How do I allow clients with Remote Desktop inside ISA to access external server? URGENT, please help

[Simon]

All the info I can find on this is about how to access a network or desktop
FROM outside by publishing a terminalservices server, I need to configure
ISA to allow internal clients using XP's Remote Desktop to see an outside
resource on a remote server over the web via the ISA server.

So, XP PC via Remote Desktop to SBS2000 with ISA 2000 to web to external
server with terminal services running.

I have tried everything to try to get access out thru ISA, but just get
error "cant connect". It is allowed through the firewall at the other end,
if I http://ipaddress to it they can see the correct IP trying to get in.

I have tried adding protocol definitions for 3398 via tcp and udp, in and
out,

I have added a destination set for the server at the other end

I have added Server Publishing Rules for tcp/udp 3398#

I have added IP packet filters for 3398 tcp/udp in/out

I have added protocol rules for all the protocol definitiopns to do with RDP
on 3398

In fact I have added allow all to everywhere to everyone which should allow
EVERYTHING, but to no avail

Please help, the quicker the better please because this has been dumped on
me at the last minute and needs to work ASAP!!

Many thanks

Simon

I am sorry to cross post this, but I really do need to get an answer real
quick, so am covering more bases!

 

[Sooner Al]

Is that a typo...ie. TCP Port 3398? The default port for Remote Desktop is TCP Port 3389...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

 

[Robin Walker]

All the info I can find on this is about how to access a network or
desktop FROM outside by publishing a terminalservices server, I need
to configure ISA to allow internal clients using XP's Remote Desktop
to see an outside resource on a remote server over the web via the
ISA server.

So, XP PC via Remote Desktop to SBS2000 with ISA 2000 to web to
external server with terminal services running.

I have tried everything to try to get access out thru ISA, but just
get error "cant connect". It is allowed through the firewall at the
other end, if I http://ipaddress to it they can see the correct IP
trying to get in.

I have tried adding protocol definitions for 3398 via tcp and udp, in
and out,
I have added a destination set for the server at the other end
I have added Server Publishing Rules for tcp/udp 3398#
I have added IP packet filters for 3398 tcp/udp in/out
I have added protocol rules for all the protocol definitiopns to do
with RDP on 3398
In fact I have added allow all to everywhere to everyone which should
allow EVERYTHING, but to no avail

You should be using TCP 3389, not 3398, not UDP.

The port 3389 traffic will emanate from the individual XP clients and go to
the remote server. As far as I can see the SBS2000 server has nothing to do
with it.

 

[Simon]

OOOPPS!

Yes that is a typo, sorry - it should be 3389

I only mention SBS2000 cos it is running ISA 2000, and that DOES have
something to do with it! I can happily access the remote server from a
different domain without an ISA server in it.

 

[David Jones [MSFT]]

So, XP PC via Remote Desktop to SBS2000 with ISA 2000 to web to external
server with terminal services running.

Hi,

You have a SBS 2000 network. Inside the SBS 2000 network you have a XP
workstation.
You want to allow the XP workstation to connect to a server on the Internet
that is running Terminal Services.

Is that correct?

Assuming I have the scenario correct, have you made sure that the ISA
firewall client is installed on the XP machine? Assuming you've run the SBS
2000 Internet Connection Wizard, all you should need to do is to install the
ISA 2000 firewall client on the XP machine.

David Jones
SBS Product Team

 

[Simon]

David

Thanks for this, yes you have understood it exactly! The ISA Firewall Client
is installed on the XP machines, but still cannot connect to the remote
server.Any thought for faultfinding?

This cannot be that rare a situation, yet the info on the web is spares to
say the least!

Simon

 

[Tristan Kington [MSFT]]

You're correct, it's an exceedingly common configuration; you're probably
not finding much explicit documentation because it usually just works - it's
not an inherent problem, just something to do with the configuration,
somewhere.

RDP is a really simple protocol to work with, because it's just the one TCP
connection.

Suggestions:

- Check that your ISA rules allow the use of RDP/TS. That's 3389 TCP only.

- For Server Publishing, you need 3389 TCP Inbound only. NB If TS works
from another network, this probably isn't your problem.

- Try other non-web protocols allowed by ISA rules. Try TELNET to an SMTP
server from the client you're trying to RDP from.

- Examine the FWSEXT logs in Program Files\ISA Server\ISALogs at both ends
for possible failure reasons.

- If there are other devices up- or downstream from either ISA server that
might be interfering with the connection process, check the logs there too.

If you need an answer Real Quick, my suggestion is that your best bet is to
open a phone support incident with PSS - they can work through the issue
over the phone with you in realtime.

Hope that helps!

 

[Simon]

I have just got back form the site, and it seemed that it was only one
workstation that couldnt make it work! Idiot on site had not tried another
PC DOH! It was the Firewall Client set to Automatically find the server, so
unchecking that made it work. It seems that it would not ever work from the
server so I was wasting my time trying and thinking it was a bigger problem
than it turned out to be!

Now to send them my bill!

Thanks for all your help everybody

..