• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Flummoxed by RDP

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> Flummoxed by RDP Page: [1]
Login
Message << Older Topic   Newer Topic >>
Flummoxed by RDP - 23.Dec.2008 4:25:19 PM   
TimTrace

 

Posts: 119
Joined: 31.Oct.2001
From: St. Louis MO
Status: offline
Greetings,

I've been trying to configure external and internal RDP access to my ISA 2006 SP1 server, while simultaneously publishing a seperate internal RDP host.

Here's what I've done so far:
  • On the ISA server and the internal host, enabled Remote Desktop in System Properties.
  • Changed the ISA's terminal services listening port to 3390 and restarted.  The terminal services configuration is listening to all network adapters (this is the default setting).
  • Used the RDP client on the ISA server to connect to either localhost or the internal IP address of the ISA server.  This works.
  • Built a non-web server protocol publishing rule between the external network and my internal RDP host, using the default RDP protocol definition. This works as expected.

The fun ramped up when I tried to establish RDP connectivity to the ISA Server itself from External or Internal clients.... 
  • Disabled the ISA system policy for terminal server management and built a non-web server protocol publishing rule between the external and internal networks, listening to the internal IP of the ISA server for traffic from the External and Internal networks on a user-defined protocol definition of TCP inbound 3390.  Even after a restart, this did not work.
  • Reenabled the aforementioned system policy, applied the rule to traffic from "Anywhere," and kept my non-web server protocol publishing rule.  It still did not work after a restart.
  • Left the system policy enabled and disabled my non-web server protocol publishing rule.  This, also, did not work, even after a restart.

I've obviously failed to meet my design goal.  Somewhat miserably, I might add.  Can someone please spare a spot of help?

Best regards,

Tim ==

< Message edited by TimTrace -- 23.Dec.2008 4:35:00 PM >
Post #: 1
RE: Flummoxed by RDP - 23.Dec.2008 4:43:17 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi,

Check this article : Administrating ISA Server 2006 Remotely Using MMC and Remote Desktop Connection

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to TimTrace)
Post #: 2
RE: Flummoxed by RDP - 23.Dec.2008 5:01:48 PM   
TimTrace

 

Posts: 119
Joined: 31.Oct.2001
From: St. Louis MO
Status: offline
Thanks for the quick response.  I reviewed the recommended article before posting and I believe that my goal is beyond the discussion therein.

Please, I welcome additional suggestions.

(in reply to elmajdal)
Post #: 3
RE: Flummoxed by RDP - 23.Dec.2008 6:05:26 PM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
Hey,
 
Follow the steps below to have the RDP to your ISA server from External

Change the default port on ISA using the regsitry key as below

Key Name: HKEY_LOCAL_MACHINE\System\CurrentConrolSet\Control\TerminalServer\WinStations\RDP-Tcp
Entry Name: Port Number
Type: REG_DWORD
Enter the 3390 in Data filed

Then, 

1. Restart your ISA box
2. Enable the RDP on ISA Server
3. Create a non-web publishing rule with following configuratio
            Select Server: <Internal IP of your ISA
              Protocol: <Custom Protocol you created with TCP Inbound 3390>
              Network Listener: Select "External"
4. Test it from client on external network

< Message edited by inderjeet -- 23.Dec.2008 6:12:01 PM >


_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to TimTrace)
Post #: 4
RE: Flummoxed by RDP - 23.Dec.2008 6:10:46 PM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
quote:


The fun ramped up when I tried to establish RDP connectivity to the ISA Server itself from External or Internal clients.... 


For External RDP access to your ISA Server check my prev entry

Though to enable the ISA RDP from internal you need not have to disable any system policies. Enable all which you disabled manually under the system policies. Then just go to the "Remote Management Computer" set under the Network Objects > Computers Sets and add a computer or a range of computers you would want to RDP the ISA Server from. Apply the changes and you can do it....

_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to TimTrace)
Post #: 5
RE: Flummoxed by RDP - 29.Dec.2008 10:02:07 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
If access to the firewall over RDP is required, just configure the RDP listener to listen on the internal interface. Then publish that listener to the External Network. System Policy needs to be configured to allow internal users access to the RDP listener on the internal interface.

To publish a second RDP server behind the firewall, then you will need to publish it on a second IP address on the external interface of the firewall, or on an alternate port.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to inderjeet)
Post #: 6
RE: Flummoxed by RDP - 29.Dec.2008 11:13:46 PM   
TimTrace

 

Posts: 119
Joined: 31.Oct.2001
From: St. Louis MO
Status: offline
Thanks to all for the help.  This situation was doubly frustrating for me because I'm not exactly an ISA newbie, I guess I was just brain-locked.

Even now I'm not certain which suggestion worked, but I'm able to RDP to the ISA server itself (on 3390), and to three other internal hosts which I have published on alternate ports by modifying the predefined RDP protocol definition.

Stand by for a new, doubly-confusing topic ...  because I know you guys are counting on me to keep you entertained. 

(in reply to TimTrace)
Post #: 7
RE: Flummoxed by RDP - 30.Dec.2008 11:32:18 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Tim,

you bet! Looking forward to it :)

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to TimTrace)
Post #: 8
RE: Flummoxed by RDP - 30.Dec.2008 11:35:43 AM   
TimTrace

 

Posts: 119
Joined: 31.Oct.2001
From: St. Louis MO
Status: offline
  http://forums.isaserver.org/RDP_Strikes_Back/m_2002078563/tm.htm

(in reply to TimTrace)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> Flummoxed by RDP Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts