Flummoxed by RDP (Full Version)

All Forums >> [ISA 2006 General] >> General



Message


TimTrace -> Flummoxed by RDP (23.Dec.2008 4:25:19 PM)

Greetings,

I've been trying to configure external and internal RDP access to my ISA 2006 SP1 server, while simultaneously publishing a seperate internal RDP host.

Here's what I've done so far:
  • On the ISA server and the internal host, enabled Remote Desktop in System Properties.
  • Changed the ISA's terminal services listening port to 3390 and restarted.  The terminal services configuration is listening to all network adapters (this is the default setting).
  • Used the RDP client on the ISA server to connect to either localhost or the internal IP address of the ISA server.  This works.
  • Built a non-web server protocol publishing rule between the external network and my internal RDP host, using the default RDP protocol definition. This works as expected.

The fun ramped up when I tried to establish RDP connectivity to the ISA Server itself from External or Internal clients.... 
  • Disabled the ISA system policy for terminal server management and built a non-web server protocol publishing rule between the external and internal networks, listening to the internal IP of the ISA server for traffic from the External and Internal networks on a user-defined protocol definition of TCP inbound 3390.  Even after a restart, this did not work.
  • Reenabled the aforementioned system policy, applied the rule to traffic from "Anywhere," and kept my non-web server protocol publishing rule.  It still did not work after a restart.
  • Left the system policy enabled and disabled my non-web server protocol publishing rule.  This, also, did not work, even after a restart.

I've obviously failed to meet my design goal.  Somewhat miserably, I might add.  Can someone please spare a spot of help?

Best regards,

Tim ==




elmajdal -> RE: Flummoxed by RDP (23.Dec.2008 4:43:17 PM)

Hi,

Check this article : Administrating ISA Server 2006 Remotely Using MMC and Remote Desktop Connection




TimTrace -> RE: Flummoxed by RDP (23.Dec.2008 5:01:48 PM)

Thanks for the quick response.  I reviewed the recommended article before posting and I believe that my goal is beyond the discussion therein.

Please, I welcome additional suggestions.




inderjeet -> RE: Flummoxed by RDP (23.Dec.2008 6:05:26 PM)

Hey,
 
Follow the steps below to have the RDP to your ISA server from External

Change the default port on ISA using the regsitry key as below

Key Name: HKEY_LOCAL_MACHINE\System\CurrentConrolSet\Control\TerminalServer\WinStations\RDP-Tcp
Entry Name: Port Number
Type: REG_DWORD
Enter the 3390 in Data filed

Then, 

1. Restart your ISA box
2. Enable the RDP on ISA Server
3. Create a non-web publishing rule with following configuratio
            Select Server: <Internal IP of your ISA
              Protocol: <Custom Protocol you created with TCP Inbound 3390>
              Network Listener: Select "External"
4. Test it from client on external network




inderjeet -> RE: Flummoxed by RDP (23.Dec.2008 6:10:46 PM)

quote:


The fun ramped up when I tried to establish RDP connectivity to the ISA Server itself from External or Internal clients.... 


For External RDP access to your ISA Server check my prev entry

Though to enable the ISA RDP from internal you need not have to disable any system policies. Enable all which you disabled manually under the system policies. Then just go to the "Remote Management Computer" set under the Network Objects > Computers Sets and add a computer or a range of computers you would want to RDP the ISA Server from. Apply the changes and you can do it....




tshinder -> RE: Flummoxed by RDP (29.Dec.2008 10:02:07 AM)

If access to the firewall over RDP is required, just configure the RDP listener to listen on the internal interface. Then publish that listener to the External Network. System Policy needs to be configured to allow internal users access to the RDP listener on the internal interface.

To publish a second RDP server behind the firewall, then you will need to publish it on a second IP address on the external interface of the firewall, or on an alternate port.

HTH,
Tom




TimTrace -> RE: Flummoxed by RDP (29.Dec.2008 11:13:46 PM)

Thanks to all for the help.  This situation was doubly frustrating for me because I'm not exactly an ISA newbie, I guess I was just brain-locked.

Even now I'm not certain which suggestion worked, but I'm able to RDP to the ISA server itself (on 3390), and to three other internal hosts which I have published on alternate ports by modifying the predefined RDP protocol definition.

Stand by for a new, doubly-confusing topic ...  because I know you guys are counting on me to keep you entertained.  [:)]




tshinder -> RE: Flummoxed by RDP (30.Dec.2008 11:32:18 AM)

Hi Tim,

you bet! Looking forward to it :)

Tom




TimTrace -> RE: Flummoxed by RDP (30.Dec.2008 11:35:43 AM)

[:D] [:D] http://forums.isaserver.org/RDP_Strikes_Back/m_2002078563/tm.htm




Page: [1]