How do I allow clients with Remote Desktop inside ISA to a..

Archived from groups: microsoft.public.backoffice.smallbiz2000,microsoft.public.isa.configuration,microsoft.public.isaserver,microsoft.public.windowsxp.general,microsoft.public.windowsxp.work_remotely (More info?)

All the info I can find on this is about how to access a network or desktop
FROM outside by publishing a terminalservices server, I need to configure
ISA to allow internal clients using XP's Remote Desktop to see an outside
resource on a remote server over the web via the ISA server.

So, XP PC via Remote Desktop to SBS2000 with ISA 2000 to web to external
server with terminal services running.

I have tried everything to try to get access out thru ISA, but just get
error "cant connect". It is allowed through the firewall at the other end,
if I http://ipaddress to it they can see the correct IP trying to get in.

I have tried adding protocol definitions for 3398 via tcp and udp, in and
out,

I have added a destination set for the server at the other end

I have added Server Publishing Rules for tcp/udp 3398#

I have added IP packet filters for 3398 tcp/udp in/out

I have added protocol rules for all the protocol definitiopns to do with RDP
on 3398

In fact I have added allow all to everywhere to everyone which should allow
EVERYTHING, but to no avail

Please help, the quicker the better please because this has been dumped on
me at the last minute and needs to work ASAP!!

Many thanks

Simon

I am sorry to cross post this, but I really do need to get an answer real
quick, so am covering more bases!
7 answers Last reply
More about clients remote desktop inside
  1. Archived from groups: microsoft.public.backoffice.smallbiz2000,microsoft.public.isa.configuration,microsoft.public.isaserver,microsoft.public.windowsxp.general,microsoft.public.windowsxp.work_remotely (More info?)

    Is that a typo...ie. TCP Port 3398? The default port for Remote Desktop is TCP Port 3389...

    --
    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no rights...

    "Simon" <gg@bb.com> wrote in message news:OkJUasQwEHA.2568@TK2MSFTNGP10.phx.gbl...
    > All the info I can find on this is about how to access a network or desktop
    > FROM outside by publishing a terminalservices server, I need to configure
    > ISA to allow internal clients using XP's Remote Desktop to see an outside
    > resource on a remote server over the web via the ISA server.
    >
    > So, XP PC via Remote Desktop to SBS2000 with ISA 2000 to web to external
    > server with terminal services running.
    >
    > I have tried everything to try to get access out thru ISA, but just get
    > error "cant connect". It is allowed through the firewall at the other end,
    > if I http://ipaddress to it they can see the correct IP trying to get in.
    >
    > I have tried adding protocol definitions for 3398 via tcp and udp, in and
    > out,
    >
    > I have added a destination set for the server at the other end
    >
    > I have added Server Publishing Rules for tcp/udp 3398#
    >
    > I have added IP packet filters for 3398 tcp/udp in/out
    >
    > I have added protocol rules for all the protocol definitiopns to do with RDP
    > on 3398
    >
    > In fact I have added allow all to everywhere to everyone which should allow
    > EVERYTHING, but to no avail
    >
    > Please help, the quicker the better please because this has been dumped on
    > me at the last minute and needs to work ASAP!!
    >
    > Many thanks
    >
    > Simon
    >
    > I am sorry to cross post this, but I really do need to get an answer real
    > quick, so am covering more bases!
    >
    >
  2. Archived from groups: microsoft.public.backoffice.smallbiz2000,microsoft.public.isa.configuration,microsoft.public.isaserver,microsoft.public.windowsxp.general,microsoft.public.windowsxp.work_remotely (More info?)

    > So, XP PC via Remote Desktop to SBS2000 with ISA 2000 to web to external
    > server with terminal services running.

    Hi,

    You have a SBS 2000 network. Inside the SBS 2000 network you have a XP
    workstation.
    You want to allow the XP workstation to connect to a server on the Internet
    that is running Terminal Services.

    Is that correct?

    Assuming I have the scenario correct, have you made sure that the ISA
    firewall client is installed on the XP machine? Assuming you've run the SBS
    2000 Internet Connection Wizard, all you should need to do is to install the
    ISA 2000 firewall client on the XP machine.

    David Jones
    SBS Product Team

    --
    This posting is provided "AS IS" with no warranties, and confers no rights.
  3. Archived from groups: microsoft.public.backoffice.smallbiz2000,microsoft.public.isa.configuration,microsoft.public.isaserver,microsoft.public.windowsxp.general,microsoft.public.windowsxp.work_remotely (More info?)

    "Simon" <gg@bb.com> wrote in message
    news:OkJUasQwEHA.2568@TK2MSFTNGP10.phx.gbl
    > All the info I can find on this is about how to access a network or
    > desktop FROM outside by publishing a terminalservices server, I need
    > to configure ISA to allow internal clients using XP's Remote Desktop
    > to see an outside resource on a remote server over the web via the
    > ISA server.
    >
    > So, XP PC via Remote Desktop to SBS2000 with ISA 2000 to web to
    > external server with terminal services running.
    >
    > I have tried everything to try to get access out thru ISA, but just
    > get error "cant connect". It is allowed through the firewall at the
    > other end, if I http://ipaddress to it they can see the correct IP
    > trying to get in.
    >
    > I have tried adding protocol definitions for 3398 via tcp and udp, in
    > and out,
    > I have added a destination set for the server at the other end
    > I have added Server Publishing Rules for tcp/udp 3398#
    > I have added IP packet filters for 3398 tcp/udp in/out
    > I have added protocol rules for all the protocol definitiopns to do
    > with RDP on 3398
    > In fact I have added allow all to everywhere to everyone which should
    > allow EVERYTHING, but to no avail

    You should be using TCP 3389, not 3398, not UDP.

    The port 3389 traffic will emanate from the individual XP clients and go to
    the remote server. As far as I can see the SBS2000 server has nothing to do
    with it.

    --
    Robin Walker
    rdhw@cam.ac.uk
  4. Archived from groups: microsoft.public.backoffice.smallbiz2000,microsoft.public.isa.configuration,microsoft.public.isaserver,microsoft.public.windowsxp.general,microsoft.public.windowsxp.work_remotely (More info?)

    OOOPPS!

    Yes that is a typo, sorry - it should be 3389

    I only mention SBS2000 cos it is running ISA 2000, and that DOES have
    something to do with it! I can happily access the remote server from a
    different domain without an ISA server in it.


    "Robin Walker" <rdhw@cam.ac.uk> wrote in message
    news:cm8n1p$1th$1@gemini.csx.cam.ac.uk...
    > "Simon" <gg@bb.com> wrote in message
    > news:OkJUasQwEHA.2568@TK2MSFTNGP10.phx.gbl
    > > All the info I can find on this is about how to access a network or
    > > desktop FROM outside by publishing a terminalservices server, I need
    > > to configure ISA to allow internal clients using XP's Remote Desktop
    > > to see an outside resource on a remote server over the web via the
    > > ISA server.
    > >
    > > So, XP PC via Remote Desktop to SBS2000 with ISA 2000 to web to
    > > external server with terminal services running.
    > >
    > > I have tried everything to try to get access out thru ISA, but just
    > > get error "cant connect". It is allowed through the firewall at the
    > > other end, if I http://ipaddress to it they can see the correct IP
    > > trying to get in.
    > >
    > > I have tried adding protocol definitions for 3398 via tcp and udp, in
    > > and out,
    > > I have added a destination set for the server at the other end
    > > I have added Server Publishing Rules for tcp/udp 3398#
    > > I have added IP packet filters for 3398 tcp/udp in/out
    > > I have added protocol rules for all the protocol definitiopns to do
    > > with RDP on 3398
    > > In fact I have added allow all to everywhere to everyone which should
    > > allow EVERYTHING, but to no avail
    >
    > You should be using TCP 3389, not 3398, not UDP.
    >
    > The port 3389 traffic will emanate from the individual XP clients and go
    to
    > the remote server. As far as I can see the SBS2000 server has nothing to
    do
    > with it.
    >
    > --
    > Robin Walker
    > rdhw@cam.ac.uk
    >
    >
  5. Archived from groups: microsoft.public.backoffice.smallbiz2000,microsoft.public.isa.configuration,microsoft.public.isaserver,microsoft.public.windowsxp.general,microsoft.public.windowsxp.work_remotely (More info?)

    David

    Thanks for this, yes you have understood it exactly! The ISA Firewall Client
    is installed on the XP machines, but still cannot connect to the remote
    server.Any thought for faultfinding?

    This cannot be that rare a situation, yet the info on the web is spares to
    say the least!

    Simon

    "David Jones [MSFT]" <dajones@online.microsoft.com> wrote in message
    news:OA6Eq5RwEHA.3840@tk2msftngp13.phx.gbl...
    >
    > > So, XP PC via Remote Desktop to SBS2000 with ISA 2000 to web to external
    > > server with terminal services running.
    >
    > Hi,
    >
    > You have a SBS 2000 network. Inside the SBS 2000 network you have a XP
    > workstation.
    > You want to allow the XP workstation to connect to a server on the
    Internet
    > that is running Terminal Services.
    >
    > Is that correct?
    >
    > Assuming I have the scenario correct, have you made sure that the ISA
    > firewall client is installed on the XP machine? Assuming you've run the
    SBS
    > 2000 Internet Connection Wizard, all you should need to do is to install
    the
    > ISA 2000 firewall client on the XP machine.
    >
    > David Jones
    > SBS Product Team
    >
    > --
    > This posting is provided "AS IS" with no warranties, and confers no
    rights.
    >
    >
    >
  6. Archived from groups: microsoft.public.backoffice.smallbiz2000,microsoft.public.isa.configuration,microsoft.public.isaserver,microsoft.public.windowsxp.general,microsoft.public.windowsxp.work_remotely (More info?)

    You're correct, it's an exceedingly common configuration; you're probably
    not finding much explicit documentation because it usually just works - it's
    not an inherent problem, just something to do with the configuration,
    somewhere.

    RDP is a really simple protocol to work with, because it's just the one TCP
    connection.

    Suggestions:

    - Check that your ISA rules allow the use of RDP/TS. That's 3389 TCP only.

    - For Server Publishing, you need 3389 TCP Inbound only. NB If TS works
    from another network, this probably isn't your problem.

    - Try other non-web protocols allowed by ISA rules. Try TELNET to an SMTP
    server from the client you're trying to RDP from.

    - Examine the FWSEXT logs in Program Files\ISA Server\ISALogs at both ends
    for possible failure reasons.

    - If there are other devices up- or downstream from either ISA server that
    might be interfering with the connection process, check the logs there too.

    If you need an answer Real Quick, my suggestion is that your best bet is to
    open a phone support incident with PSS - they can work through the issue
    over the phone with you in realtime.

    Hope that helps!

    --
    http://blogs.msdn.com/tristank/
    --
    This post is provided "AS-IS", and confers no warranty.


    "Simon" <gg@bb.com> wrote in message
    news:cm9beq$9ea$1$830fa795@news.demon.co.uk...
    > David
    >
    > Thanks for this, yes you have understood it exactly! The ISA Firewall
    > Client
    > is installed on the XP machines, but still cannot connect to the remote
    > server.Any thought for faultfinding?
    >
    > This cannot be that rare a situation, yet the info on the web is spares to
    > say the least!
    >
    > Simon
    >
    > "David Jones [MSFT]" <dajones@online.microsoft.com> wrote in message
    > news:OA6Eq5RwEHA.3840@tk2msftngp13.phx.gbl...
    >>
    >> > So, XP PC via Remote Desktop to SBS2000 with ISA 2000 to web to
    >> > external
    >> > server with terminal services running.
    >>
    >> Hi,
    >>
    >> You have a SBS 2000 network. Inside the SBS 2000 network you have a XP
    >> workstation.
    >> You want to allow the XP workstation to connect to a server on the
    > Internet
    >> that is running Terminal Services.
    >>
    >> Is that correct?
    >>
    >> Assuming I have the scenario correct, have you made sure that the ISA
    >> firewall client is installed on the XP machine? Assuming you've run the
    > SBS
    >> 2000 Internet Connection Wizard, all you should need to do is to install
    > the
    >> ISA 2000 firewall client on the XP machine.
    >>
    >> David Jones
    >> SBS Product Team
    >>
    >> --
    >> This posting is provided "AS IS" with no warranties, and confers no
    > rights.
    >>
    >>
    >>
    >
    >
  7. Archived from groups: microsoft.public.backoffice.smallbiz2000,microsoft.public.isa.configuration,microsoft.public.isaserver,microsoft.public.windowsxp.general,microsoft.public.windowsxp.work_remotely (More info?)

    I have just got back form the site, and it seemed that it was only one
    workstation that couldnt make it work! Idiot on site had not tried another
    PC DOH! It was the Firewall Client set to Automatically find the server, so
    unchecking that made it work. It seems that it would not ever work from the
    server so I was wasting my time trying and thinking it was a bigger problem
    than it turned out to be!

    Now to send them my bill!

    Thanks for all your help everybody

    ..
    "Tristan Kington [MSFT]" <tristank@online.microsoft.com> wrote in message
    news:eVuy$TVwEHA.2540@TK2MSFTNGP09.phx.gbl...
    > You're correct, it's an exceedingly common configuration; you're probably
    > not finding much explicit documentation because it usually just works -
    it's
    > not an inherent problem, just something to do with the configuration,
    > somewhere.
    >
    > RDP is a really simple protocol to work with, because it's just the one
    TCP
    > connection.
    >
    > Suggestions:
    >
    > - Check that your ISA rules allow the use of RDP/TS. That's 3389 TCP
    only.
    >
    > - For Server Publishing, you need 3389 TCP Inbound only. NB If TS works
    > from another network, this probably isn't your problem.
    >
    > - Try other non-web protocols allowed by ISA rules. Try TELNET to an SMTP
    > server from the client you're trying to RDP from.
    >
    > - Examine the FWSEXT logs in Program Files\ISA Server\ISALogs at both
    ends
    > for possible failure reasons.
    >
    > - If there are other devices up- or downstream from either ISA server
    that
    > might be interfering with the connection process, check the logs there
    too.
    >
    > If you need an answer Real Quick, my suggestion is that your best bet is
    to
    > open a phone support incident with PSS - they can work through the issue
    > over the phone with you in realtime.
    >
    > Hope that helps!
    >
    > --
    > http://blogs.msdn.com/tristank/
    > --
    > This post is provided "AS-IS", and confers no warranty.
    >
    >
    > "Simon" <gg@bb.com> wrote in message
    > news:cm9beq$9ea$1$830fa795@news.demon.co.uk...
    > > David
    > >
    > > Thanks for this, yes you have understood it exactly! The ISA Firewall
    > > Client
    > > is installed on the XP machines, but still cannot connect to the remote
    > > server.Any thought for faultfinding?
    > >
    > > This cannot be that rare a situation, yet the info on the web is spares
    to
    > > say the least!
    > >
    > > Simon
    > >
    > > "David Jones [MSFT]" <dajones@online.microsoft.com> wrote in message
    > > news:OA6Eq5RwEHA.3840@tk2msftngp13.phx.gbl...
    > >>
    > >> > So, XP PC via Remote Desktop to SBS2000 with ISA 2000 to web to
    > >> > external
    > >> > server with terminal services running.
    > >>
    > >> Hi,
    > >>
    > >> You have a SBS 2000 network. Inside the SBS 2000 network you have a XP
    > >> workstation.
    > >> You want to allow the XP workstation to connect to a server on the
    > > Internet
    > >> that is running Terminal Services.
    > >>
    > >> Is that correct?
    > >>
    > >> Assuming I have the scenario correct, have you made sure that the ISA
    > >> firewall client is installed on the XP machine? Assuming you've run
    the
    > > SBS
    > >> 2000 Internet Connection Wizard, all you should need to do is to
    install
    > > the
    > >> ISA 2000 firewall client on the XP machine.
    > >>
    > >> David Jones
    > >> SBS Product Team
    > >>
    > >> --
    > >> This posting is provided "AS IS" with no warranties, and confers no
    > > rights.
    > >>
    > >>
    > >>
    > >
    > >
    >
    >
Ask a new question

Read More

Remote Desktop Microsoft Servers Windows XP