+ Post New Thread
Results 1 to 8 of 8
Windows Server 2008 R2 Thread, Getting RDWeb to send over 443 instead of 3389.... in Technical; Hi all, having a bit of a problem at the moment with our RDS Remote Web Access and getting it ...
  1. #1

    Join Date
    Dec 2012
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Getting RDWeb to send over 443 instead of 3389....

    Hi all, having a bit of a problem at the moment with our RDS Remote Web Access and getting it to work with some other organizations firewalls/proxies etc.

    Just a bit of background, the RDS server is setup and running fine, the certificate is installed correctly and users can access the web gateway via https://remote.ourdomain.co.uk/, they can log in and they can run either a published App or click Remote Desktop to load straight into a desktop. All of this works fine.

    We have some members of staff who have been seconded out to work in other partner organizations and I am coming against a problem whereby our remote access isn't being allowed through their proxies/firewall/whatever because when it makes a connection back to our server it does so on port 3389 directly, which is a big no-no. Now i'm under the understanding that the SSL port 443 is a port which will allow the traffic through but i'm a bit stumped at the moment in how to get the traffic routing over that so that it can traverse any firewalls and proxies it comes to without any problems.

    I'm not the greatest with all this RD Web remote access stuff so i'm not entirely sure if ive missed off a simple option, or if the way I have configured it is prohibiting it from being sent out over 443.

    I have 2 rules set up on our Draytek. One is to forward port 3389 on one WAN IP (the one that is pointing to our web access page) to 3389 on the RDS server (if I don't have this setup when a user clicks on the remote desktop link they can't get in, it just thros up an error when trying to connect).
    And another is port forwarding of 443 from the same WAN IP to the same RDS server (if I dont have this setup users can't access our https://remote.ourdomain.co.uk/ )
    I'm not sure if these play any part in all of this.

    I have no idea if this is the correct way to do things but that's how I got it all to work in the first instance and upon looking at a packet tracer I can see that when it does connect it connects on 3389.

    Is anyone able to offer any advice/guidance on how I might get it so that all the data is sent over 443 instead of 3389?

    Thanks.

  2. #2
    Jamman960's Avatar
    Join Date
    Sep 2007
    Location
    London/Kent
    Posts
    987
    Thank Post
    186
    Thanked 194 Times in 156 Posts
    Rep Power
    45
    You need to setup RDGateway between your RD server and router(can be on the same server). once this is in place it'll tunnel the traffic over HTTPS for you and means you don't need to expose port 3389 at all. When connecting via the RDP client directly staff would connect to the internal server name and have the gateway address in the gateway options, the client would then connect to the gateway and then tell it which internal server to connect to and pass the credentials over.

    James

  3. #3

    Join Date
    Dec 2012
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi James, so would that be changed in the RemoteApp Deployment Settings prompt (like below?)

    ff394362.Shields3(en-us,MSDN.10).png

    At the moment I don't have anything specified in here. Would I put remote.ourdomain.co.uk as the server name? Are there any other configuration changes I need to make or is that it?

  4. #4
    Jamman960's Avatar
    Join Date
    Sep 2007
    Location
    London/Kent
    Posts
    987
    Thank Post
    186
    Thanked 194 Times in 156 Posts
    Rep Power
    45
    you'll need to change those settings(if you use RemoteApp) but RD Gateway is a role to be added in addition to the other RD roles. Take a look here - How to set up a Remote Desktop Gateway

    Its been a while since I setup ours unfortunately so I can't remember the exact steps

    James

  5. #5

    Join Date
    Dec 2012
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Think I've managed it actually. I had installed the Gateway Role when I initially created the server. I popped in our remote.domain.co.uk in to the server name on the RemoteApp settings and fired up packet sniffer and then tried connecting up again from a laptop with a dongle. Voila not a 3389 in sight, and it looked as though it was going through 443. I disconnected and tried again and it error'd saying it couldnt find the server so I tried again and it worked!

    Not sure why it was intermittent though but at least I'm getting somewhere (I think!)

  6. #6

    Join Date
    Dec 2012
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks for your help with this.

    Just encountered one last problem. They can access it fine from Windows 7 clients, however the majority of them are based on Windows XP machines. Is there any configuration I need to take into account if the user is coming in from an XP client? Apparantly they can access our 2 published apps (Web pages) fine, but when they click on to load up an actual desktop its throwing up another Username and Pass box and the credentials aren't working.

  7. #7
    Jamman960's Avatar
    Join Date
    Sep 2007
    Location
    London/Kent
    Posts
    987
    Thank Post
    186
    Thanked 194 Times in 156 Posts
    Rep Power
    45
    Take a look at the setup on the Session Host Configuration - it sounds as though you may have the "allow connections only from computers running Remote Desktop with Network Level Authentication" enabled.

    My(other) settings on this screen are -

    Security Layer: Negotiate
    Encryption Layer: Client Compatible

  8. #8

    Join Date
    Feb 2007
    Posts
    196
    Thank Post
    6
    Thanked 8 Times in 8 Posts
    Rep Power
    17
    I'm sure it depends on the version of rdp too from xp machines

SHARE:
+ Post New Thread

Similar Threads

  1. TSWEB port 443 instead of 3389
    By wesleyw in forum Windows Server 2000/2003
    Replies: 1
    Last Post: 15th September 2010, 05:43 PM
  2. Which to Laser to use instead of the HP2600N
    By SimpleSi in forum Hardware
    Replies: 27
    Last Post: 20th January 2010, 11:17 AM
  3. HP - Get up to date for out of date PC trade-in
    By WStore_Dan in forum Our Advertisers
    Replies: 0
    Last Post: 19th May 2009, 09:46 AM
  4. Trying to send hotmail emails over embc - problem
    By Zebadee in forum General Chat
    Replies: 3
    Last Post: 9th May 2008, 09:34 PM
  5. Replies: 1
    Last Post: 23rd February 2007, 12:26 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •