Questions

Cannot Connect Remotely to SBS 2003 or Workstations

+
0 Votes
Locked

Cannot Connect Remotely to SBS 2003 or Workstations

mrsneakyz28
So when using a client computer inside the LAN I can remote into the server as an administrator. What I would like to do from home is either just that, or remote in to one of the workstations at the office. I am fairly new to remote connections but always thought it was pretty straight forward. However when trying to remote in over the internet I have yet to be successful (aside from remote assistance). The server is obviously listening if I was able to connect at the office. What kinds of things would prevent me from connecting over the internet. Incorrect RDP setup from home? Certain protocols on the server? I was fairly diligent in making sure everything would be accessible on the server side...
  • +
    0 Votes
    Curacao_Dejavu

    On the firewall do a port forwarding on port 3389 to the server (internal ip address).

    when you think you have it right on the firewall you can use www.grc.com , go to the shields up page, and scan port 3389
    you will be able then to connect from remote

    Leopold

    +
    0 Votes
    mrsneakyz28

    Port 3389 is open. Am I configuring something incorrectly on my end? All of my necessary ports are open, there are sometimes when I try to connect that it says this computer can't connect, or sometimes when I change some settings around it says Security Certificate has expired or been revoked. Should I be putting the IP address of the Server in the RD Gateway settings or just in Computer name?

    +
    0 Votes
    Curacao_Dejavu

    based on grc's website ?
    if it is indeed open you should be able to telnet into it from the internet (you already confirmed that you can do that from the lan side).
    "telnet x.x.x.x 3389"

    if that is not working then the firewall is redirecting to a wrong device.

    just use the ip in the computername.

    +
    0 Votes
    mrsneakyz28

    Yeah I ran a scan on the server all necessary ports are open. I had some trouble telnet into it but I think I connected at one point. Now the computer name ip is something along the lines of 192.168.x.x so how do I use that? Put the real ip in RD Gateway server settings and then put that ip in computer name?? Thanks.

    +
    0 Votes
    Nimmo

    Although you have the port on the firewall open you must specify in the router which PC the packets will be forwarded to on the internal network.

    +
    0 Votes
    Curacao_Dejavu

    I see the problem.

    verify that from the lan you can connect to the server with rdp.

    access to the router and do a port forwarding on port 3389 to the server.

    from the internet you need to connect to the public ip address of your router (not the 192.x.x.x one, you need the ip address at the wan side of the router).
    use rdp with the public ip address in the computer tab and you are done.

    +
    0 Votes
    Bapster

    Read about Remote Web Workplace in SBS 2003, it is much simpler to use, although you still have to open the necessary ports up (I don't recall these off the top of my head) It is web based and provides you a menu listing call the devices on your lan that you can click on to access remotely.

    +
    0 Votes
    Churdoo

    Relative to your original question, Curacao was right by recognizing you should be using your public IP address to RDP from outside.

    Just to expand on Bapster's post, SBS has Remote Web Workplace (RWW) features built in. Instead of exposing RDP 3389, for SBS2003 forward ports 443 and 4125 to use RWW, assuming you've enabled RWW in the SBS CEICW (Configure Email and Internet Connections Wizard). Then from home you browse to the PUBLIC IP of your site (https://xxx.xxx.xxx.xxx/remote), accept the security certificate warning, and log into the RWW. You'll be able to remote into the server, or into any of your workstations that have Remote enabled, use Outlook Web Access, etc.

    If your internet connection at your work site is a Dynamic IP then you'll have to subscribe to a Dynamic DNS service or better yet, convert to a static IP internet plan. It's customary to create an A record in your public DNS zone with your site static IP, something like remote.mycompany.com so that you and your remote users don't have to remember the pub IP.

    Somewhat complete list of common SBS 2003 ports used externally:
    25 = SMTP, if you're hosting your own email via SMTP
    80 = HTTP if you're hosting your own public www site
    110 = POP if you're allowing users to POP email from offsite (consider Outlook Anywhere instead)
    143 = IMAP if you're allowing users to IMAP email from offsite
    443 = HTTPS entry point for OWA, RWW
    444 = HTTPS if you're using Sharepoint externally
    993 = IMAP SSL
    1723 = PPTP, if you're using VPN managed by your SBS
    4125 = RWW

    --C

  • +
    0 Votes
    Curacao_Dejavu

    On the firewall do a port forwarding on port 3389 to the server (internal ip address).

    when you think you have it right on the firewall you can use www.grc.com , go to the shields up page, and scan port 3389
    you will be able then to connect from remote

    Leopold

    +
    0 Votes
    mrsneakyz28

    Port 3389 is open. Am I configuring something incorrectly on my end? All of my necessary ports are open, there are sometimes when I try to connect that it says this computer can't connect, or sometimes when I change some settings around it says Security Certificate has expired or been revoked. Should I be putting the IP address of the Server in the RD Gateway settings or just in Computer name?

    +
    0 Votes
    Curacao_Dejavu

    based on grc's website ?
    if it is indeed open you should be able to telnet into it from the internet (you already confirmed that you can do that from the lan side).
    "telnet x.x.x.x 3389"

    if that is not working then the firewall is redirecting to a wrong device.

    just use the ip in the computername.

    +
    0 Votes
    mrsneakyz28

    Yeah I ran a scan on the server all necessary ports are open. I had some trouble telnet into it but I think I connected at one point. Now the computer name ip is something along the lines of 192.168.x.x so how do I use that? Put the real ip in RD Gateway server settings and then put that ip in computer name?? Thanks.

    +
    0 Votes
    Nimmo

    Although you have the port on the firewall open you must specify in the router which PC the packets will be forwarded to on the internal network.

    +
    0 Votes
    Curacao_Dejavu

    I see the problem.

    verify that from the lan you can connect to the server with rdp.

    access to the router and do a port forwarding on port 3389 to the server.

    from the internet you need to connect to the public ip address of your router (not the 192.x.x.x one, you need the ip address at the wan side of the router).
    use rdp with the public ip address in the computer tab and you are done.

    +
    0 Votes
    Bapster

    Read about Remote Web Workplace in SBS 2003, it is much simpler to use, although you still have to open the necessary ports up (I don't recall these off the top of my head) It is web based and provides you a menu listing call the devices on your lan that you can click on to access remotely.

    +
    0 Votes
    Churdoo

    Relative to your original question, Curacao was right by recognizing you should be using your public IP address to RDP from outside.

    Just to expand on Bapster's post, SBS has Remote Web Workplace (RWW) features built in. Instead of exposing RDP 3389, for SBS2003 forward ports 443 and 4125 to use RWW, assuming you've enabled RWW in the SBS CEICW (Configure Email and Internet Connections Wizard). Then from home you browse to the PUBLIC IP of your site (https://xxx.xxx.xxx.xxx/remote), accept the security certificate warning, and log into the RWW. You'll be able to remote into the server, or into any of your workstations that have Remote enabled, use Outlook Web Access, etc.

    If your internet connection at your work site is a Dynamic IP then you'll have to subscribe to a Dynamic DNS service or better yet, convert to a static IP internet plan. It's customary to create an A record in your public DNS zone with your site static IP, something like remote.mycompany.com so that you and your remote users don't have to remember the pub IP.

    Somewhat complete list of common SBS 2003 ports used externally:
    25 = SMTP, if you're hosting your own email via SMTP
    80 = HTTP if you're hosting your own public www site
    110 = POP if you're allowing users to POP email from offsite (consider Outlook Anywhere instead)
    143 = IMAP if you're allowing users to IMAP email from offsite
    443 = HTTPS entry point for OWA, RWW
    444 = HTTPS if you're using Sharepoint externally
    993 = IMAP SSL
    1723 = PPTP, if you're using VPN managed by your SBS
    4125 = RWW

    --C