Announcement

Collapse
No announcement yet.

Remote Desktop WEB works local, but not over Internet

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Remote Desktop WEB works local, but not over Internet

    I have Remote Desktop Web Cpnnection installed properly on a SBS 2003 server, and it works just fine locally if I put in -
    https://servername.domain.com/tsweb -- I connect to the server tsweb page, enter the name of an XP Pro w/s that has Remote access enabled, and it connects just fine to the w/s desktop.

    However . . .

    If I access the very same name from the internet, I can connect to the tsweb page after installing the active X, same as usual, and then I can put in the name of the desktop I want to connect to (again same as the one I did locally), but it pops up a message that says it can't connect.

    So, I am thinking that maybe the Remote Desktop WEB connection might be trying to set up a Port 3389 connection through the firewall, or maybe even dynamically allocating a port. If this isn't it, then I don't know what it could be.

    Any ideas, suggestions, thoughts, or at least some free pizza?

  • #2
    Re: Remote Desktop WEB works local, but not over Internet

    First, you need to know that allow access to RDP from outside isnt recommanded.
    If you dont care abount security - You can create a NAT rule in your firewall like:

    Source IP: Any
    Source Port: Any

    Target IP: Internal server IP
    Target Port: TCP 3389

    Further information can be obtain from your firewall documentations.
    Best Regards,

    Yuval Sinay

    LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

    Comment


    • #3
      Re: Remote Desktop WEB works local, but not over Internet

      Yuval,

      I know how to make an RDP connection from an outside PC to an inside PC or Server. That uses the Remote Desktop program and all I have to do is direct port 3389 (or whatever port the internal PC is listening to) through the firewall to the intended PC or Server.

      The question is how to connect using the **WEB** Desktop Connection.

      For this, you are supposed to install the TSWEB program or enable it in Windows 2003 Server. Then you go to https://servername.domain.com/tsweb which brings up a web page similar to the Outlook Web Access sign in page. In that TSWEB page, you enter the name of the Remote Desktop PC you want to connect to and the logon information. Then the IIS web server is supposed to connect you to that desktop THROUGH THE INTERNET EXPLORER page that you have open.

      I assume that it is supposed to work like GoToMyPC - where you need not install a program of any sort on the outside workstation. You need only a browser program such as IE 6 or higher. That is the purpose of using TSWEB instead of the Remote Desktop Connection program. The IIS server makes the connection between the target desktop and the outside workstation.

      The outside workstation connects to the IIS server, and the IIS server connects to the target desktop - sort of as an intermediary.

      The question probably boils down to what ports IIS is using between the outside workstation and the IIS server. Possibly I am wrong about this. Maybe the IIS server is merely setting up a link between the outside workstation and the target desktop, but I was under the impression that there was no need to even have the Remote Desktop Connection program installed on the outside workstation. It is supposed to use the web browser to connect.

      So I guess in order to really troubleshoot this, I need to know exactly how the outside workstation is connecting to the inside target desktop and what is the purpose the IIS server with TSWEB installed.

      Does anybody know how this actually works?

      Comment


      • #4
        Re: Remote Desktop WEB works local, but not over Internet

        Both of these statements are incorrect, but common misconceptions.

        1. The remote computer MUST be able to install the Active-X Remote Desktop Client that is provided by the Remote Desktop Web Connection (AKA TSWEB).

        2. It does not work like GoToMyPc, which works over standard SSL. Remote Desktop works over port 3389 (by default)

        3. The purpose of TSWEB is to provide both an Active-X Remote Desktop Client and the proper configuration information to connect to a Terminal Server or Remote Desktop Host.

        4. The IIS Server hosting TSWeb does NOT connect to or contact the Terminal Server in any way, shape or form. It's only job is to provide the Active-X Remote Desktop Client and the proper configuration information. The TSWEB can be on the public Internet, DMZ or private network, i.e. makes no difference where it's located.

        So to recap:

        Remote client connects to the IIS Server -> IIS Server provides Active-X Remote Desktop Client and the proper configuration information to the client computer (if the client isn't already installed) -> Client uses the connection information in the TSWEB to connect to the defined Terminal Server or Remote Desktop Host over port 3389, or whatever port is defined in the TSWEB Configuration.

        If the firewall is configured properly, one should be able to connect to the Terminal Server with the built-in Remote Desktop Client. If this doesn't work, neither will the Active-X Remote Desktop Client provided by the TSWEB.

        Using an SSL Connection for the TSWEB is pointless, as it offers no added security.

        http://www.sessioncomputing.com/security.htm

        http://www.sessioncomputing.com/how-to.htm


        I have a sample Remote Desktop Web Connection here:

        http://www.sessioncomputing.com/zip/tsweb.zip

        In the default.htm, edit the following line:

        serverName = "WAN_IP_Address_Here"

        More Remote Desktop Web Connection info here:

        http://www.datadr.net/index.php?opti...d=15&Itemid=26





        "I assume that it is supposed to work like GoToMyPC - where you need not install a program of any sort on the outside workstation. You need only a browser program such as IE 6 or higher. That is the purpose of using TSWEB instead of the Remote Desktop Connection program. The IIS server makes the connection between the target desktop and the outside workstation.

        The outside workstation connects to the IIS server, and the IIS server connects to the target desktop - sort of as an intermediary."
        Last edited by Patrick Rouse; 3rd September 2006, 04:42.
        Patrick Rouse
        Microsoft MVP - Terminal Server, Provision Networks VIP
        President - Session Computing Solutions, LLC
        http://www.sessioncomputing.com

        Comment


        • #5
          Re: Remote Desktop WEB works local, but not over Internet

          Patrick,

          That is EXACTLY the kind of info I was looking for. It helps a lot

          You can see that the misconceptions I had about how TSWEB works are what has made this a problem for me. I got those misconceptions from the descriptions by Microsoft and other places that left out the details which yuo explain. In fact, if you go to http://www.petri.com/install_remote_...erver_2003.htm you will see an explanation that reinforces these ideas.

          So, basically you are saying that the client connects to the IIS server. The IIS server runs the active X which starts a (regular) Remote Desktop Connection using RDP over port 3389 to the target desktop, and the client then connects directly to that desktop PC. Correct?

          Where it says, "Run sessions within Internet Explorer" what it really means is START sessions from within Internet Explorer. It still STARTS the Remote Desktop Connection program to create an RDP session, but the actuall session is not running within the IE window.

          I have set up my firewall so that port 3389 traffic is directed ONLY to a specific server listening on port 3389. I direct port 3390 traffic to another server, and so on. But because the client is unable to see the target desktop IP directly because all the desktops and servers are protected behind the firewall, the client is never able to see them in order to connect on any port. If the target desktop PCs were all visible to the Internet (exposed as hell) then it would work.

          But because TSWEB is NOT just like GoToMyPC, it is not a solution for connecting users on the outside of a firewall to their desktop PCs at work.

          Am I correct so far?

          I guess the next question comes under the heading "Finagling things that don't work"

          If I get a PC to listen on port 3390 (for example) and I create a firewall rule to pass all port 3390 traffic to a specific IP address inside the firewall, then I can open the Remote Desktop connection, type in "servername.domain.com:3390" and I get an RDP connection to the target desktop, which is a neat little trick for connecting to more than one server or PC within the LAN from the outside. The problem is, if I try to enter the PC name from the TSWEB connection page with a port number (such as "servername:3390") it gives me an error.

          Is there any way to connect smotthly so the user can put in just a name instead of having to add the port number at the end of the line? Is there any way to start the Remote Desktop Connection from the TSWEB page using a port number?

          Again, thanks a lot for your very informative response. Help like this is the reason I am such a big fan of this web site.

          Comment

          Working...
          X