Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Terminal Services

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Terminal Services Page: [1]
Login
Message << Older Topic   Newer Topic >>
Terminal Services - 25.Apr.2002 10:07:00 PM   
Guest
 I must be missing something... I want to access an internal TS Server through the ISA server via the internet. I have:
1) Created a new Inbound 3389 protocol Definition
2) Published the TS Server using the protocol rule created.
3) Pointed the TS Server gateway to the ISA server internal nic.

I can access the TS Server internally with no problems. I can not access via internet?

Thx for any input!
  Post #: 1
RE: Terminal Services - 27.Apr.2002 1:30:00 PM   
AlexS

 

Posts: 150
Joined: 4.Feb.2002
Status: offline 		The list seem to be correct.

It should work, UNLESS you have TS on ISA box as well! If you DO have TS on the ISA running, configure it to listen on internal address only.

If no TS on ISA, then...

Make sure that you are connecting to external ISA address...

Check ISA log files for blocked packets...

Try to reboot...

(in reply to Guest)
Post #: 2
RE: Terminal Services - 30.Apr.2002 2:57:00 AM   
japerry

 

Posts: 69
Joined: 25.Apr.2002
Status: offline 		The only thing that is unqiue for me on this setup is the ISA is in its own domain as a DC.

Also, I have the default gateway on the ISA server pointing to a local router??? I have not tried to undo the default gateway as it may affect the users. I will try this later.

I do not have TS running on the ISA box.

(in reply to Guest)
Post #: 3
RE: Terminal Services - 30.Apr.2002 5:53:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi JP,

you said "I have the default gateway on the ISA server pointing to a local router??? ". What do you mean *exactly* with that? On which interface is the default gateway set?

The point is that on ISA there can be only *one* default gateway and this must be set at the external interface, *not* the internal interface. This is extremely important! Check out http://www.isaserver.org/pages/tutorials/setting_up_machine_before_isa_installtion.htm .

Now, if your internal network is a routed network (more then one subnet), check out http://www.isaserver.org/pages/tutorials/isanetworks.htm .

HTH,
Stefaan

(in reply to Guest)
Post #: 4
RE: Terminal Services - 30.Apr.2002 10:28:00 PM   
japerry

 

Posts: 69
Joined: 25.Apr.2002
Status: offline 		I took out the internal "default gateway address" and ran the following at a cmd prompt.

Route -p add 192.168.0.0 mask 255.255.255.0 192.168.119.2

The network addresses at the remote locations are as follows: 192.168.50.xxx & 192.168.75.xxx & 192.168.150.xxx & 192.168.200.xxx

The router on the ISA server local nic card side is 192.168.119.2 This router is the access to all of the remote offices.

When I did the above, (route add & remove default gateway)none of the remote offices could access the internet? When I put the default gateway address back into the local ISA nic, everything works??? What am I missing here?

Thx for the input!

(in reply to Guest)
Post #: 5
RE: Terminal Services - 30.Apr.2002 11:22:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi JP,

assuming 192.168.0.0/16 can be considered the whole internal network, then:

1) put 192.168.0.0 - 192.168.255.255 in the LAT

2) define static route for internal network with the command route -p add 192.168.0.0 mask 255.255.0.0 192.168.119.2 (your mask was wrong!)

3) make sure the default gateway of the internal central router (192.168.119.2) points to the ISA internal interface

I suggest you read again the article http://www.isaserver.org/pages/tutorials/isanetworks.htm . It's all in there. [Big Grin]

HTH,
Stefaan

(in reply to Guest)
Post #: 6
RE: Terminal Services - 2.May2002 9:13:00 PM   
japerry

 

Posts: 69
Joined: 25.Apr.2002
Status: offline 		----make sure the default gateway of the internal central router (192.168.119.2) points to the ISA internal interface-----

Hopefully last question - Can there be multiple default gateways for a router? We use a cisco IP Based phone systems that utilizes many of these settings? I was thinking they had it set to point to the phone switch/system....

Thanks for all the info Stefaan!

JP

(in reply to Guest)
Post #: 7
RE: Terminal Services - 2.May2002 9:42:00 PM   
Abraham

 

Posts: 166
Joined: 8.Mar.2002
From: Colombia
Status: offline 		JP

If the Terminal Server is on the same segment as the internal interface of the ISA server, then the default gateway on the Terminal Server must point to the internal interface of the ISA server. If the Terminal Server is on a remote segment from the internal interface of the ISA server, then the ISA server must be an edge router to the Internet. If the ISA server is not an edge router (i.e. all traffic to the Internet flows through ISA server), then you will need to add specific routes to the routers so that the Terminal Server can route packets back to the ISA Server and on to the Internet.

(in reply to Guest)
Post #: 8
RE: Terminal Services - 2.May2002 10:53:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi JP,

oh no... this means also that for Internet access you can only use Web Proxy and Firewall clients! [Eek!]

If you cann't change the Cisco IP Based phone systems routing, then your only option seems to be http://support.microsoft.com/default.aspx?scid=kb;en-us;Q311777 . Read very carefully the note in this KB. [Big Grin]

HTH,
Stefaan

(in reply to Guest)
Post #: 9
RE: Terminal Services - 23.May2002 7:04:00 PM   
japerry

 

Posts: 69
Joined: 25.Apr.2002
Status: offline 		Hi Steefan,

I was out of town for a long time....

Is there any reason why I couldn't use an ip helper at the local router as opposed to the default gateway?

Another issues has also arisen: (Since your are so good!)
Almost every morning the system admin has to reboot the ISA box for internet access to work.... When I look into the logs I see no errors. I have given them a list of things to look for: see if it will ping various addresses, look at services, etc.... I am in the process of removing IIS. Are there items or specific areas to look for in a situation as this? Thx for any input!

JP

(in reply to Guest)
Post #: 10
RE: Terminal Services - 23.May2002 11:37:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi JP,

I only know how to use ip helper for forwarding BOOTP/DHCP and Other UDP Broadcasts. I don't believe it is usable to replace a default gateway. Is Q311777 not a solution?

I've never encountered such a problematic ISA. No indication at all, neither in the event log?
I hope you run ISA SP1. Also, there is a new hotfix for the Web Proxy. Check out http://www.microsoft.com/downloads/Release.asp?ReleaseID=38362 for more info.

BTW --- I only run ISA on a dedicated system (member server) with no other applications on it and have never had stability problems, yet.

HTH,
Stefaan

(in reply to Guest)
Post #: 11

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Terminal Services Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts