Questions

Terminal Server 2008 Web Access via Internet

+
0 Votes
Locked

Terminal Server 2008 Web Access via Internet

IT Support Desk
I installed a 2008 Standard Server with TS or Terminal Services and all appears to work fine from within the LAN using XP machines with Srvpk3 and Vista machines w/Srvpk1. However, despite opening up ports 3389 and 443 on the firewall, I am still unable to access the TS from the internet? Has anyone come across this TS inaccessibilty issue from the internet and resolved it?
  • +
    0 Votes
    rkelly

    It really depends on how you have the authentiction turned on on your Terminal Server. You might wantto try using a TS Gateway though - better encryption, single SSL port open on yout firewall and better security.

    +
    0 Votes
    IT Support Desk

    Are you saying I can use only port 443/SSL and not require port 3389?
    TS Gateway is installed, SSL port 443 opened, and port 3389 was closed during testing and I still can't get through using public ip address on the firewall. The firewall works because it was also used with an SBS 2k3 server previously. In fact, I tested two different firewalls with the same results --still unable to access Remote Apps over the internet with the dnat policies or port forwarding. There is something on the server I am missing. However, I went as far as temporarily allowing "ANY" computer to connect despite the client's security level thus, the client wasn't required to have RDP6.0, XP SrvPk3, nor Vista's SrvPk1. Any other thoughts? By default, TS seems to use port 3389.

    +
    0 Votes
    rkelly

    Yes, if you use a Windows 2008 TS Gateway then you can use just tcp:443 to provide access into your network. If you are are trying to publish multiple terminal servers through a firewall firewall then drilling loads of holes through your firewall (even if they are all port address translation rules) is not really something I would recommend - I would look at some form of proxy device or VPN concentrator instead. TS GAteway is as single servoce running on Wuindows 2008 that you stick dehind the forward facing firewall and allows traffic in on TCP:443 and then will forward it on to Terminal servers on either tcp:3389 OR tcp:443 depending on how you have it configured.

    http://technet2.microsoft.com/windowsserver2008/en/library/c7ddc4e9-1316-4759-915f-47245fe4d12e1033.mspx?mfr=true

  • +
    0 Votes
    rkelly

    It really depends on how you have the authentiction turned on on your Terminal Server. You might wantto try using a TS Gateway though - better encryption, single SSL port open on yout firewall and better security.

    +
    0 Votes
    IT Support Desk

    Are you saying I can use only port 443/SSL and not require port 3389?
    TS Gateway is installed, SSL port 443 opened, and port 3389 was closed during testing and I still can't get through using public ip address on the firewall. The firewall works because it was also used with an SBS 2k3 server previously. In fact, I tested two different firewalls with the same results --still unable to access Remote Apps over the internet with the dnat policies or port forwarding. There is something on the server I am missing. However, I went as far as temporarily allowing "ANY" computer to connect despite the client's security level thus, the client wasn't required to have RDP6.0, XP SrvPk3, nor Vista's SrvPk1. Any other thoughts? By default, TS seems to use port 3389.

    +
    0 Votes
    rkelly

    Yes, if you use a Windows 2008 TS Gateway then you can use just tcp:443 to provide access into your network. If you are are trying to publish multiple terminal servers through a firewall firewall then drilling loads of holes through your firewall (even if they are all port address translation rules) is not really something I would recommend - I would look at some form of proxy device or VPN concentrator instead. TS GAteway is as single servoce running on Wuindows 2008 that you stick dehind the forward facing firewall and allows traffic in on TCP:443 and then will forward it on to Terminal servers on either tcp:3389 OR tcp:443 depending on how you have it configured.

    http://technet2.microsoft.com/windowsserver2008/en/library/c7ddc4e9-1316-4759-915f-47245fe4d12e1033.mspx?mfr=true