Windows Server 2016 Essentials and Macs connecting remotely

I have a client setup with Windows Server 2016 Essentials, and one of the employees has a MacBook that they want to use to connect remotely.  I am thinking they will want/need to connect to a computer via the remote workplace and also establish a VPN connection.  I do not work with Macs, so maybe I can be pointed in the right direction with detailed articles, etc.
cmp119IT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob WilliamsCommented:
You can connect a MAC with a VPN (SSTP) but the safer and better bet is direct Remote Desktop. Assuming you used the anywhere access wizard, Essentials will use the remote desktop gateway service, so you need to forward the router port 443 to the server (not 3389).  Then the MAC can simply download from the Apple Store the free Remote Desktop  Client.  Don't forget to use the advanced settings and insert the RD Gateway address.
0
cmp119IT ManagerAuthor Commented:
I have anywhere working fine.  443/1723 ports forwarding the Essentials Server.  Do you have any recommendations on a specific Apple Store RDP client?  Need specifics as far as using the advanced settings, etc.
0
Eoin OSullivanConsultantCommented:
This is the official latest Microsoft Remote Desktop client
https://itunes.apple.com/us/app/microsoft-remote-desktop-8-0/id715768417?mt=12
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Rob WilliamsCommented:
There is only one client available from the Apple store.  Actually called Microsoft Remote Desktop 8.0
https://itunes.apple.com/us/app/microsoft-remote-desktop-8-0/id715768417?mt=12

I don't have an iDevice to give you the exact location, but you need to have the following

Server (computer name) = NetBIOS name of your server or computer to which you are connecting like MyServer or JohnPC
User name with the domain in the form =   domain\username   such as  ABCcorp\JDoe
Password = user's password
Under advanced, or options it will want the Gateway which needs the full url of your Essentials server such as = remote.ABCcorp.com
It may also want the user name and password again.  If it has a box for Domain, rather than combining user and domain name, use
User = JDoe
Domain = ABCcorp
Password = User's password
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cmp119IT ManagerAuthor Commented:
Rob - thanks for this information.  I will pickup the MacBook over the weekend and see if I can get it to connect.  I will let you know the outcome.  Thanks.
0
Rob WilliamsCommented:
If it works with a PC, there shouldn't be any problem with a MAC.  Sometimes takes a little tweaking to get the right information in the right box if you are not familiar with it.
Any trouble, let us know.
0
cmp119IT ManagerAuthor Commented:
Normally, remote users logon via the remote portal (https://remote.ABCcorp.com).  Once authenticated they select an available computer they are authorized to access and connect to it.  IE has to be used since I believe it requires ActiveX Controls.  I've tried with Google Chrome, but the available computers do not display/list.
0
Rob WilliamsCommented:
Ah.

There are 2 ways to connect; using a web browser, or a Remote Desktop client (PC or MAC).  Yes, using a browser does require Active-X, thus only IE works.  Using the RDP client, connects directly to the selected device, PC or server.  You do need to know the name of the computer to which you are connecting as you are not presented with a list.  The client is a much  faster option for the initial connection, though once connected, they both work the same.  Having said that, I don't know why but the first time you connect from any device (PC, MAC, Tablet, Laptop) the connection takes longer than subsequent connections from the same device.  

If you want to connect from a PC using the client, just look for the Remote Desktop Client under programs, I think "Windows Accessories" or you can type in the run or search box     mstsc    to start the client.  The gateway settings are under "Advanced" / "settings".
0
cmp119IT ManagerAuthor Commented:
I understand what you're saying.  Normally, I've setup a VPN on employee remote computers, and then have establish the VPN and then connected via RDP.  I believe establishing the VPN to be more secure than just using an RDP session.  Do you not agree?
0
Rob WilliamsCommented:
No.  If you look at my profile, I am very familiar with VPN's but they have one huge flaw, a wide open tunnel between an unmanaged client and your corporate network.  The tunnel itself is very secure, but you have no control over the traffic within it.  Viruses can traverse the tunnel, easy to steal corporate data, if the remote computer is hacked they have direct access to the corporate network, and the VPN degrades performance slightly.  

A site-to-site VPN between 2 VPN routers and two managed offices is a different story.

VPN doesn't require using the gateway service, but that is just a simple entry.  If you don't have an RDP Gateway service, a VPN is a consideration, but you do have the gateway so I would recommend using it.  That in conjunction with good password policies is quite secure.  Make sure you enforce complex passwords and account lock outs for X wrong guesses. That applies to VPNs too.
0
cmp119IT ManagerAuthor Commented:
Makes sense.  I will let you know what happens over the weekend.  Thanks again.
0
cmp119IT ManagerAuthor Commented:
I just tried it out, and it worked like a charm! Thanks for all your help.
0
Rob WilliamsCommented:
Glad to hear.  Very welcome.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.