Windows Server 2008 R2 Thread, Getting RDWeb to send over 443 instead of 3389.... in Technical; Hi all, having a bit of a problem at the moment with our RDS Remote Web Access and getting it ...
7th March 2013, 01:06 PM #1
- Rep Power
Getting RDWeb to send over 443 instead of 3389....
Hi all, having a bit of a problem at the moment with our RDS Remote Web Access and getting it to work with some other organizations firewalls/proxies etc.
Just a bit of background, the RDS server is setup and running fine, the certificate is installed correctly and users can access the web gateway via https://remote.ourdomain.co.uk/, they can log in and they can run either a published App or click Remote Desktop to load straight into a desktop. All of this works fine.
We have some members of staff who have been seconded out to work in other partner organizations and I am coming against a problem whereby our remote access isn't being allowed through their proxies/firewall/whatever because when it makes a connection back to our server it does so on port 3389 directly, which is a big no-no. Now i'm under the understanding that the SSL port 443 is a port which will allow the traffic through but i'm a bit stumped at the moment in how to get the traffic routing over that so that it can traverse any firewalls and proxies it comes to without any problems.
I'm not the greatest with all this RD Web remote access stuff so i'm not entirely sure if ive missed off a simple option, or if the way I have configured it is prohibiting it from being sent out over 443.
I have 2 rules set up on our Draytek. One is to forward port 3389 on one WAN IP (the one that is pointing to our web access page) to 3389 on the RDS server (if I don't have this setup when a user clicks on the remote desktop link they can't get in, it just thros up an error when trying to connect).
And another is port forwarding of 443 from the same WAN IP to the same RDS server (if I dont have this setup users can't access our https://remote.ourdomain.co.uk/ )
I'm not sure if these play any part in all of this.
I have no idea if this is the correct way to do things but that's how I got it all to work in the first instance and upon looking at a packet tracer I can see that when it does connect it connects on 3389.
Is anyone able to offer any advice/guidance on how I might get it so that all the data is sent over 443 instead of 3389?
7th March 2013, 01:21 PM #2
You need to setup RDGateway between your RD server and router(can be on the same server). once this is in place it'll tunnel the traffic over HTTPS for you and means you don't need to expose port 3389 at all. When connecting via the RDP client directly staff would connect to the internal server name and have the gateway address in the gateway options, the client would then connect to the gateway and then tell it which internal server to connect to and pass the credentials over.
7th March 2013, 02:31 PM #3
- Rep Power
Hi James, so would that be changed in the RemoteApp Deployment Settings prompt (like below?)
At the moment I don't have anything specified in here. Would I put remote.ourdomain.co.uk as the server name? Are there any other configuration changes I need to make or is that it?
7th March 2013, 02:43 PM #4
you'll need to change those settings(if you use RemoteApp) but RD Gateway is a role to be added in addition to the other RD roles. Take a look here - How to set up a Remote Desktop Gateway
Its been a while since I setup ours unfortunately so I can't remember the exact steps
7th March 2013, 02:56 PM #5
- Rep Power
Think I've managed it actually. I had installed the Gateway Role when I initially created the server. I popped in our remote.domain.co.uk in to the server name on the RemoteApp settings and fired up packet sniffer and then tried connecting up again from a laptop with a dongle. Voila not a 3389 in sight, and it looked as though it was going through 443. I disconnected and tried again and it error'd saying it couldnt find the server so I tried again and it worked!
Not sure why it was intermittent though but at least I'm getting somewhere (I think!)
8th March 2013, 09:50 AM #6
- Rep Power
Thanks for your help with this.
Just encountered one last problem. They can access it fine from Windows 7 clients, however the majority of them are based on Windows XP machines. Is there any configuration I need to take into account if the user is coming in from an XP client? Apparantly they can access our 2 published apps (Web pages) fine, but when they click on to load up an actual desktop its throwing up another Username and Pass box and the credentials aren't working.
8th March 2013, 10:10 AM #7
Take a look at the setup on the Session Host Configuration - it sounds as though you may have the "allow connections only from computers running Remote Desktop with Network Level Authentication" enabled.
My(other) settings on this screen are -
Security Layer: Negotiate
Encryption Layer: Client Compatible
13th March 2013, 10:12 PM #8
- Rep Power
I'm sure it depends on the version of rdp too from xp machines
By wesleyw in forum Windows Server 2000/2003
Last Post: 15th September 2010, 06:43 PM
By SimpleSi in forum Hardware
Last Post: 20th January 2010, 12:17 PM
By WStore_Dan in forum Our Advertisers
Last Post: 19th May 2009, 10:46 AM
By Zebadee in forum General Chat
Last Post: 9th May 2008, 10:34 PM
By pickman in forum Windows
Last Post: 23rd February 2007, 01:26 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)