Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Access to RDP Server from outside shows IIS7 Page from SBS Server

Posted on 2013-06-30
8
Medium Priority
?
1,338 Views
Last Modified: 2013-06-30
Hi all,

We've got a client with 5 2008 Servers and a new 2011 SBS server which we have just installed and created a new domain.  We've joined all other 2008 servers to the domain and kept all IP addresses the same as before (the new SBS box was given the IP address of the old SBS box).

The firewall (Watchguard) has not been changed as all IP addresses remain the same but we have an issues access the Remote Desktop Server which we used to access via http://rdpserver.domain.com.  All we get now is the IIS7 splash screen which I assume is the 2011 SBS box.

Can anyone please help as to how we can get remote access to the remote server and stop the SBS box from responding?

Thanks

Adam
0
Comment
Question by:amlydiate
8 Comments
 
LVL 12

Expert Comment

by:Henk van Achterberg
ID: 39288159
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39288163
Did you enable Windows Authentication under Authorization settings in IIS, normally to be found under the SBS Web Applications -> RPC virtual web site ... or something, can't really be more precise without seeing it in front of me (no SBS here).
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 39288194
Use httpS:
hettp will return that page, however port 80 should not even be open.

Makes sure also rdpserver is the correct prefix used by the "set up ypur internet address" wizard.  The default is remote, if you changed it under the "advanced" option that is OK.

This should then take you to the RWA page which will then give you access to the TS/RDS server.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Author Comment

by:amlydiate
ID: 39288233
Hi Guys sorry I think I didn't quite explain the issue properly. The RDP server we are trying to connect to is not RDP through RWW on the SBS box but a separate server altogether running 2008 Server.  External DNS points remoteserver.domain.com to the internet IP address of the remote server and the IP address of that server is the one the firewall is pointing to (as none of the IP addresses have changed)

Thanks

Adam
0
 

Author Comment

by:amlydiate
ID: 39288255
Thought I'd give you some additional information which I think is relevant.

I had to rekey the old UCC SSL certificate which was installed on the old SBS server so that I could set it up on the new server.  I noticed that one of the alternative names on the old certificate was remoteserver.domain.com so I made sure I added that to the newly keyed certificate and installed that on the new server.  When I try to log on to https://remoteserver.domain.com I now get a "There is a problem with the website's security certificate" and I can't progress any further.  I also get an error when I try to RDP onto the remote server from inside the network and get the error "Your remote desktop connection failed because the computer cannot be authenticated. The certificate has been revoked and is not safe to use"

So I'm assuming it's an SSL problem but don't know what to do next, I'm guessing I can't install the UCC certificate on the SBS box onto the remote server as well....?
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 39288263
I am not quite sure how you would proceed from here.

An SBS 2008/2011 network makes use of the TS Gateway service.  As a result the normal method to connect to the RDP server would be to insall a single name cert on the SBS using the wizard, as per:
http://blog.lan-tech.ca/2012/05/17/sbs-2008-2011-adding-an-ssl-certificate/

Once done you would either connect to the SBS site using  remote.domain.com (or your custom prefix) and then using RWA connect to the TS/RDS server.....

Or, connect directly to the TS/RDS server using  the RDP client and configure the TSgateway option under advanced.

Using a UCC certificate should make your configuration work, but UCC certs on SBS are not a documented procedure, though it can be done.  Alternatively, do you have 2 public IP's?  If so you could use a separte IP and cert on the TS/RDS server.

Perhaps someone else can advise on the correct procedure for installing a UCC cert, if you would like to go that way.  Be careful though, incorrectly installing the certificate can 'break' other SBS services.
0
 

Author Closing Comment

by:amlydiate
ID: 39288286
Thanks Rob Will have raised a new question now that I think I know where the issue lies (28171836) will award points to you for your help so far.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 39288292
Thanks amlydiate.  Sorrry I was not much help.  There should be no need to install a cert on the TS itself as it is accessed through the TS Gateway service on the SBS, even if directly.  If you are making use of TS Web Aps, even that is accessed through the TS Gateway.  The following may be of some help.

All the best.
--Rob
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question