Cannot connect to client desktops from RWW

Hello,

My network is using SBS 2003 and I have configured RWW to be the primary remote access to the network. I am unable to connect to client computers using remote desktop through RWW, however I am able to RD into the server just fine. The clients are being configured to use remote desktop during client setup and I am able to manage the computers through the Server Management tool, including configuring services for the clients and even viewing their local files. The only thing it seems that I cannot do with the clients is bring up the remote desktop. Does anyone have an idea on how I might fix this issue?

Thanks

-Mike

 

Hello

Hi Mike, this is my first post on here so I will try and be as helpful as I can.
If you are RDP from the WAN/Internet to client PC's on your internal network then you need to forward the outside port 3389 on the firewall to cover your full internal network e.g.; outside public address 82.3.3.1 port 3389 needs to be forwarded to the inside network 192.168.1.0/24 or 192.168.1.0, 255.255.255.255.

If you are connecting internally make sure that;
1. The software firewall on each desktop is turned off, unnecessary behind a hardware firewall.
2. Make sure that the "allow remote connection to this computer" option is selected
3. Make sure in computer management in the local user groups folder that everybody who will be connecting to that machine is listed as an authorised user.

Good luck.

 

Nice to see, but I would make a couple of points as I think there is the potential for someone following some of the advice to end up with a less secure network.

I don't think that is a good idea.

First, I don't think it will work as an external node won't be able to get to 192.168.1.0 address as they are private address and not available from the internet.

Second, if it did work, you have effectively reduced the protection you have users have from internet system accessing the remote desktop to purely there standard username and password. Personally I wouldn't want to open a hole that wide in my network security!

(and by the way, if the mask is match a /24 address, it should be 255.255.255.0)

As with any defense system, defense in depth is always good. Just because you have a gateway firewall, that doesn't mean that internal system firewall are of no use. If you do get an infected system within your network, internal firewalls can significantly reduce the risk of that virus propogating around the network.

And I'd add, make sure you enforce a secure password policy if you are going to allow users to access internal system from the internet.

 

As ReggieB has already said - Very Bad Idea.

Opening such wide holes in your edge firewall is definite no no & I don't think any firewall would allow you to do it [open whole green to be accessed from red].

 

First a simple fix :- have you tried connecting to a remote desktop from within the server remote desktop? That is, you connect to the servers' remote desktop, and then run the Remote Desktop Client on the server to connect into the end client system. If all you need is occasional connection this may well work for you.

I don't use RWW. I'd feel nervous having my main server directly hosting services to the internet. Instead I'd recommend using a good IPSEC VPN to connect to the network and then opening Remote Desktop connections through the VPN. The best VPN solutions I've seen come from hardwall firewalls. On a tight budget some routers do a reasonable job too.

 

Thanks for the responses.

Fortunately I was able to get the problem worked out. It turned out to be a simple matter of the DNS records on my server not properly updating themselves. As a result when the computer name was not being properly resolved to the IP address so that when I would choose the computer to RDP (either via the server or RWW) it was showing a connection couldn't be established because it was trying to access the wrong IP address. I fixed the problem and now we have added more desktops to the network and I am able to access all of the desktops and server from RWW with no problem. Now the next step is to figure out how to use the WOL capabilities of the desktops so that I can have users shut them down at the end of the day and still have remote access available.

Thanks again,

Mike