?
Solved

Access to RDP Server from outside shows IIS7 Page from SBS Server

Posted on 2013-06-30
8
Medium Priority
?
1,303 Views
Last Modified: 2013-06-30
Hi all,

We've got a client with 5 2008 Servers and a new 2011 SBS server which we have just installed and created a new domain.  We've joined all other 2008 servers to the domain and kept all IP addresses the same as before (the new SBS box was given the IP address of the old SBS box).

The firewall (Watchguard) has not been changed as all IP addresses remain the same but we have an issues access the Remote Desktop Server which we used to access via http://rdpserver.domain.com.  All we get now is the IIS7 splash screen which I assume is the 2011 SBS box.

Can anyone please help as to how we can get remote access to the remote server and stop the SBS box from responding?

Thanks

Adam
0
Comment
Question by:amlydiate
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 12

Expert Comment

by:Henk van Achterberg
ID: 39288159
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39288163
Did you enable Windows Authentication under Authorization settings in IIS, normally to be found under the SBS Web Applications -> RPC virtual web site ... or something, can't really be more precise without seeing it in front of me (no SBS here).
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39288194
Use httpS:
hettp will return that page, however port 80 should not even be open.

Makes sure also rdpserver is the correct prefix used by the "set up ypur internet address" wizard.  The default is remote, if you changed it under the "advanced" option that is OK.

This should then take you to the RWA page which will then give you access to the TS/RDS server.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:amlydiate
ID: 39288233
Hi Guys sorry I think I didn't quite explain the issue properly. The RDP server we are trying to connect to is not RDP through RWW on the SBS box but a separate server altogether running 2008 Server.  External DNS points remoteserver.domain.com to the internet IP address of the remote server and the IP address of that server is the one the firewall is pointing to (as none of the IP addresses have changed)

Thanks

Adam
0
 

Author Comment

by:amlydiate
ID: 39288255
Thought I'd give you some additional information which I think is relevant.

I had to rekey the old UCC SSL certificate which was installed on the old SBS server so that I could set it up on the new server.  I noticed that one of the alternative names on the old certificate was remoteserver.domain.com so I made sure I added that to the newly keyed certificate and installed that on the new server.  When I try to log on to https://remoteserver.domain.com I now get a "There is a problem with the website's security certificate" and I can't progress any further.  I also get an error when I try to RDP onto the remote server from inside the network and get the error "Your remote desktop connection failed because the computer cannot be authenticated. The certificate has been revoked and is not safe to use"

So I'm assuming it's an SSL problem but don't know what to do next, I'm guessing I can't install the UCC certificate on the SBS box onto the remote server as well....?
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 39288263
I am not quite sure how you would proceed from here.

An SBS 2008/2011 network makes use of the TS Gateway service.  As a result the normal method to connect to the RDP server would be to insall a single name cert on the SBS using the wizard, as per:
http://blog.lan-tech.ca/2012/05/17/sbs-2008-2011-adding-an-ssl-certificate/

Once done you would either connect to the SBS site using  remote.domain.com (or your custom prefix) and then using RWA connect to the TS/RDS server.....

Or, connect directly to the TS/RDS server using  the RDP client and configure the TSgateway option under advanced.

Using a UCC certificate should make your configuration work, but UCC certs on SBS are not a documented procedure, though it can be done.  Alternatively, do you have 2 public IP's?  If so you could use a separte IP and cert on the TS/RDS server.

Perhaps someone else can advise on the correct procedure for installing a UCC cert, if you would like to go that way.  Be careful though, incorrectly installing the certificate can 'break' other SBS services.
0
 

Author Closing Comment

by:amlydiate
ID: 39288286
Thanks Rob Will have raised a new question now that I think I know where the issue lies (28171836) will award points to you for your help so far.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39288292
Thanks amlydiate.  Sorrry I was not much help.  There should be no need to install a cert on the TS itself as it is accessed through the TS Gateway service on the SBS, even if directly.  If you are making use of TS Web Aps, even that is accessed through the TS Gateway.  The following may be of some help.

All the best.
--Rob
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question