Port 3389 (RDP) to go through another companys proxy/firewall....

R.O.S.S.I

R.O.S.S.I

R.O.S.S.I

Soldato
Joined
16 Nov 2002
Posts
11,292
Location
The Moon
Hi all, I'm having a bit of trouble at the moment with our Windows Remote Desktop Services implementation and some proxy issue.

Basically I want it set up so that our remote users who work from another site occasionally (owned by another company) can access their desktop/shared drives etc.

I've successfully set up the RDS system so that people can access through our web portal and it works fine apart from at the other companys office where they say it works but it is bypassing their proxy and going straight out on port 3389.

Now upon speaking to their IT, they are saying that it needs to connect through their proxy for it to be an allowed application on their LAN, rather than connecting straight out on port 3389.

Does anyone know a way to resolve this? Is it some config at their end as I believe the default port for RDP is 3389 so i'm not sure how i'm forcing it to bypass any proxies?
 
Why is it going out on 3389? Shouldnt it be going out on 443?

I'm assuming RDS is working externally ok on https/443, if so do they have the TS gateway address set in their RDP settings?
 
tribz said:
Why is it going out on 3389? Shouldnt it be going out on 443?

I'm assuming RDS is working externally ok on https/443, if so do they have the TS gateway address set in their RDP settings?
Click to expand...

They connect through our web access which is https://remote.domain.com/rdweb - log in with windows credentials etc it loads a desktop for them etc.

The web aspect of it I assume goes through 443, but the actual RDP will be 3389 which is the default port for RDP.
 
R.O.S.S.I said:
They connect through our web access which is https://remote.domain.com/rdweb - log in with windows credentials etc it loads a desktop for them etc.

The web aspect of it I assume goes through 443, but the actual RDP will be 3389 which is the default port for RDP.
Click to expand...

No, the RDP on Gateway services is tunnelled through 443 so thats the only port that needs opening.

If they can access any secure web page, they should be able to access the RD server. I'll post some screenshots in a min which shows the client settings.
 
Cool thanks, wonder why he is saying that when he is trying to access it the connection is going out directly on 3389 and is bypassing their proxy?!
 
Does it work externally for everyone else with just 443 open, ie no 3389 open on router/firewall?

Edit, snipped pictures because irrelevant
 
Last edited:
It works for me when I try and log in from home, works for other users from home. I don't think the issue is it not working, its the issue of it not routing through their proxy.

So basically they're going to the web access page, logging in to it and then noting that it is trying to connect directly to us on 3389. I'm not even sure I set it up to connect on that port - everythings pretty much default.

I have just noticed a port redirection on our router here though which is directing traffic on externalIP:3389 to the internal serverIP:3389 - could this be the problem?
There's also one set up for 443 aswell on the same internal and external ip as the 3389 one.
 
Last edited:
I'd switch that off as its not needed over TS/RD gateway services.

I think it probably is working over 443 and theyre just getting their knickers in a twist because theyre being bypassed.
 
No this needs to be done through Windows RDS really, I set it up for this sole purpose, its a more streamlined and easy to use for end users.
 
The RD/TS gateway would be slicker from an end user point of view.

I think you'll need to check the RD settings to see if you've missed anything. I dont know much about pure RD gateways as I only see them on SBS boxes so I never need to get into the nuts and bolts of it.

Hopefully someone can jump in with more experience than me with the actual setup.

http://www.rayheffer.com/953/building-a-remote-desktop-gateway-rdg-rd-gateway-server/
 
Ive just gone over most of them but can't really see what the issue is :(

There is one section in the RD Gateway Manager, under Resource Authorization Policies which talks about Allowed Ports for that policy, and it is set to only allow connections through TCP 3389, the other 2 options are to allow through any port, and to specify ports.
 
Hi all, sorry to dig up an old thread, does anyone know of any way in which I could get this to work?

Basically the RDS connection works, he can connect through our web gateway but apparently the traffic isn't being routed through their proxy, it is trying to connect direct on port 3389.

Is there any way you can make Windows Remote Desktop Services proxy aware?! I cant believe that something like this hasnt been factored in and is probably a very simple option I've overlooked.
 
R.O.S.S.I said:
Hi all, sorry to dig up an old thread, does anyone know of any way in which I could get this to work?

Basically the RDS connection works, he can connect through our web gateway but apparently the traffic isn't being routed through their proxy, it is trying to connect direct on port 3389.
Click to expand...

I'm pretty sure that is by design. The web gateway is only a connection broker.
 
You must log in or register to reply here.
Back
Top Bottom