Solved

RD WEb Windows 2008R2

Posted on 2013-12-19
5
1,235 Views
Last Modified: 2014-01-14
I am looking to configure RDweb.  I have two questions can I configure RDWeb SSL if we have one public IP address that points to our internal Exchange.  Can I change the SSL listening port and use port forwarding.  Second Question is on our Sonicwall Do I have to open up RDP from Wan interface so users can RDP to there computer?

Thanks in advance..
0
Comment
Question by:mbaez2009
  • 2
  • 2
5 Comments
 
LVL 24

Accepted Solution

by:
diverseit earned 500 total points
ID: 39731536
Hi mbaez2009,

...can I configure RDWeb SSL if we have one public IP address that points to our internal Exchange.  Can I change the SSL listening port and use port forwarding.
Apart from the certificate, are you going to be publishing a Full Desktop or a RemoteApp? Keep in mind that when publishing a Full Desktop using RD Web Access you cannot get rid of the security warning and you will not be able to make it SSO.

This is explained here: http://microsoftplatform.blogspot.com/2011/05/rd-webaccess-and-unknown-publisher.html

Furthermore, this explains even more about RDS and certificates in general: http://blog.kristinlgriffin.com/2010/08/minimum-certificate-requirements-for.html

You could do a wildcard for the SSL too.

...on our Sonicwall Do I have to open up RDP from Wan interface so users can RDP to there computer?
If you use RDWeb and RD Gateway then all you need is TCP port 443.  If you only use RDWeb then you would need TCP port 443 for RDWeb and TCP port 3389 (by default) for RDP, but I'd recommend installing RD Gateway if you have not already done so because with that installed traffic flows through 443 rather than 3389, which is a widely known networking attack vulnerability (not recommended to open 3389 ever!). Here are some guides for installing RD Gateway:

Here are a list of ports used in an RDS deployment: http://social.technet.microsoft.com/wiki/contents/articles/16164.what-ports-are-used-by-a-rds-deployment.aspx This means again if you use RD Gateway REWeb will operate over TS Gateway on port 443, which will be the only port needing to be forwarded.

Provided that you have different servers for Exchange and RDWeb, you can forward a different port, say 444, on your external IP to 443 on the internal IP of your RDWeb box. This allows you to leave 443 on the external IP forwarding to 443 on the internal IP of your Exchange box.

This only requires a single external IP. The only difference is when connecting to your RDWeb gateway (from outside) the URL will have to specify the external port number that you chose when creating the second NAT rule:
1.1.1.1:443 = <internal_IP1>:443  (NAT Policy for Exchange)
1.1.1.1:444 = <internal_IP2>:443  (NAT Policy for RDWeb)
Let me know how it goes!
0
 

Author Comment

by:mbaez2009
ID: 39731758
I will be using it for bot RDweb and apps.  Where should I put the Gateway Server.  I setup the session host on a terminal Server.
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 39732406
Ideally you would go for 2012 R2 instead of 2008 R2 as RDP in general is WAY WAY better and the setup WAY easier.
My home setup for example uses RD Web Access and RD Gateway on the same machine, with only port TCP 443 opened from the external interface to the internal IP of that particular server.
In total I have three machines (VMs).
- Domain Controller and RD Connection Broker on VM1.
- RD Web Access and RD Gateway on VM2.
- RD Session Host on VM3.
Wildcard certificate used (single certificate so I can use on all VMs).
Clients can connect to anywhere over port 443 (iOS, Android, Mac, Windows 7/8/8.1).

CR
0
 

Author Comment

by:mbaez2009
ID: 39732456
Ok Thanks I have to different clients to implement so I will play with both.
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39738999
Any updates?
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now