Sign in with
Sign up | Sign in
Your question

How do I allow clients with Remote Desktop inside ISA to a..

Last response: in Windows XP
Share
November 2, 2004 9:37:30 PM

Archived from groups: microsoft.public.backoffice.smallbiz2000,microsoft.public.isa.configuration,microsoft.public.isaserver,microsoft.public.windowsxp.general,microsoft.public.windowsxp.work_remotely (More info?)

All the info I can find on this is about how to access a network or desktop
FROM outside by publishing a terminalservices server, I need to configure
ISA to allow internal clients using XP's Remote Desktop to see an outside
resource on a remote server over the web via the ISA server.

So, XP PC via Remote Desktop to SBS2000 with ISA 2000 to web to external
server with terminal services running.

I have tried everything to try to get access out thru ISA, but just get
error "cant connect". It is allowed through the firewall at the other end,
if I http://ipaddress to it they can see the correct IP trying to get in.

I have tried adding protocol definitions for 3398 via tcp and udp, in and
out,

I have added a destination set for the server at the other end

I have added Server Publishing Rules for tcp/udp 3398#

I have added IP packet filters for 3398 tcp/udp in/out

I have added protocol rules for all the protocol definitiopns to do with RDP
on 3398

In fact I have added allow all to everywhere to everyone which should allow
EVERYTHING, but to no avail

Please help, the quicker the better please because this has been dumped on
me at the last minute and needs to work ASAP!!

Many thanks

Simon

I am sorry to cross post this, but I really do need to get an answer real
quick, so am covering more bases!
Anonymous
November 2, 2004 9:37:31 PM

Archived from groups: microsoft.public.backoffice.smallbiz2000,microsoft.public.isa.configuration,microsoft.public.isaserver,microsoft.public.windowsxp.general,microsoft.public.windowsxp.work_remotely (More info?)

Is that a typo...ie. TCP Port 3398? The default port for Remote Desktop is TCP Port 3389...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

"Simon" <gg@bb.com> wrote in message news:o kJUasQwEHA.2568@TK2MSFTNGP10.phx.gbl...
> All the info I can find on this is about how to access a network or desktop
> FROM outside by publishing a terminalservices server, I need to configure
> ISA to allow internal clients using XP's Remote Desktop to see an outside
> resource on a remote server over the web via the ISA server.
>
> So, XP PC via Remote Desktop to SBS2000 with ISA 2000 to web to external
> server with terminal services running.
>
> I have tried everything to try to get access out thru ISA, but just get
> error "cant connect". It is allowed through the firewall at the other end,
> if I http://ipaddress to it they can see the correct IP trying to get in.
>
> I have tried adding protocol definitions for 3398 via tcp and udp, in and
> out,
>
> I have added a destination set for the server at the other end
>
> I have added Server Publishing Rules for tcp/udp 3398#
>
> I have added IP packet filters for 3398 tcp/udp in/out
>
> I have added protocol rules for all the protocol definitiopns to do with RDP
> on 3398
>
> In fact I have added allow all to everywhere to everyone which should allow
> EVERYTHING, but to no avail
>
> Please help, the quicker the better please because this has been dumped on
> me at the last minute and needs to work ASAP!!
>
> Many thanks
>
> Simon
>
> I am sorry to cross post this, but I really do need to get an answer real
> quick, so am covering more bases!
>
>
Anonymous
November 2, 2004 9:37:31 PM

Archived from groups: microsoft.public.backoffice.smallbiz2000,microsoft.public.isa.configuration,microsoft.public.isaserver,microsoft.public.windowsxp.general,microsoft.public.windowsxp.work_remotely (More info?)

> So, XP PC via Remote Desktop to SBS2000 with ISA 2000 to web to external
> server with terminal services running.

Hi,

You have a SBS 2000 network. Inside the SBS 2000 network you have a XP
workstation.
You want to allow the XP workstation to connect to a server on the Internet
that is running Terminal Services.

Is that correct?

Assuming I have the scenario correct, have you made sure that the ISA
firewall client is installed on the XP machine? Assuming you've run the SBS
2000 Internet Connection Wizard, all you should need to do is to install the
ISA 2000 firewall client on the XP machine.

David Jones
SBS Product Team

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Related resources
Anonymous
November 2, 2004 10:28:46 PM

Archived from groups: microsoft.public.backoffice.smallbiz2000,microsoft.public.isa.configuration,microsoft.public.isaserver,microsoft.public.windowsxp.general,microsoft.public.windowsxp.work_remotely (More info?)

"Simon" <gg@bb.com> wrote in message
news:o kJUasQwEHA.2568@TK2MSFTNGP10.phx.gbl
> All the info I can find on this is about how to access a network or
> desktop FROM outside by publishing a terminalservices server, I need
> to configure ISA to allow internal clients using XP's Remote Desktop
> to see an outside resource on a remote server over the web via the
> ISA server.
>
> So, XP PC via Remote Desktop to SBS2000 with ISA 2000 to web to
> external server with terminal services running.
>
> I have tried everything to try to get access out thru ISA, but just
> get error "cant connect". It is allowed through the firewall at the
> other end, if I http://ipaddress to it they can see the correct IP
> trying to get in.
>
> I have tried adding protocol definitions for 3398 via tcp and udp, in
> and out,
> I have added a destination set for the server at the other end
> I have added Server Publishing Rules for tcp/udp 3398#
> I have added IP packet filters for 3398 tcp/udp in/out
> I have added protocol rules for all the protocol definitiopns to do
> with RDP on 3398
> In fact I have added allow all to everywhere to everyone which should
> allow EVERYTHING, but to no avail

You should be using TCP 3389, not 3398, not UDP.

The port 3389 traffic will emanate from the individual XP clients and go to
the remote server. As far as I can see the SBS2000 server has nothing to do
with it.

--
Robin Walker
rdhw@cam.ac.uk
November 2, 2004 10:54:28 PM

Archived from groups: microsoft.public.backoffice.smallbiz2000,microsoft.public.isa.configuration,microsoft.public.isaserver,microsoft.public.windowsxp.general,microsoft.public.windowsxp.work_remotely (More info?)

OOOPPS!

Yes that is a typo, sorry - it should be 3389

I only mention SBS2000 cos it is running ISA 2000, and that DOES have
something to do with it! I can happily access the remote server from a
different domain without an ISA server in it.


"Robin Walker" <rdhw@cam.ac.uk> wrote in message
news:cm8n1p$1th$1@gemini.csx.cam.ac.uk...
> "Simon" <gg@bb.com> wrote in message
> news:o kJUasQwEHA.2568@TK2MSFTNGP10.phx.gbl
> > All the info I can find on this is about how to access a network or
> > desktop FROM outside by publishing a terminalservices server, I need
> > to configure ISA to allow internal clients using XP's Remote Desktop
> > to see an outside resource on a remote server over the web via the
> > ISA server.
> >
> > So, XP PC via Remote Desktop to SBS2000 with ISA 2000 to web to
> > external server with terminal services running.
> >
> > I have tried everything to try to get access out thru ISA, but just
> > get error "cant connect". It is allowed through the firewall at the
> > other end, if I http://ipaddress to it they can see the correct IP
> > trying to get in.
> >
> > I have tried adding protocol definitions for 3398 via tcp and udp, in
> > and out,
> > I have added a destination set for the server at the other end
> > I have added Server Publishing Rules for tcp/udp 3398#
> > I have added IP packet filters for 3398 tcp/udp in/out
> > I have added protocol rules for all the protocol definitiopns to do
> > with RDP on 3398
> > In fact I have added allow all to everywhere to everyone which should
> > allow EVERYTHING, but to no avail
>
> You should be using TCP 3389, not 3398, not UDP.
>
> The port 3389 traffic will emanate from the individual XP clients and go
to
> the remote server. As far as I can see the SBS2000 server has nothing to
do
> with it.
>
> --
> Robin Walker
> rdhw@cam.ac.uk
>
>
November 3, 2004 4:14:26 AM

Archived from groups: microsoft.public.backoffice.smallbiz2000,microsoft.public.isa.configuration,microsoft.public.isaserver,microsoft.public.windowsxp.general,microsoft.public.windowsxp.work_remotely (More info?)

David

Thanks for this, yes you have understood it exactly! The ISA Firewall Client
is installed on the XP machines, but still cannot connect to the remote
server.Any thought for faultfinding?

This cannot be that rare a situation, yet the info on the web is spares to
say the least!

Simon

"David Jones [MSFT]" <dajones@online.microsoft.com> wrote in message
news:o A6Eq5RwEHA.3840@tk2msftngp13.phx.gbl...
>
> > So, XP PC via Remote Desktop to SBS2000 with ISA 2000 to web to external
> > server with terminal services running.
>
> Hi,
>
> You have a SBS 2000 network. Inside the SBS 2000 network you have a XP
> workstation.
> You want to allow the XP workstation to connect to a server on the
Internet
> that is running Terminal Services.
>
> Is that correct?
>
> Assuming I have the scenario correct, have you made sure that the ISA
> firewall client is installed on the XP machine? Assuming you've run the
SBS
> 2000 Internet Connection Wizard, all you should need to do is to install
the
> ISA 2000 firewall client on the XP machine.
>
> David Jones
> SBS Product Team
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
>
Anonymous
November 3, 2004 5:27:05 PM

Archived from groups: microsoft.public.backoffice.smallbiz2000,microsoft.public.isa.configuration,microsoft.public.isaserver,microsoft.public.windowsxp.general,microsoft.public.windowsxp.work_remotely (More info?)

You're correct, it's an exceedingly common configuration; you're probably
not finding much explicit documentation because it usually just works - it's
not an inherent problem, just something to do with the configuration,
somewhere.

RDP is a really simple protocol to work with, because it's just the one TCP
connection.

Suggestions:

- Check that your ISA rules allow the use of RDP/TS. That's 3389 TCP only.

- For Server Publishing, you need 3389 TCP Inbound only. NB If TS works
from another network, this probably isn't your problem.

- Try other non-web protocols allowed by ISA rules. Try TELNET to an SMTP
server from the client you're trying to RDP from.

- Examine the FWSEXT logs in Program Files\ISA Server\ISALogs at both ends
for possible failure reasons.

- If there are other devices up- or downstream from either ISA server that
might be interfering with the connection process, check the logs there too.

If you need an answer Real Quick, my suggestion is that your best bet is to
open a phone support incident with PSS - they can work through the issue
over the phone with you in realtime.

Hope that helps!

--
http://blogs.msdn.com/tristank/
--
This post is provided "AS-IS", and confers no warranty.


"Simon" <gg@bb.com> wrote in message
news:cm9beq$9ea$1$830fa795@news.demon.co.uk...
> David
>
> Thanks for this, yes you have understood it exactly! The ISA Firewall
> Client
> is installed on the XP machines, but still cannot connect to the remote
> server.Any thought for faultfinding?
>
> This cannot be that rare a situation, yet the info on the web is spares to
> say the least!
>
> Simon
>
> "David Jones [MSFT]" <dajones@online.microsoft.com> wrote in message
> news:o A6Eq5RwEHA.3840@tk2msftngp13.phx.gbl...
>>
>> > So, XP PC via Remote Desktop to SBS2000 with ISA 2000 to web to
>> > external
>> > server with terminal services running.
>>
>> Hi,
>>
>> You have a SBS 2000 network. Inside the SBS 2000 network you have a XP
>> workstation.
>> You want to allow the XP workstation to connect to a server on the
> Internet
>> that is running Terminal Services.
>>
>> Is that correct?
>>
>> Assuming I have the scenario correct, have you made sure that the ISA
>> firewall client is installed on the XP machine? Assuming you've run the
> SBS
>> 2000 Internet Connection Wizard, all you should need to do is to install
> the
>> ISA 2000 firewall client on the XP machine.
>>
>> David Jones
>> SBS Product Team
>>
>> --
>> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>>
>>
>>
>
>
November 3, 2004 8:00:14 PM

Archived from groups: microsoft.public.backoffice.smallbiz2000,microsoft.public.isa.configuration,microsoft.public.isaserver,microsoft.public.windowsxp.general,microsoft.public.windowsxp.work_remotely (More info?)

I have just got back form the site, and it seemed that it was only one
workstation that couldnt make it work! Idiot on site had not tried another
PC DOH! It was the Firewall Client set to Automatically find the server, so
unchecking that made it work. It seems that it would not ever work from the
server so I was wasting my time trying and thinking it was a bigger problem
than it turned out to be!

Now to send them my bill!

Thanks for all your help everybody

..
"Tristan Kington [MSFT]" <tristank@online.microsoft.com> wrote in message
news:eVuy$TVwEHA.2540@TK2MSFTNGP09.phx.gbl...
> You're correct, it's an exceedingly common configuration; you're probably
> not finding much explicit documentation because it usually just works -
it's
> not an inherent problem, just something to do with the configuration,
> somewhere.
>
> RDP is a really simple protocol to work with, because it's just the one
TCP
> connection.
>
> Suggestions:
>
> - Check that your ISA rules allow the use of RDP/TS. That's 3389 TCP
only.
>
> - For Server Publishing, you need 3389 TCP Inbound only. NB If TS works
> from another network, this probably isn't your problem.
>
> - Try other non-web protocols allowed by ISA rules. Try TELNET to an SMTP
> server from the client you're trying to RDP from.
>
> - Examine the FWSEXT logs in Program Files\ISA Server\ISALogs at both
ends
> for possible failure reasons.
>
> - If there are other devices up- or downstream from either ISA server
that
> might be interfering with the connection process, check the logs there
too.
>
> If you need an answer Real Quick, my suggestion is that your best bet is
to
> open a phone support incident with PSS - they can work through the issue
> over the phone with you in realtime.
>
> Hope that helps!
>
> --
> http://blogs.msdn.com/tristank/
> --
> This post is provided "AS-IS", and confers no warranty.
>
>
> "Simon" <gg@bb.com> wrote in message
> news:cm9beq$9ea$1$830fa795@news.demon.co.uk...
> > David
> >
> > Thanks for this, yes you have understood it exactly! The ISA Firewall
> > Client
> > is installed on the XP machines, but still cannot connect to the remote
> > server.Any thought for faultfinding?
> >
> > This cannot be that rare a situation, yet the info on the web is spares
to
> > say the least!
> >
> > Simon
> >
> > "David Jones [MSFT]" <dajones@online.microsoft.com> wrote in message
> > news:o A6Eq5RwEHA.3840@tk2msftngp13.phx.gbl...
> >>
> >> > So, XP PC via Remote Desktop to SBS2000 with ISA 2000 to web to
> >> > external
> >> > server with terminal services running.
> >>
> >> Hi,
> >>
> >> You have a SBS 2000 network. Inside the SBS 2000 network you have a XP
> >> workstation.
> >> You want to allow the XP workstation to connect to a server on the
> > Internet
> >> that is running Terminal Services.
> >>
> >> Is that correct?
> >>
> >> Assuming I have the scenario correct, have you made sure that the ISA
> >> firewall client is installed on the XP machine? Assuming you've run
the
> > SBS
> >> 2000 Internet Connection Wizard, all you should need to do is to
install
> > the
> >> ISA 2000 firewall client on the XP machine.
> >>
> >> David Jones
> >> SBS Product Team
> >>
> >> --
> >> This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> >>
> >>
> >>
> >
> >
>
>
!