Re: Access to Terminal Services server via internet RDP

Dear Jeff

What we have at present is

A public IP of 212.xxx.xxx.xxx

A Draytek Vigor 2600 ADSL Router with address 192.168.0.1
Forwards appropriate ports to 192.168.0.101

A Windows 2003 Server with one card address 192.168.0.101
'internal' card 10.0.0.250

Routing and remote access running between these two cards

Exchange runs fine on this server.

In my initial scenario port 3389 was forwarded using routing to Windows 2000
Terminal Server at 10.0.0.253

I then changed to point to Windows 2003 Terminal Server at 10.0.0.254, which
just gets blocked somewhere. As the Windows 2003 Terminal Server is
accessible internally my suspicion was that 2003 machine somehow detetects
packets are from public internet and blocks them from Terminal Server.

I can find no references to this problem on Google et al. As the machine is
a demoted Domain Controller I am thinking of re-installing it from scratch.

BTW We are only a small company (10 employees) so run everything (currently)
on the single (gateway) server.



"Jeff Pitsch" wrote:

No, what your describing is not a typical setup.

I would not put two NIC's in the terminal server. Windows does not
handle dual homes server well at all and you'll be manually setting up
your routing tables. How are you going through the DC? Is it setup as
a router? If so, I would highly recommend investing in a small scale
router to put in it's place or a new switch. Either way you'll be alot
happier.

Jeff Pitsch
Microsoft MVP - Terminal Server
Citrix Technology Professional
Provision Networks VIP

Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com

Steve Booth wrote:
Because it seemed simpler at the time for various reasons (no of Cat5 sockets
in the server room) and it worked for Windows 2000 Terminal server. I am just
testing at present to make sure it is worth buying the licences for our US
office to access our server.

If you think it would solve the problem I do have a second card in the
Windows 2003 Terminal server i could connect straight to the router. I guess
I will need routing setup on between the cards - I assume it is a stanard
setup.

Regards
Steve Booth

"Jeff Pitsch" wrote:

What do you mean your port forwarding through the router and DC? why
are you not simply going from the router to the terminal server?

Jeff Pitsch
Microsoft MVP - Terminal Server
Citrix Technology Professional
Provision Networks VIP

Forums not enough?
Get support from the experts at your business
http://jeffpitschconsulting.com

Steve Booth wrote:
My question is very similiar to a question raised on 4/24/2006 by Barry which
seemed to have no conclusion!

However I am fortunate in having more information.

I am trying to connect to a Windows 2003 terminal server inside our network.
I am forwarding 3389 through our router and a Windows 2003 Domain Controller
to the terminal server on address 10.0.0.254. Using telnet from the internet
i can see the connection is being refused. I can connect to this terminal
server from inside the network.

The interesting additional fact is that i can successfully connect to a
Windows 2000 terminal server running on address 10.0.0.253 from the internet.

Any help in resolving this issue would be very gratefully received.





.