Terminal Services

[Guest]

Hello to all,

I apologise if some of my topic relates to other forums but here is the
situaion in order that you can understand:-

Basically, my question relates to terminal services on a Windows 2000 Server.

(1) The scenario:-

One of our clients has Windows 2000 Server, setup via an existing IT Company.

(2) My Goal:-

I need to setup Terminal Services in order that the customer can log in
remotely to the server and use a database program, as well as check other
things.

(3) Current Setup:-

• The server connects directly to a DG814 ADSL modem/router, which in turn
is connected to a FVS318 Prosafe VPN Firewall 8-Port Switch for additional
port connections for users.

• They get internet access etc fine.

• The default gateway is set to 192.168.0.1

(4) What I have done or tested:-

I’m confused as to which of the hardware i.e. the FVS318 or the DG814 is
supplying the default gateway address. I would have thought it was the DG814,
but when entering the ip address of 192.168.0.1 into a web browser, it logs
straight in to the FVS318 Prosafe VPN Firewall 8-Port Switch! I don’t know
how to log into the DG814 ADSL modem/router. I’m confused.

Anyway, I added port 3389 to the FVS318 and forwarded it to the ip address
of the server. I wondered if port 3389 needed adding to the DG814 also, but I
don’t know how to log into this if 192.168.0.1 logs directly into the FVS318.

Terminal services was already installed. I just added the appropriate users
to ‘remote desktop users’ and gave them appropriate permissions in ‘Terminal
Services Configuration’.

When I tested an external terminal services connection to the server it
would not connect.

(5) Basically, my questions are:-

a) Is there anything else I need to do in Windows 2000 Server to be able to
log in remotely?

b) They do not have terminal services licensing. If I manage to get it
working will remote administration mode be sufficient? I do not know how the
existing guy setup Terminal Services.

c) Do you feel that it would be more appropriate to obtain an all-in-one
ADSL router with the appropriate number of ports and do away with the DG814
and FVS318?

d) How do I log into the DG814?

e) Is it likely that the DG814 and/or the FVS318 are the problems? Even
though remote login is the only problem they are having? Everything else is
fine.

A great thanks and appreciation to anyone who takes the time to answer my in
depth questions

Kind regards,
Jeff

 

[Pegasus \(MVP\)]

Lots of questions here! I'll try to answer the ones I can - see below.

Hello to all,

I apologise if some of my topic relates to other forums but here is the
situaion in order that you can understand:-

Basically, my question relates to terminal services on a Windows 2000 Server.

(1) The scenario:-

One of our clients has Windows 2000 Server, setup via an existing IT Company.

(2) My Goal:-

I need to setup Terminal Services in order that the customer can log in
remotely to the server and use a database program, as well as check other
things.

(3) Current Setup:-

. The server connects directly to a DG814 ADSL modem/router, which in turn
is connected to a FVS318 Prosafe VPN Firewall 8-Port Switch for additional
port connections for users.

. They get internet access etc fine.

. The default gateway is set to 192.168.0.1

(4) What I have done or tested:-

I'm confused as to which of the hardware i.e. the FVS318 or the DG814 is
supplying the default gateway address. I would have thought it was the DG814,
but when entering the ip address of 192.168.0.1 into a web browser, it logs
straight in to the FVS318 Prosafe VPN Firewall 8-Port Switch! I don't know
how to log into the DG814 ADSL modem/router. I'm confused.

The Default Gateway says where internal packets should be sent
if their scope is outside your internal subnet (192.168.0). This is
obviously your firewall.

If you don't know your ADSL modem/router's internal IP address
then you should connect some PC directly to it and get it to obtain
an IP address from the modem/router's DHCP server. If the modem/
router is set up correctly then this address would be on a subnet
that is different from 192.168.0.

Anyway, I added port 3389 to the FVS318 and forwarded it to the ip address
of the server. I wondered if port 3389 needed adding to the DG814 also, but I
don't know how to log into this if 192.168.0.1 logs directly into the

FVS318.

I assume your ADSL modem/router acts as a moment only and that
it passes all incoming packets on to a DMZ device, which is your
firewall. If this is correct then there is no need to add any port
forwarding
rules to the ADSL modem/router.

Terminal services was already installed. I just added the appropriate users
to 'remote desktop users' and gave them appropriate permissions in 'Terminal
Services Configuration'.

When I tested an external terminal services connection to the server it
would not connect.

You should start by testing your terminal services internally from some
networked PC by running this command:
telnet YourServer 3389

(5) Basically, my questions are:-

a) Is there anything else I need to do in Windows 2000 Server to be able to
log in remotely?

You have to start Terminal Services.

b) They do not have terminal services licensing. If I manage to get it
working will remote administration mode be sufficient? I do not know how the
existing guy setup Terminal Services.

It should be "Application Mode" but I'm not sure what the
consequences are if it's "Administration Mode".

c) Do you feel that it would be more appropriate to obtain an all-in-one
ADSL router with the appropriate number of ports and do away with the DG814
and FVS318?

Much cheaper to set up the existing ADSL modem/router as a
modem/router (provided that it has port forwarding facilities)
and to connect it to a switch for extra ports.

d) How do I log into the DG814?

By typing its IP address into a browser - see above.

 

[Seahawk60B]

If this is a Windows 2000 Server, there shouldn't be a remote desktop
users group - Are we talking about Windows Server 2003?

If only one user is going to connect at a time, then Remote
Administration mode is sufficient and you don't need additional TS
cals.

I would assume that your configuration is as such:
Internet connects to Router, Router connects to Firewall, Firewall
connects to LAN.

Even though you've opened up 3389 on the firewall, it could still be
blocked by the router. If you can get into the Firewall, it's WAN
configuration should tell you the IP address of the Router. As was
suggested, try the TS session from the LAN side, if that works
properly, but it does not work from outside the network, then it is
definitely a Router/Firewall configuration issue.

If you can determine the IP address of the router, in order to connect
you'll probably need to substitute a PC/laptop for the firewall
temporarily and either assign it the WAN IP of the firewall or if DHCP
is configured on the router, let it pull an address, then you should be
able to connect to the web interface of the router.

If you're going to open up 3389, I would suggest you filter it by
incoming IP so that your server is not open to the world.

 

[Guest]

Thankyou for your replies

If this is a Windows 2000 Server, there shouldn't be a remote desktop
users group - Are we talking about Windows Server 2003?

If only one user is going to connect at a time, then Remote
Administration mode is sufficient and you don't need additional TS
cals.

I would assume that your configuration is as such:
Internet connects to Router, Router connects to Firewall, Firewall
connects to LAN.

Even though you've opened up 3389 on the firewall, it could still be
blocked by the router. If you can get into the Firewall, it's WAN
configuration should tell you the IP address of the Router. As was
suggested, try the TS session from the LAN side, if that works
properly, but it does not work from outside the network, then it is
definitely a Router/Firewall configuration issue.

If you can determine the IP address of the router, in order to connect
you'll probably need to substitute a PC/laptop for the firewall
temporarily and either assign it the WAN IP of the firewall or if DHCP
is configured on the router, let it pull an address, then you should be
able to connect to the web interface of the router.

If you're going to open up 3389, I would suggest you filter it by
incoming IP so that your server is not open to the world.