I Focused the Terminal Server and click on Remote App, then from right hand pane I Choose Gateway server settings, I just thought why I'm mentioning internal / windows FQDN based name of gateway server...I must should type the Public IP here.... then I typed it and tried from outside ...... Working Perfect...  Great thanks of your support.

LAST THING:  I'm trying to avoid by giving  two times authentication for accessing REMOTE APPS from RD WEB ACCESS. I want after login to RD Web access once we click on Remote Apps it shouldn't ask again windows authentication .... Is there a way for it ?
Regards
Nazim fayaz
0
 
LVL 42

Expert Comment

by:kevinhsieh
Comment Utility
I am glad you got it working.

As to getting single sign on to work, that is a separate question. I don't know if it is possible for unmanaged (non domain joined) devices without individually configuring each one.
0
 

Accepted Solution

by:
nazimfayaz76 earned 0 total points
Comment Utility
Hi Keninhsieh,
Great thanks of your support.
I'll log as a separate question for single sign On and let see. I agree from you that for non domain machines, its a bit risky to ask single sign On but you know in some organization it could be a strong requirements as its bothering to end user like  Higher management Or director levels.


Regards
Nazim fayaz.
0
 

Author Closing Comment

by:nazimfayaz76
Comment Utility
With the help of my supporting tech person, I got clue and resolved my TS issue.
Its working fine
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now