Re: Using Remote Desktop From an SBS Domain
- From: "SuperGumby [SBS MVP]" <not@xxxxxxxxxxx>
- Date: Mon, 10 Sep 2007 17:35:33 +1000
most NAT routers do not need anything 'forwarded' to allow traffic when the
connection is initiated from 'inside'.
Also, there is no advantage 'forwarding' 3389 to the PC initiating the
request, it is unlikely local port 3389 is being used.
As is the case with most TCP requests to services (port 80, 25, whatever)
the requesting system uses a random port (normally >1024) to call
remoteIP:80, or remoteIP:3389, indeed very few protocols (if any, can't
think of one, time maybe?) ever use the same port at the initiating vs
terminating end.
If ISA in in the mix it gets both simpler and more complex, with differences
depending on whether the client (outgoing requester) is acting as a NAT or
ISA Firewall Client. In the NAT scenario the client requests of the default
gateway (ISA) and ISA's NAT transposes
NATClient:randomPort1->ISAInternal:3389->ISAExternal:randomPort2->RemoteIP:3389.
With the ISA FWC the request is intercepted at the WinSock level and the ISA
Client shim passes the request to ISA along its secure channel, then ISA
opens a request ISAExternal:randomPort->remoteIP:3389 and returns the
traffic via the secure channel.
"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:OD%23RUE08HHA.1416@xxxxxxxxxxxxxxxxxxxxxxx
After I thought about needing 3389 forwarded on my router to allow me to
Remote Desktop "out" from a workstation on my SBS network to a host XP
machine on another network I have to ask, do I have 3389 forwarded to the
WAN side of my SBS NIC and then SBS/ISA will do the routing to which ever
workstation I'm using? And am I assuming correctly that 3389 both in and
out needs forwarded for TCP?
Thanks
Jeff
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
news:uO8xjDn8HHA.1900@xxxxxxxxxxxxxxxxxxxxxxx
I assume you go the same login failure (Unknown user name or bad password)
when you tried to RDP while attached directly to a port on your router? I
also assume that you disabled the ISA firewall client during this test if
you were using a domain workstation.
Your ISP should be forwarding ALL traffic to you that is destined for
your IP adddress (no filtering or blocking of ports or traffic). This
will allow your router and/or ISA to direct all incoming traffic. They
need to have port 3389 open on their side (both inbound and outbound).
I don't have an Internet IP Address
http://www.homenethelp.com/sharing/private-ip-address.asp
(in the article, Netmeeting is similar to RDP)
"How limiting is it?
If your ISP has you behind a NAT router, there is no way for someone on
the Internet to initiate an IP conversation with your computer. That
means NO SERVERS. You can not run a game server, ftp server or web
server. Outgoing VPN connections will most likely not work so forget
connecting to your office LAN over the Internet. Advanced
teleconferencing programs like NetMeeting will not work. ICQ will not
work correctly as well as MSN Messenger file send/receive. Lastly, some
multi-player games will not even allow you to join a game on the
Internet.
This situation is different than if you ran your own NAT connection
sharing box (like a broadband router) because you have no control over
the ISP NAT router. If it were your own, you could adjust settings in the
router to make most of those applications work properly. "
Looks like you're using Surgardog.com as your ISP. I suspect your
somewhere on the outskirts of Monticello and don't have a lot of ISP
choices in your area. Are there any other non-wireless ISPs available to
you (maybe Verizon DSL)?
--
Merv Porter [SBS-MVP]
============================
"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:eAoWwFm8HHA.1204@xxxxxxxxxxxxxxxxxxxxxxx
I gave your suggestion a try Merv. I tried both on my SBS domain and then
with the same user account connected directly to my router with no luck.
Hopefully next week I can attempt a connection while my ISP watches the
traffic pass through his network and see what we find. He is a Linux
person so we speak different languages but hopefully we can find some
common ground. He has little experience with Windows services and
Operating Systems so I've tried to educate myself as much as possible
with what a Remote Desktop Connection requires, specifically on the
client end. Is there anything special/specific needed on the client end
to make the connection?
Jeff
"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:OOIdMwk8HHA.2208@xxxxxxxxxxxxxxxxxxxxxxx
I will give that a try Merv. One point I don't think I've made in this
post is that when using dialup and actually making the connection I'm
simply disconnecting from the SBS LAN, plugging my dialup modem in and
making Remote Desktop Connecting with the same SBS domain user account.
I will be curious to see what happens with a new domain account though
and post back!
Jeff
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
news:udRr9Sj8HHA.1900@xxxxxxxxxxxxxxxxxxxxxxx
Just curious...
+ Create a domain user with the same username as that required for
the RDP to the University computer. Create a domain user password of
your choice.
+ Log onto a LAN workstation with this username
+ Open RDP and enter the (University) static IP address for the
computer name, as well as the (Univeristy) username and (Univeristy)
password for logon credentials
Question: can you RDP to the external computer with this scenario?
--
Merv Porter [SBS-MVP]
============================
"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:e5q6uMc8HHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
I am in communication with them now. They use NAT and private IP
addresses between me and the Internet and that is as much as I know.
"Claus" <cjobes@xxxxxxxxxxxxx> wrote in message
news:em0wu3b8HHA.3916@xxxxxxxxxxxxxxxxxxxxxxx
No, it wouldn't. There is definitely something on that router or
between the router and the internet. What is between that router and
the internet? Have you talked to your ISP?
--
Claus
"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:OC%23eevb8HHA.464@xxxxxxxxxxxxxxxxxxxxxxx
There is an NAT router supplied by my ISP. I don't know if it's
anything more than that or not. This is a fixed wireless Internet
connection so even after my router there is a large private network
to travel through before I get to the actual Internet. I do have an
SBS RDP Outbound Access Rule in ISA.
I plugged my laptop into my router location and temporarily plugged
in there and still couldn't RDP so I suspect the ISP's router is
where the problem is. But if it's just NAT would it still be
blocking outbound traffic for Remote Desktop?
Thanks
Jeff
"Claus" <cjobes@xxxxxxxxxxxxx> wrote in message
news:eskDuXb8HHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
ISA in a standard configuration would not prevent you from using
Remote Desktop from within your LAN to a computer on the internet.
I do this all the time. Do you by any chance have a firewall
between your SBS WAN and the Internet?
--
Claus
"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:eqjnf5a8HHA.2752@xxxxxxxxxxxxxxxxxxxxxxx
I am narrowing down where the problem is with connecting to an XP
Pro computer that is on a remote network now. I was able to use a
dial-up Internet connection, bypassing my SBS/ISA network all
together. So the machine that I'm trying to connect to is
configured to accept Remote Desktop Connections. Now I just have
to figure what is preventing me from connecting while I'm using my
XP Workstation when connected to my SBS network. Would ISA be
preventing outbound RDP connections or do ports have to be open to
allow me to Remote Desktop out from my SBS network?
I've spent most of the day looking for information regarding the
client end of a Remote Desktop connection and have found little
about it. Maybe it's just not normally an issue.
Thanks for any suggestions.
Jeff
"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:%23GACASX8HHA.4436@xxxxxxxxxxxxxxxxxxxxxxx
I have looked at that article again today and also read through
it yesterday. It goes into detail about how to set the host
computer up (the machine who's desktop I'm wanting to connect to)
but doesn't say much about ports or settings on the client end. I
have no control over the host end but just wanted to be sure I
have things set correctly on the client end to allow this to
work.
Thanks
Jeff
"Ritch_DA" <RitchDA@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:605F7F3E-475B-446B-B179-DA125DD90ECB@xxxxxxxxxxxxxxxx
From what I remember when you install tsweb on your host PC you
can change
the port number you connect to from 80 (default) to a port of
your choice.
Then obviously create the port forward in your router on your
chosen port to
the appropriate IP (local PC's IP) then connect to it in
internet explorer
using the following syntax: http://ipaddress:port/tsweb/
You still need to open 3389.
Have a careful read through those instructions I linked to,
that article
explains exactly how to setup what you are trying to do.
-----------------------------------------------------------------
"Jeff Teel" wrote:
It would appear that way but I'm not sure just how to change
that. This
machine is on a University network and has a public IP address
assigned to
it. I have tried using the IP address in the Computer: box as
well as the
actual domain/computer name of the machine with the same
results. You
sparked a question in my mind about installing tsweb on the
host pc though.
Am I assuming correctly that connecting using a web browser
through ts still
uses port 3389? Either way (using a web browser or the Remote
Desktop
client) does it require any ports to be open on the client
end?
Thanks
Jeff
"Ritch_DA" <RitchDA@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:74C2DFCE-73F1-4B09-918F-BF2A43CA36BA@xxxxxxxxxxxxxxxx
Hi Jeff
I read through very quickly but it sounds like you are
connecting to the
wrong machine.
Good solution is to install tsweb on the host machine,
change the port to
something other than 3389 then connect to the machine via
your browser.
Here's all the info you need:
http://www.microsoft.com/windowsxp/using/networking/expert/northrup_03may16.mspx
Hope that helps
"Jeff Teel" wrote:
I have tested it and I get the message "The system could
not log you on.
Make sure your user name and domain are correct, then type
your password
again. Letters in the password must be typed in the correct
case." I am
positive that the username and password are being put in
correctly. There
are a couple of things that make me question settings. One,
when I get
the
message The system could not log you on........ my
workstation appears to
be
trying to logon to my SBS. The desktop picture thats on my
server shows
and
the Windows Server logon screen appears for me to re-enter
the
credentials.
I'm also getting logon failure errors in my security log
from the server.
I
can however see the connection take place in ISA
Logon Failure:
Reason: Unknown user name or bad password
User Name: test
Domain: network
Logon Type: 10
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: SERVER
Caller User Name: SERVER$
Caller Domain: teelnet
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 5296
Transited Services: -
Source Network Address: 10.10.2.4
Source Port: 60818
Some history about my Internet connection. I have a fixed
wireless
Internet
provider. The provider maintains a large wireless LAN that
uses private
IP
addresses.They have access points located on towers around
the area that
a
device from my location looks at. The Source Network
Address: 10.10.2.4
is
the wireless IP address side of my router. In short my
router has two
NIC's,
the 10.10.2.4 (fixed wireles side) and 192.168.0.x side.
Thanks
Jeff
"Claus" <cjobes@xxxxxxxxxxxxx> wrote in message
news:OXrFkqQ8HHA.5012@xxxxxxxxxxxxxxxxxxxxxxx
did you test it? did it work?
--
Claus
"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in
message
news:%23NvyCJP8HHA.5984@xxxxxxxxxxxxxxxxxxxxxxx
I am attempting to connect to a Windows XP Pro PC on a
totally
different
network from a workstation on my SBS network. I have SBS
2003 SP1 with
ISA
2004. The PC that I'm trying to connect to does have a
static IP
address
and I'm using that for the Computer Name in the Remote
Desktop
Connection
client. I used "telnet xxx.xxx.xxx.xxx 3389" to see if
the remote
workstation was listening on the correct port and it is.
My question,
are
there any ISA adjustments needed on my network in order
for me to
Remote
Desktop out to another XP Pro machine on a different
network over the
Internet? I'm using the c:\windows\system32\mstsc.exe
application to
make
the connection. The remote host does not have Remote
Desktop Web
Connection installed on it.
Thanks
Jeff
.
- References:
- Using Remote Desktop From an SBS Domain
- From: Jeff Teel
- Re: Using Remote Desktop From an SBS Domain
- From: Claus
- Re: Using Remote Desktop From an SBS Domain
- From: Jeff Teel
- Re: Using Remote Desktop From an SBS Domain
- From: Ritch_DA
- Re: Using Remote Desktop From an SBS Domain
- From: Jeff Teel
- Re: Using Remote Desktop From an SBS Domain
- From: Ritch_DA
- Re: Using Remote Desktop From an SBS Domain
- From: Jeff Teel
- Re: Using Remote Desktop From an SBS Domain
- From: Jeff Teel
- Re: Using Remote Desktop From an SBS Domain
- From: Claus
- Re: Using Remote Desktop From an SBS Domain
- From: Jeff Teel
- Re: Using Remote Desktop From an SBS Domain
- From: Claus
- Re: Using Remote Desktop From an SBS Domain
- From: Jeff Teel
- Re: Using Remote Desktop From an SBS Domain
- From: Merv Porter [SBS-MVP]
- Re: Using Remote Desktop From an SBS Domain
- From: Jeff Teel
- Re: Using Remote Desktop From an SBS Domain
- From: Jeff Teel
- Re: Using Remote Desktop From an SBS Domain
- From: Merv Porter [SBS-MVP]
- Re: Using Remote Desktop From an SBS Domain
- From: Jeff Teel
- Using Remote Desktop From an SBS Domain
- Prev by Date: Re: Not able to ping between SBS 2003 and Vista
- Next by Date: RE: No internet for clients
- Previous by thread: Re: Using Remote Desktop From an SBS Domain
- Next by thread: DNS Register Info
- Index(es):
Relevant Pages
|
Loading
