Solved

RD WEb Windows 2008R2

Posted on 2013-12-19
5
1,325 Views
Last Modified: 2014-01-14
I am looking to configure RDweb.  I have two questions can I configure RDWeb SSL if we have one public IP address that points to our internal Exchange.  Can I change the SSL listening port and use port forwarding.  Second Question is on our Sonicwall Do I have to open up RDP from Wan interface so users can RDP to there computer?

Thanks in advance..
0
Comment
Question by:mbaez2009
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39731536
Hi mbaez2009,

...can I configure RDWeb SSL if we have one public IP address that points to our internal Exchange.  Can I change the SSL listening port and use port forwarding.
Apart from the certificate, are you going to be publishing a Full Desktop or a RemoteApp? Keep in mind that when publishing a Full Desktop using RD Web Access you cannot get rid of the security warning and you will not be able to make it SSO.

This is explained here: http://microsoftplatform.blogspot.com/2011/05/rd-webaccess-and-unknown-publisher.html

Furthermore, this explains even more about RDS and certificates in general: http://blog.kristinlgriffin.com/2010/08/minimum-certificate-requirements-for.html

You could do a wildcard for the SSL too.

...on our Sonicwall Do I have to open up RDP from Wan interface so users can RDP to there computer?
If you use RDWeb and RD Gateway then all you need is TCP port 443.  If you only use RDWeb then you would need TCP port 443 for RDWeb and TCP port 3389 (by default) for RDP, but I'd recommend installing RD Gateway if you have not already done so because with that installed traffic flows through 443 rather than 3389, which is a widely known networking attack vulnerability (not recommended to open 3389 ever!). Here are some guides for installing RD Gateway:

Here are a list of ports used in an RDS deployment: http://social.technet.microsoft.com/wiki/contents/articles/16164.what-ports-are-used-by-a-rds-deployment.aspx This means again if you use RD Gateway REWeb will operate over TS Gateway on port 443, which will be the only port needing to be forwarded.

Provided that you have different servers for Exchange and RDWeb, you can forward a different port, say 444, on your external IP to 443 on the internal IP of your RDWeb box. This allows you to leave 443 on the external IP forwarding to 443 on the internal IP of your Exchange box.

This only requires a single external IP. The only difference is when connecting to your RDWeb gateway (from outside) the URL will have to specify the external port number that you chose when creating the second NAT rule:
1.1.1.1:443 = <internal_IP1>:443  (NAT Policy for Exchange)
1.1.1.1:444 = <internal_IP2>:443  (NAT Policy for RDWeb)
Let me know how it goes!
0
 

Author Comment

by:mbaez2009
ID: 39731758
I will be using it for bot RDweb and apps.  Where should I put the Gateway Server.  I setup the session host on a terminal Server.
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 39732406
Ideally you would go for 2012 R2 instead of 2008 R2 as RDP in general is WAY WAY better and the setup WAY easier.
My home setup for example uses RD Web Access and RD Gateway on the same machine, with only port TCP 443 opened from the external interface to the internal IP of that particular server.
In total I have three machines (VMs).
- Domain Controller and RD Connection Broker on VM1.
- RD Web Access and RD Gateway on VM2.
- RD Session Host on VM3.
Wildcard certificate used (single certificate so I can use on all VMs).
Clients can connect to anywhere over port 443 (iOS, Android, Mac, Windows 7/8/8.1).

CR
0
 

Author Comment

by:mbaez2009
ID: 39732456
Ok Thanks I have to different clients to implement so I will play with both.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39738999
Any updates?
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question