Isa 2006 all current updates as of this posting running on Server 2003 R2 SP2 with all current updates. Management system is listed with proper IP in the “Remote Management” systems and Terminal services access is enabled in “system Policies”. The server properties of Server 2003 for enable remote desktop are checked off. When connecting from the management system to the ISA box via RDP I cannot connect, in the firewall logs it shows me connecting and not denied. However from the same system I can browse the local system drive via the admin share and ping the ISA server without any issue. I have this same issue also happening with a second ISA 2006 firewall in a different network. Any help would be greatly appreciated!
It seems as though my wording has been misunderstood, where I come from “Checked off” means just that, there is a check in the box, hence it is enabled on the host OS and is not the reason why this is not working. Thank you for your prompt replies!
I checked the registry key for both ISA 2006 servers and fDenyTSConnections is already set to 0. Went through your steps, which I have done many times on many ISA installs and I haven’t missed a thing. As I said the system policy is enabled and the ip I am using is part of the Remote Management Group and the system firewall logs show it connecting and not denied, however RDP does not connect. All the other remote management defaults work but this one. At this point it looks as though it may be tied into an update because a fresh install works and then after all updates of OS and ISA the RDP no longer works without a single change to anything on the system but the updates. Any thoughts as to which update may be causing this?
From: Lebanese in Kuwait
Have you checked my article ??
On ISA itself, go to the Terminal Services Configuration and make sure that the RDP-TCP connection is only bound to the ISA Internal interface (Properties -> Network Adapter).
To do this, click on Start > Administrative Tools > Terminal Services Configuration, from the left panel click the Connection node > then on the right page, right click the RDP-TCP then click on properties > click on the Network Adapters Tab and then from the drop down list , choose the Internal NIC
Yes I have read your article, however there are two issues here with what you have outlined, I need to manage from two different interfaces on the box, and the second is that on a clean install with Server 2003 R2 SP2 & ISA 2006 and no other updates I can manage the server from both of the internal network interfaces via RDP without any configuration beyond the defaults from the base installation. This configuration you mention works, and since these updates does solve the issue of RDP connection to the ISA server, however it keeps me from selecting all adapters and using two internal NIC’s for management via RDP. This is why I have posed the more precise question as to whether anyone knows which update causes this change in functionality, given yes it makes it more secure but there are those situations you also need it to be more robust too. Another note, I have not tried but just came to thought, if I make two RDP connections rather than having just one which would allow for both NIC’s in essence to be selected for RDP and not having to use “All network interfaces” within a single defined connection would you see this as a viable solution? I will try shortly to see if it is in fact viable. I figured I would pose the question while I am thinking of it.
I got the same error after installing sp 4 for sql. But my ISA server is on a remote location, so connecting through the console is not possible. Is it possible to apply your solution from remote machine?
To be clear, all other management tools work, I can ping, remotely use the console, connect to admin shares, computermanagement and registry editor, but cannot get a rdp session which worked fine before the upgrade and needed reboot.