Solved

Access to RDP Server from outside shows IIS7 Page from SBS Server

Posted on 2013-06-30
8
1,240 Views
Last Modified: 2013-06-30
Hi all,

We've got a client with 5 2008 Servers and a new 2011 SBS server which we have just installed and created a new domain.  We've joined all other 2008 servers to the domain and kept all IP addresses the same as before (the new SBS box was given the IP address of the old SBS box).

The firewall (Watchguard) has not been changed as all IP addresses remain the same but we have an issues access the Remote Desktop Server which we used to access via http://rdpserver.domain.com.  All we get now is the IIS7 splash screen which I assume is the 2011 SBS box.

Can anyone please help as to how we can get remote access to the remote server and stop the SBS box from responding?

Thanks

Adam
0
Comment
Question by:amlydiate
8 Comments
 
LVL 12

Expert Comment

by:Henk van Achterberg
Comment Utility
0
 
LVL 25

Expert Comment

by:Zephyr ICT
Comment Utility
Did you enable Windows Authentication under Authorization settings in IIS, normally to be found under the SBS Web Applications -> RPC virtual web site ... or something, can't really be more precise without seeing it in front of me (no SBS here).
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Use httpS:
hettp will return that page, however port 80 should not even be open.

Makes sure also rdpserver is the correct prefix used by the "set up ypur internet address" wizard.  The default is remote, if you changed it under the "advanced" option that is OK.

This should then take you to the RWA page which will then give you access to the TS/RDS server.
0
 

Author Comment

by:amlydiate
Comment Utility
Hi Guys sorry I think I didn't quite explain the issue properly. The RDP server we are trying to connect to is not RDP through RWW on the SBS box but a separate server altogether running 2008 Server.  External DNS points remoteserver.domain.com to the internet IP address of the remote server and the IP address of that server is the one the firewall is pointing to (as none of the IP addresses have changed)

Thanks

Adam
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:amlydiate
Comment Utility
Thought I'd give you some additional information which I think is relevant.

I had to rekey the old UCC SSL certificate which was installed on the old SBS server so that I could set it up on the new server.  I noticed that one of the alternative names on the old certificate was remoteserver.domain.com so I made sure I added that to the newly keyed certificate and installed that on the new server.  When I try to log on to https://remoteserver.domain.com I now get a "There is a problem with the website's security certificate" and I can't progress any further.  I also get an error when I try to RDP onto the remote server from inside the network and get the error "Your remote desktop connection failed because the computer cannot be authenticated. The certificate has been revoked and is not safe to use"

So I'm assuming it's an SSL problem but don't know what to do next, I'm guessing I can't install the UCC certificate on the SBS box onto the remote server as well....?
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
Comment Utility
I am not quite sure how you would proceed from here.

An SBS 2008/2011 network makes use of the TS Gateway service.  As a result the normal method to connect to the RDP server would be to insall a single name cert on the SBS using the wizard, as per:
http://blog.lan-tech.ca/2012/05/17/sbs-2008-2011-adding-an-ssl-certificate/

Once done you would either connect to the SBS site using  remote.domain.com (or your custom prefix) and then using RWA connect to the TS/RDS server.....

Or, connect directly to the TS/RDS server using  the RDP client and configure the TSgateway option under advanced.

Using a UCC certificate should make your configuration work, but UCC certs on SBS are not a documented procedure, though it can be done.  Alternatively, do you have 2 public IP's?  If so you could use a separte IP and cert on the TS/RDS server.

Perhaps someone else can advise on the correct procedure for installing a UCC cert, if you would like to go that way.  Be careful though, incorrectly installing the certificate can 'break' other SBS services.
0
 

Author Closing Comment

by:amlydiate
Comment Utility
Thanks Rob Will have raised a new question now that I think I know where the issue lies (28171836) will award points to you for your help so far.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Thanks amlydiate.  Sorrry I was not much help.  There should be no need to install a cert on the TS itself as it is accessed through the TS Gateway service on the SBS, even if directly.  If you are making use of TS Web Aps, even that is accessed through the TS Gateway.  The following may be of some help.

All the best.
--Rob
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Suggested Solutions

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now