Windows RDS....Can't access externally?!

R.O.S.S.I · 11 Jul 2012 at 15:27

Hi all, recently looked at rolling out Windows RDS to our company and after setting it up and it looking as though its running fine internally (getting users to connect up to the server through thin clients etc), i'm having a problem getting the external Web Access functioning properly.

It's basically just set up at the moment with a Remote Desktop icon so users can just click this when they log into the web access page which should take them direct onto the server on their account.

The problem I'm having is that for some reason when people are clicking this it is basically saying 'Remote Desktop cannot find computer .....' as per the screenshot below.

Does anyone know why this is happening for external users? It works fine when I go to the site on our internal network, but its kinda useless on working internally!

Thanks.

ubern00b · 11 Jul 2012 at 15:42

Firewall? I assume there is a firewall between you and the outside. You probably have to add the internal server IP to the firewall (and necessary ports) to allow outside clients visability.

tribz · 11 Jul 2012 at 17:51

Have you got port 443 open inbound on your router to the TS gateway server (and also on windows firewall)? Also, is the RDP client on the desktop configured to use the gateway address?

I normally just use the computer name rather than the internal FQDN and let the TS gateway do the rest.

R.O.S.S.I · 11 Jul 2012 at 20:05

ubern00b - We don't have a hardware firewall as such. We've got a Draytek 2820n. Would it be port 443 or would it be 3388/89 for RDP that I need to allow through?

tribz - not sure exactly what you mean by that, is that what i've described above? Also not sure what you mean about the RDP client on the users desktop. It shouldn't need configuring as the RDS Web Access should point him to the right machine shouldn't it?

Rangler · 11 Jul 2012 at 20:17

Your problem is the FQDN of the server your trying to reach.
Your publishing your server using its internal Domain.LOCAL address which is why it works fine internally but not from the outside world.
Id suggest you setup a TSGW server setup public facing then you can use that to connect "through" into your internal network.

Google is your friend but if you get stuck PM me and i'll drop you some links.

tribz · 11 Jul 2012 at 21:11

I assumed you had terminal services gateway installed. This would act as the gateway to rdp into your machines form outside over port 443. If your just coming into 1 server and not the desktops, set a rule for 3389 on the draytek pointing at your server and connect to it on your external ip address, not your internal FQDN.

If the purpose is to allow remote access into their own machines then a TS gateway would be better.

R.O.S.S.I · 11 Jul 2012 at 22:24

Hmmmm I'll have to check the RD Gateway tomorrow then to see if there is any config I can change. And also see if there is anything I can set up on the router!

R.O.S.S.I · 12 Jul 2012 at 17:07

Couldn't see anything blindingly obvious in the RDS Gateway options etc.

Anyone any more ideas? I'm stumped!

tribz · 12 Jul 2012 at 19:35

Have a look at this http://www.rayheffer.com/953/building-a-remote-desktop-gateway-rdg-rd-gateway-server/

Don't forget to put 443 in your draytek nat/port redirection settings to your server and also the windows firewall.

R.O.S.S.I · 18 Jul 2012 at 14:50

Hmmm followed that guide through and people still can't get to it. The port forwarding looks as though its set up right too as I can get to the web access pages, its just when we click on the app it brings up that error!

Yamahahahahaha · 18 Jul 2012 at 15:17

DNS Passthrough isn't working by the looks of it.

Why not set up RAS and RDP in 'internally' over a PPTP VPN?
Infact RAS probably has the settings you need to make this work anyway...

Malt_Vinegar · 18 Jul 2012 at 15:35

As above, seems like DNS related to me.

Looks like the web-page is forwarding the local DNS name, and this means nothing to the external client.

I thought that RDS gateway took care of this... Do you need to use a certificate?

R.O.S.S.I · 18 Jul 2012 at 15:52

Malt_Vinegar said:
As above, seems like DNS related to me.

Looks like the web-page is forwarding the local DNS name, and this means nothing to the external client.

I thought that RDS gateway took care of this... Do you need to use a certificate?

Not sure?

We've got an SSL cert for the site if thats what you mean?

How do I go about configuring it so the it forwards local DNS name?

Sorry for the n00bness, its all new territory for me this!

101001101 · 20 Jul 2012 at 22:30

Definately looks like DNS issue, should'nt you be connecting to this through some kind of VPN or secure tunnel?

R.O.S.S.I · 21 Jul 2012 at 11:24

Hi guys, managed to sort this, was such a simple setting id over looked in the RemoteApp settings. I'd put the internal DNS name in rather than the external FQDN to connect to.

Chucked it in and bam, working!

Thanks for all your help and suggestions!