General discussion

Locked

External Remote Admin of SBS 2003

By SystemsAdmin ·
I have been asked by one of our software providers for external access to our SBS 2003 server for SQL data upgrades and maintenance, I am ble to remote desktop to our server for LAN but need to allow access from WAN for external user.

I have made them a user of the server and added them to remote users profile, I have forwarded port 3389 on router to ip address of server.

They are still unable to connect, am I forgeting something, PLEASE HELP.

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Blackcurrant In reply to External Remote Admin of ...

Hi

Our VPN is probably very different to yours but this is how ours is setup.

We use a router, Windows 2003 server, XP clients.

The router is configured to accept VPN requests. It is a designated RADIUS client. The VPN requests are passed onto a RADIUS server, setup on the Windows 2003 server. Users have to enter username, password and domain information. They are then authenticated (or not) by the RADIUS server (IAS).

The router also gives out an IP address to the remote PC's VPN connection in a specific range using DHCP. This range is just higher numbers than our network uses.

For example, our network uses 192.168.0.1 to 192.168.0.100. The router assigns 192.168.0.101 to 192.168.0.120.

Once the connection has been established, I usually start up Remote Desktop from my home PC, type in the IP address of the server I want to connect to, and then everything is fine.

Hope this helps

Collapse -

by Blackcurrant In reply to

Forgot to add that if you do install the IAS service (the RADIUS server), you will also need to start Routing and Remote Access too, and make sure your server (the one hosting IAS), is a member of the RAS/IAS group, and that it has been authenticated to use RAS. You can authenticate it by starting RAS from Administrative Tasks, selecting the server node and make sure you configure RAS and authorise your server to use it.

There is a LOT of help about IAS in the W2k3 help files.

Collapse -

by NOW LEFT TR In reply to External Remote Admin of ...

Do you have a VPN in the first place - sounds like you donat and are just forwarding a port from your internet router.

Get a VPN setup first....

Collapse -

by curlergirl In reply to External Remote Admin of ...

I would absolutely NOT do what you are proposing to do. If you allow them to access your server via a terminal server or RWW login, they will have full administrative rights to the server, unless you are much more sophisticated in how you set it up than you have described. This would allow them to, for example, install and uninstall software and hardware devices on your server. For me, as a LAN administrator, that would be an absolutely unacceptable security risk. I would recommend you use a straight VPN connection as suggested by another post, allowing them to use a login ID and password that has limited rights to the server. That way they won't see the desktop and won't have access to areas of your network and server they shouldn't.

That said, you will need to have the following ports on your router open and properly forwarded to your server, depending on how you decide to have them access your server: 80 and 3389 for a straight Remote Desktop connection; 80, 443, 444, 3389, and 4125 for RWW; or for VPN, 1723 for PPTP or 50, 51 and UDP 500 for IPSec.

Hope this helps!

Collapse -

by webjabber In reply to External Remote Admin of ...

SSL VPN can solve this issue easily and perfectly. try http://www.gotoservers.com, or you can buy other ssl vpn hardwares.
Using port forward you can allow WAN user/partener to access your database only, or you can give permission to user remote desktop.

Collapse -

by sgt_shultz In reply to External Remote Admin of ...

remote desktop or tserv? i am cornfused. possibly the firewall on your server is not open on the required ports. have you tried this yourself from a location outside your wan. you can check status with telnet, for example telnet (server address) tserv 3389
see if it works with both the server's hostname and ip address
or, what about free remote control app like free VNC or by using pcanywhere

Back to Windows Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums