Re: SBS 2003 standard RDP access
- From: Owen Williams [SBS MVP] <Owen@xxxxxxxxxxxxxxxxxx>
- Date: Thu, 28 Sep 2006 10:42:25 -0400
In article <efgkr6$1en$1@xxxxxxxxxxxxxxxxxx>, brian@xxxxxxxx says...
Thanks for that clarification, I just didn't recognise the acronym, although
guessed from the last 3 chars it might be the internet connection wizard.
Yes, I have run that and, as you have seen, have 2 NICs and have enabled the
basic firewall in SBS. The router is not configured for NAT, the external
NIC on the server has a real internet address, so the server itself does the
NAT. Internal IP addresses on the LAN are non-routable addresses, of course.
This router configuration doesn't normally need any other settings for RDP,
in my experience.
When I ran the ICW I set it for VPN, Outlook web access, outlook mobile,
outlook over the internet, remote workplace, etc., everything but the web
site in fact. I also configured Exchange at the same time. All is working
fine (yes, I tested them all ! :-) ) except the RDP, seems nothing is
listening on the server on port 3389, after running netstat. So I am pretty
certain the RDP service is not running, so the problem is definitely in the
server, as opposed to the router. I'll have a look through the ICW again,
when I'm back at that site tomorrow, but I'm sure there's also a way of
manually configuring and starting the RDP service outside of that.
I think, at least, we are now down to having actually defined more clearly
the problem, my apologies to all for not giving more details before.
Brian:
Thanks for the clarification. Now, I have to take back something I said
earlier about not doing anything special to enable server RDP!
I have a client with a 2-NIC SBS configured exactly like you are
describing - including the RRAS Basic Firewall - except the router has
NAT enabled. (For purposes of this discussion, that's irrelevant.)
I reran the CEICW to check the settings. On the "Services
Configuration" page (part of Basic Firewall setup), the "Terminal
Services" box is checked (E-mail). This is what enables port 3389
passthru.
Separately ... You didn't ask, but ... most SBS consultants like to
configure perimeter routers to use NAT, with excluded addresses for
static IP addresses, even if they have Premium with ISA. The external
SBS NIC still has a static IP, it's just in the NAT-ed range. The
reason for this is not so much security (although this does provide
another layer for Defense in Depth) as for [1] taking some load off of
the SBS and [2] isolating the SBS from ISP details.
With NAT enabled, the router rejects most of the port scans and Internet
"noise" so that the SBS sees a much "thinner" stream of traffic. In
addition, most routers support DNS forwarding. When you run the CEICW,
you can provide the LAN address of the router as the "ISP DNS". The
router handles forwarding that to the actual ISP DNS servers. This
enables you to change ISPs if you wish with zero changes to the SBS.
These are just suggestions for your consideration. What you are doing
is obviously working for you.
-- Owen Williams (SBS MVP)
.
- Follow-Ups:
- Re: SBS 2003 standard RDP access
- From: Owen Williams [SBS MVP]
- Re: SBS 2003 standard RDP access
- References:
- SBS 2003 standard RDP access
- From: Brian
- Re: SBS 2003 standard RDP access
- From: Owen Williams [SBS MVP]
- Re: SBS 2003 standard RDP access
- From: Brian
- Re: SBS 2003 standard RDP access
- From: Owen Williams [SBS MVP]
- Re: SBS 2003 standard RDP access
- From: Brian
- SBS 2003 standard RDP access
- Prev by Date: Re: Identify Premium or Standard Edition SBS R2
- Next by Date: Re: <<free space on C how?>>
- Previous by thread: Re: SBS 2003 standard RDP access
- Next by thread: Re: SBS 2003 standard RDP access
- Index(es):
Relevant Pages
|
Loading
