Help With Remote Desktop on Windows Server 2012

Pulsedriver · 11 Jun 2015 at 17:43

Hey folks, wonder if any of you could assist with a small dilemma!

I am assisting with a company set up, in short, they just need to remote on to a server from an external location (such as home, another site etc) to run a program.

Current set up =

Windows Small Business Server 2003 - Domain Controller - 13 Users

New purchase =

Windows Server 2012 R2 Foundation (this is purely just to be used as an 'access' PC - I was going to get a desktop but for the price of this server it was cheaper to just get this, and it will be on 24/7 so was a better idea I think.

I have added the 2k12 machine on to the domain, and set up Remote Desktop, however, the part I am struggling with, is how to access it remotely?
If I try to RDP from my home PC to the external IP address of the site that the server resides, it takes me to the login screen of their 2003 SBS rather than the 2k12 one.

I am thinking a couple of things;

1) Do I need to get another static external IP and assign it to the new server?

It is setup as;

gateway.companyhostname.biz

and of course I have full access to the web hosting for 'companyname.biz'

Is there any kind of forwarding/redirect I need to do behind the scenes so to speak?

Sorry if this is a jumble of words... I have been struggling with this one today!

Thanks for any help in advance!

hyperseven · 11 Jun 2015 at 17:51

just change the RDP port number on the 2k12 box and connect using IP+port, make sure the router forwards that port on and firewall allows.

tribz · 11 Jun 2015 at 17:52

Just need to set the router to port forward a different port to the new machine.

for example 3389 is in there already and going to the sbs
you could use 3390 and forward it to the new box.

If your router is clever enough, it could remap external 3390 to internal 3389. Drayteks do this. Either that or change the listening port on the 2012 box in the reg.

However, I'd say a much better option would be to do none of the above and use a VPN! Having that sbs box open externally on 3389 must be a bit of a concern!

#Chri5# · 11 Jun 2015 at 22:25

As above, don't expose RDP direct to the Internet (either on the SBS or new server)!

Pulsedriver · 12 Jun 2015 at 15:34

Hi all firstly thank you for your help.

I managed to get it working using the advice provided, and set up like;

1) Changed RDP port on 2k12 box via registry
2) Added rule on router to allow inbound connections
3) Tested using a random PC offsite using the IP

ort method and worked fine using admin login credentials.

I didn't set up the original server, and the open 3389 port that it has is dodgy as you all mention, I guess potentially the 3390 port that I have open is also a security risk? It's a very basic setup, but security is a concern of course, are there any 'dirty' fixes I can use, basically the software developer of the program this whole thing is being used for (to RDP on to the machine with that software on) basically said to use Terminal Services and not VPN.

Could I set an outbound rule on the machine then to only allow certain web traffic to make it more secure? (The program they use will need to send email via Outlook and of course allow remote access via RDP and occasionally, Teamviewer)

#Chri5# · 12 Jun 2015 at 16:03

basically the software developer of the program this whole thing is being used for (to RDP on to the machine with that software on) basically said to use Terminal Services and not VPN.

I would guess that developer meant don't use a VPN and then run the software from the PC which is connected via a VPN.

I would establish a VPN from the remote client, then use RDP to the private IP of the server. That way you aren't exposing the RDP to the unwashed masses and script kiddies on the Internet.

Pulsedriver · 12 Jun 2015 at 17:07

Aha, I see is there a free VPN recommended for the client (2k12 foundation server) ?