RDC with Server 2008, 2011 and 2012

Hi experts,

I know that in Servers 2003 such as SBS 2003, in order to use RDP, you had to open port 3389 on the router. I believe with port forwarding, the remote user could access the computer with the suffix 3389. If you wanted to access another computer with 3390, could you use the same static public static IP?

In the scenario of using port 3389, when the remote connection was made, did it go from the router to the client and skip the server?

In servers 2008 above, there is no longer a need to open port 3389 (a good thing), as the server now runs Remote Desktop Management and all requests including RWA go through there. I am not sure if it is now called Remote Desktop Server Services or RDSS.

My major question is if you still have 3389 open and port forwarding to the client computer would that take the remote user to the specific client so that it would not actually use the server and Remote Desktop Services?

Thanks.

Bert

PS If there are two many different questions, I would be more than happy to split them. It just seems as though they kind of go together. Thanks.
LVL 1
Bert2005Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

N-WCommented:
If you wanted to access another computer with 3390, could you use the same static public static IP?

That's right.

In the scenario of using port 3389, when the remote connection was made, did it go from the router to the client and skip the server?

Yes, the RDP connection would go straight from the router to the internal client machine. If it's a domain joined client, the client would need to connect to the server for AD authentication, but not for RDP itself.

My major question is if you still have 3389 open and port forwarding to the client computer would that take the remote user to the specific client so that it would not actually use the server and Remote Desktop Services?

Even with RD Web Access or RD Gateway setup on port 443, if you're still port forwarding 3389 directly to a client machine it will still skip the server. The connection will only go through the server if you specifically use RD Web Access or RD Gateway to connect to the client machine.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Bert2005Author Commented:
Thanks. That answers all the questions. So, it would be silly, given all the security issues with port 3389 (even though you can change it), and the time necessary to configure your router for all clients) one would be rather dumb to not use the RD Gateway.

This also allows you to connect to all machines (if you have permissions) from home simply using the name of the computer and the domain such as computer_name.domain.local as the RD Gateway can use DNS? Of course, RDC or RDP (they almost seem interchangeable, although I think RDC is perferred now), must be configured correctly with the FQDN of the server.-

This should be all I need.
0
N-WCommented:
This also allows you to connect to all machines (if you have permissions) from home simply using the name of the computer and the domain such as computer_name.domain.local as the RD Gateway can use DNS?

That's right, as long as you set the RD Gateway's FQDN in the RDC client and the home PC can resolve the FQDN (such as rds.example.com), you should be able to connect to any internal PC using it's local hostname (such as pc01.example.local).

If you have RD Gateway setup, there's really no reason to port forward 3389 anymore (or any custom RDP port). You can even configure RD Gateway to use a custom port (such as 4443 instead of the default 443), but this requires Server 2012.
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Bert2005Author Commented:
Thanks N-W. I appreciate your help.
0
Bert2005Author Commented:
N-W,

May I ask you one more question? Sorry.
0
N-WCommented:
Sure, go ahead.
0
Bert2005Author Commented:
I use RDC and Remote Gateway so no problem, but I am curious since 2003 was three to four years ago for me.

When I had 3389 port forwarded to say Computer A and 3390 to Computer B and so on, how did I access them? I knew the public IP, say 72.xx.xxx.99. Did I write something like this in the browser: https://72.xx.xxx.99:3390 to get to Computer B?
0
Bert2005Author Commented:
Or  did I set up a number for a particular computer which was associated 3389 in the Cisco PIX?
0
N-WCommented:
In your RDC client, for the computer name you would put in "72.xx.xxx.99:3390".

For port 3389, just enter the IP address as it knows 3389 is the default port.
0
Bert2005Author Commented:
Thanks. It all comes back. :-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.