Re: Using Remote Desktop From an SBS Domain

I assume you go the same login failure (Unknown user name or bad password)
when you tried to RDP while attached directly to a port on your router? I
also assume that you disabled the ISA firewall client during this test if
you were using a domain workstation.

You are correct on all with this one.

Your ISP should be forwarding ALL traffic to you that is destined for your
IP adddress (no filtering or blocking of ports or traffic). This will
allow your router and/or ISA to direct all incoming traffic. They need to
have port 3389 open on their side (both inbound and outbound).

I believe this is where the problem lies. My ISP controls the router and
thus the ports that are opened/closed/filtered act. Shortly after getting
SBS configured and when I attained some familiarity with it's workings I
wanted to make available RWW, OWA and receive mail. That was a small
struggle because of the ISP being a Linux fan and just not liking Windows
software because of the security risks. His belief is to only open what
needs opening, which is fine when users don't understand what the
risks/responsibilities are for having control of your router but I don't
consider myself in that category. I did get the ports forwarded to allow
RWW, OWA, Remote Desktop via RWW and SMTP mail. After a few years of me not
having any problems with my server security wise and causing problems on his
network I think I've gained some trust from him.

So if 3389 needs forwarded on the client end too then that is what the
problem is. I just haven't seen any information (until your post) telling
requirements for the client side. Maybe it is just a given that if 3389 is
what the host listens on then the client needs to transmit/receive on that
too.

Looks like you're using Surgardog.com as your ISP. I suspect your
somewhere on the outskirts of Monticello and don't have a lot of ISP
choices in your area. Are there any other non-wireless ISPs available to
you (maybe Verizon DSL)?

As for DSL being available where I'm at the answer is a disappointing no. We
are almost 6 miles from the central office point where the fiber starts so
the fixed wireless is the only choice. I'll be in contact with the ISP next
week. I'll have him forward 3389 and I should be set.

Thanks to you Merv and everyone for helping me with this. I really
appreciate it. I'll post again when I get the port forwarded.

Jeff





"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
news:uO8xjDn8HHA.1900@xxxxxxxxxxxxxxxxxxxxxxx
I assume you go the same login failure (Unknown user name or bad password)
when you tried to RDP while attached directly to a port on your router? I
also assume that you disabled the ISA firewall client during this test if
you were using a domain workstation.

Your ISP should be forwarding ALL traffic to you that is destined for your
IP adddress (no filtering or blocking of ports or traffic). This will
allow your router and/or ISA to direct all incoming traffic. They need to
have port 3389 open on their side (both inbound and outbound).

I don't have an Internet IP Address
http://www.homenethelp.com/sharing/private-ip-address.asp

(in the article, Netmeeting is similar to RDP)

"How limiting is it?
If your ISP has you behind a NAT router, there is no way for someone on
the Internet to initiate an IP conversation with your computer. That means
NO SERVERS. You can not run a game server, ftp server or web server.
Outgoing VPN connections will most likely not work so forget connecting to
your office LAN over the Internet. Advanced teleconferencing programs like
NetMeeting will not work. ICQ will not work correctly as well as MSN
Messenger file send/receive. Lastly, some multi-player games will not even
allow you to join a game on the Internet.

This situation is different than if you ran your own NAT connection
sharing box (like a broadband router) because you have no control over the
ISP NAT router. If it were your own, you could adjust settings in the
router to make most of those applications work properly. "

Looks like you're using Surgardog.com as your ISP. I suspect your
somewhere on the outskirts of Monticello and don't have a lot of ISP
choices in your area. Are there any other non-wireless ISPs available to
you (maybe Verizon DSL)?

--
Merv Porter [SBS-MVP]
============================

"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:eAoWwFm8HHA.1204@xxxxxxxxxxxxxxxxxxxxxxx
I gave your suggestion a try Merv. I tried both on my SBS domain and then
with the same user account connected directly to my router with no luck.
Hopefully next week I can attempt a connection while my ISP watches the
traffic pass through his network and see what we find. He is a Linux
person so we speak different languages but hopefully we can find some
common ground. He has little experience with Windows services and
Operating Systems so I've tried to educate myself as much as possible with
what a Remote Desktop Connection requires, specifically on the client end.
Is there anything special/specific needed on the client end to make the
connection?

Jeff


"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:OOIdMwk8HHA.2208@xxxxxxxxxxxxxxxxxxxxxxx
I will give that a try Merv. One point I don't think I've made in this
post is that when using dialup and actually making the connection I'm
simply disconnecting from the SBS LAN, plugging my dialup modem in and
making Remote Desktop Connecting with the same SBS domain user account. I
will be curious to see what happens with a new domain account though and
post back!

Jeff

"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
news:udRr9Sj8HHA.1900@xxxxxxxxxxxxxxxxxxxxxxx
Just curious...

+ Create a domain user with the same username as that required for the
RDP to the University computer. Create a domain user password of your
choice.
+ Log onto a LAN workstation with this username
+ Open RDP and enter the (University) static IP address for the
computer name, as well as the (Univeristy) username and (Univeristy)
password for logon credentials

Question: can you RDP to the external computer with this scenario?

--
Merv Porter [SBS-MVP]
============================

"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:e5q6uMc8HHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
I am in communication with them now. They use NAT and private IP
addresses between me and the Internet and that is as much as I know.


"Claus" <cjobes@xxxxxxxxxxxxx> wrote in message
news:em0wu3b8HHA.3916@xxxxxxxxxxxxxxxxxxxxxxx
No, it wouldn't. There is definitely something on that router or
between the router and the internet. What is between that router and
the internet? Have you talked to your ISP?

--
Claus
"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:OC%23eevb8HHA.464@xxxxxxxxxxxxxxxxxxxxxxx
There is an NAT router supplied by my ISP. I don't know if it's
anything more than that or not. This is a fixed wireless Internet
connection so even after my router there is a large private network
to travel through before I get to the actual Internet. I do have an
SBS RDP Outbound Access Rule in ISA.

I plugged my laptop into my router location and temporarily plugged
in there and still couldn't RDP so I suspect the ISP's router is
where the problem is. But if it's just NAT would it still be
blocking outbound traffic for Remote Desktop?

Thanks
Jeff


"Claus" <cjobes@xxxxxxxxxxxxx> wrote in message
news:eskDuXb8HHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
ISA in a standard configuration would not prevent you from using
Remote Desktop from within your LAN to a computer on the internet.
I do this all the time. Do you by any chance have a firewall
between your SBS WAN and the Internet?

--
Claus
"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:eqjnf5a8HHA.2752@xxxxxxxxxxxxxxxxxxxxxxx
I am narrowing down where the problem is with connecting to an XP
Pro computer that is on a remote network now. I was able to use a
dial-up Internet connection, bypassing my SBS/ISA network all
together. So the machine that I'm trying to connect to is
configured to accept Remote Desktop Connections. Now I just have to
figure what is preventing me from connecting while I'm using my XP
Workstation when connected to my SBS network. Would ISA be
preventing outbound RDP connections or do ports have to be open to
allow me to Remote Desktop out from my SBS network?

I've spent most of the day looking for information regarding the
client end of a Remote Desktop connection and have found little
about it. Maybe it's just not normally an issue.

Thanks for any suggestions.

Jeff


"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:%23GACASX8HHA.4436@xxxxxxxxxxxxxxxxxxxxxxx
I have looked at that article again today and also read through it
yesterday. It goes into detail about how to set the host computer
up (the machine who's desktop I'm wanting to connect to) but
doesn't say much about ports or settings on the client end. I have
no control over the host end but just wanted to be sure I have
things set correctly on the client end to allow this to work.

Thanks
Jeff


"Ritch_DA" <RitchDA@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:605F7F3E-475B-446B-B179-DA125DD90ECB@xxxxxxxxxxxxxxxx
From what I remember when you install tsweb on your host PC you
can change
the port number you connect to from 80 (default) to a port of
your choice.
Then obviously create the port forward in your router on your
chosen port to
the appropriate IP (local PC's IP) then connect to it in
internet explorer
using the following syntax: http://ipaddress:port/tsweb/

You still need to open 3389.

Have a careful read through those instructions I linked to, that
article
explains exactly how to setup what you are trying to do.

-----------------------------------------------------------------
"Jeff Teel" wrote:

It would appear that way but I'm not sure just how to change
that. This
machine is on a University network and has a public IP address
assigned to
it. I have tried using the IP address in the Computer: box as
well as the
actual domain/computer name of the machine with the same
results. You
sparked a question in my mind about installing tsweb on the
host pc though.
Am I assuming correctly that connecting using a web browser
through ts still
uses port 3389? Either way (using a web browser or the Remote
Desktop
client) does it require any ports to be open on the client end?

Thanks
Jeff

"Ritch_DA" <RitchDA@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:74C2DFCE-73F1-4B09-918F-BF2A43CA36BA@xxxxxxxxxxxxxxxx
Hi Jeff

I read through very quickly but it sounds like you are
connecting to the
wrong machine.

Good solution is to install tsweb on the host machine, change
the port to
something other than 3389 then connect to the machine via
your browser.

Here's all the info you need:
http://www.microsoft.com/windowsxp/using/networking/expert/northrup_03may16.mspx

Hope that helps

"Jeff Teel" wrote:

I have tested it and I get the message "The system could not
log you on.
Make sure your user name and domain are correct, then type
your password
again. Letters in the password must be typed in the correct
case." I am
positive that the username and password are being put in
correctly. There
are a couple of things that make me question settings. One,
when I get
the
message The system could not log you on........ my
workstation appears to
be
trying to logon to my SBS. The desktop picture thats on my
server shows
and
the Windows Server logon screen appears for me to re-enter
the
credentials.
I'm also getting logon failure errors in my security log
from the server.
I
can however see the connection take place in ISA

Logon Failure:
Reason: Unknown user name or bad password
User Name: test
Domain: network
Logon Type: 10
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: SERVER
Caller User Name: SERVER$
Caller Domain: teelnet
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 5296
Transited Services: -
Source Network Address: 10.10.2.4
Source Port: 60818

Some history about my Internet connection. I have a fixed
wireless
Internet
provider. The provider maintains a large wireless LAN that
uses private
IP
addresses.They have access points located on towers around
the area that
a
device from my location looks at. The Source Network
Address: 10.10.2.4
is
the wireless IP address side of my router. In short my
router has two
NIC's,
the 10.10.2.4 (fixed wireles side) and 192.168.0.x side.

Thanks
Jeff


"Claus" <cjobes@xxxxxxxxxxxxx> wrote in message
news:OXrFkqQ8HHA.5012@xxxxxxxxxxxxxxxxxxxxxxx
did you test it? did it work?

--
Claus
"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in
message
news:%23NvyCJP8HHA.5984@xxxxxxxxxxxxxxxxxxxxxxx
I am attempting to connect to a Windows XP Pro PC on a
totally
different
network from a workstation on my SBS network. I have SBS
2003 SP1 with
ISA
2004. The PC that I'm trying to connect to does have a
static IP
address
and I'm using that for the Computer Name in the Remote
Desktop
Connection
client. I used "telnet xxx.xxx.xxx.xxx 3389" to see if the
remote
workstation was listening on the correct port and it is.
My question,
are
there any ISA adjustments needed on my network in order
for me to
Remote
Desktop out to another XP Pro machine on a different
network over the
Internet? I'm using the c:\windows\system32\mstsc.exe
application to
make
the connection. The remote host does not have Remote
Desktop Web
Connection installed on it.

Thanks
Jeff































.

Relevant Pages

  • Re: Using Remote Desktop From an SBS Domain
    ... when you tried to RDP while attached directly to a port on your router? ... Internet to initiate an IP conversation with your computer. ... This situation is different than if you ran your own NAT connection sharing ...
    (microsoft.public.windows.server.sbs)
  • Re: Setting up Home Network w/ 2 Routers
    ... successfully got my 2Wire, Netgear, and Linksys playing nicely. ... Connected the LAN port #1 of 2Wire to the WAN port of the Netgear. ... connection type and all for me. ... If you add another router to the mix, just make sure to disable the ...
    (microsoft.public.windowsxp.network_web)
  • How did they get behind my NAT?
    ... this point I panicked and shutdown the VNC service ASAP. ... My question is how the attacker got to my VNC port! ... the internet through the router. ... client connection using local port number 5900 (which was also being ...
    (alt.computer.security)
  • Re: interfaces lo:1 lo:2 lo:3? (for remote ssh tunnels)
    ... That's the problem tunneling (port forwarding) solves. ... >>can't get past the client firewall. ... > I don't understand why the server would be making the ... server initiates another connection to the client -- in this ...
    (Debian-User)
  • Re: Can not access Web and FTP sites from Internet
    ... your IP Configuration on the Server is correctly. ... Connecting To 12.208.215.87...Could not open connection to the host, ... 1> From the result, we can see the telnet failed, which means the router ... does not forward Port 443 to SBS Server. ...
    (microsoft.public.windows.server.sbs)