Re: TS 2008 Web Access with RDP

Tech-Archive recommends: Fix windows errors by optimizing your registry

"kb" <kb@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:B76B85F3-CC99-417A-9DEB-DF3957C894AB@xxxxxxxxxxxxxxxx
Well... I got the remote app for RDP to work. It passes to itself and to
other machines on the internal network (outside the DMZ).

Yes the TS Gateway is on the Server in the DMZ, it's running all the roles
as of right now for testing.

I can browse to the box internally and can ping it externally via the DNS
record we setup.

Is it required to have port 135 forwarded to the TS Gateway server because
that was the only way I could get the remote apps to work?

The error I'm seeing is only for the External network. From the internal
network I get that the Cert is not valid but again this is all when I click
on the Remote Desktop tab and try it that way.

Thanks,
KB


"Rob Leitman [MSFT]" wrote:

"kb" <kb@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6AEF8606-F8AF-4519-B9E4-0BD8B657C848@xxxxxxxxxxxxxxxx
> Ok so I have a Vista SP1 Client on the out side of my network I'm > trying
> to
> get to connect to a server in my DMZ. The server in the DMZ TSGATE is
> setup
> with TS, TS WEB and TS Remote App. I have an app for RDP which points > to
> the
> TSWEB server itself (2008 SP'ked and patched).
>
> I can get to the server from the internal network and connect to RDP > via
> the
> TS Web Access but I get the "This computer can't connect to the remote
> computer because the Terminal Services Gateway server address is
> unreachable
> or incorrect. Type a vaild server address." error.
>
> I'm stuck... I have the followed all the docs for setting this up but > I'm
> still at the same place. I have created a self signed cert on the > Gateway
> which is all roles at this point and I have even downloaded it to the
> client
> which doesn't seem to take...
>
> Any ideas?


You don't say so here, but I assume the TS Gateway role is also installed on
the server in the DMZ?

Can you browse to the machine, either HTTP or HTTPS? Can you ping the
machine?

Is the error you're seeing only from the internal network? You shouldn't
need to go through the gateway to run your RemoteApps. Can you set Gateway
usage to "Bypass TS Gateway server for local addresses" when publishing the
apps?



I suggest reading the TS Gateway Step-by-Step guide: http://technet.microsoft.com/en-us/library/cc771530.aspx

Rob

.

Relevant Pages

  • Re: Unable to join AD domain from DMZ network
    ... > the captured traffic between the server in DMZ to the DC from internal ... >> unless you lock it down to a specific port. ... >>> authentication from DMZ to 2003 AD internal network. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Gurus: server on perimeter vs. corporate advice
    ... But if you put the Sharepoint in the "DMZ", you would need to open various ... ports to allow communication from the DMZ to the Internal network (I think ... When you "open" such ports for a server that resides in the DMZ, ...
    (microsoft.public.security)
  • Re: Unable to join AD domain from DMZ network
    ... To me that points to something outside the machine (Firewall most likely culprit) ... > the captured traffic between the server in DMZ to the DC from internal ... >>> authentication from DMZ to 2003 AD internal network. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Still having firewall issues
    ... How many subnets are in your SBS internal network? ... > 4) Click Add Adapter and then select Server Local Area Connection. ... No default gateway difined. ... > to the same internal default gateway address as the ISA Server computer. ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows 2K RRAS VPN on DMZ cant authenticate users
    ... Internal network, it's then controlled via ACL's to allow only that server ... DMZ can see the LAN in certain circumstances, ie doing what I'm doing, ... It's a Remote Access VPN with clients connecting to it using PPTP nothing ...
    (microsoft.public.win2000.networking)