I have ISA Server running on Windows 2000 Terminal services, Internel network clients connect to the terminal server but external clients cannot connect. They can ping the server but cannot connect to load a terminal services session.
Client running RDP client 5 error message:
---- Remote desktop disconnected
The connection was ended because of a network error. Please try connecting to the remote computer again. -----
Have followed KB Q275210 but not working. Any suggestions?
I hope you mean 'I have Terminal Services running in Administrative mode on ISA'!
This are the configuration steps:
1) create a RDP Server Protocol Definition: TCP port 3389 Inbound.
2) make sure that the Terminal Service is only bound to the ISA internal interface. In Terminal Service Configuration, under the node connections select RDP-Tcp Properties and the tab Network Adapter. There you can choose to which adapter the service must bind.
3) create the RDP Server Publishing Rule. You might want to limit access to the rule to a limited set of addresses based on a client address set.
BTW --- whenever possible, try to avoid packet filters!
ISA server is a firewall and should not be included in your server consolidation project. I think what you are trying to do is *not* a supported configuration and it is for sure not a recommended setup.
BTW --- if you would use another firewall Checkpoint, Pix or Netscreen, would you still try to do that? I don't think! Why trying then to abuse ISA server with such a setup?
From: Iowa, corn is good for you.
I hope you will still read this post. I have recieved the same (or similar) error message. I first followed the steps in Tom's book for only listening on the internal interface and then use server publishing. I also changed the port number (in the registry of ISA, the publishing rule and the client connection). This did not work. So then I disabled the publishing rule and created the appropriate packet filter (and set TS to listen on all interfaces instead of just internal). It still does not work. I have been trying to connect from my work PC using the network, the ISA is at remote location. I have not tried dial-up yet. A couple of other things that may be relevent: the external side of ISA is a DSL modem in PCI slot, it does not show up in the listing of interfaces in TS properties>network adapter. The only options are my internal nic or "all". I can connect through the LAN no problem. I've searched all appropriate articles here and on tech net and can't seem to find the cause of failure.
I have no first hand experience with dial-up connections on ISA.
In fact, I always use ISA with a plain Ethernet interface on the external side. The physical connection to the ISP (dial-up, DSL, PPPOE, etc.) is then handled by a router who takes care of all the necessary connection steps. That has saved me a lot of trouble! So, I'm not well placed to give you advice on integrated dial-up interfaces in ISA. Hopefully someone else drops in to help you further.
From: Iowa, corn is good for you.
Thanks Stefaan. A little clarification: I am using a DSL modem, but it is an always-on connection. However, being a modem, when doing an ipconfig /all it is listed as a PPP adapter. This is why I was wondering if TS is not using it as a "listening" interface. Anyway, thanks again. Mark