RDC to domain client from external location

[LRB45]

SO I'm sure this is something totally easy that I am missing but I just can't figure it out.

I have a SBS2003 domain with XP Pro clients that I would like to be able to connecto to remotely via RDC without setting up a VPN connection. I am able to connect via RDC internally and if a have a VPN tunnel established so I am confident the remote connection policy is working.
How do I identify the specific Client I want to connect to in the RDC connection box.

Let's say my External Static IP is 0.1.2.3 and the internal is 10.10.10.x
Computers are named as: JohnS

Thanks for the help.

 

[LRB45]

Wanted to add that I am aware of RWW but would like to bypass it and connect directly to the client of possible

 

[ShackDaddy]

I don't think you can do that with Windows 2003. The SBS 2003 box is not a true TermServ proxy like TSGateway in SBS 2008 and RDGateway in SBS 2011. I don't remember every being able to do this before SBS 2008.

Assuming it would work though, and treating it like a Windows 2008 RDP Client connection, you'd want to put the internal name or IP of the workstation in the main connect field, and in the RDP client tabs, you'd go to Advanced -> Connect From Anywhere settings and put in the external name of your server. That way it would connect to that proxy and then ask to be routed to the internal name/IP of the system you are trying to connect to.

Dave Shackelford
ThirdTier.net
TrainSignal.com

 

[LRB45]

Looks like you are correct that it does not wrk with 2003. I entered our extrernal server IP into Advanced -> Connect From Anywhere settings and it returns the error:
"This computer can't connect to the remote computer because the Terminal Services Gateway server address requested and the certificate name do not match."

We have been considering a Technology refresh so maybe if that happens I'll try again.

Thanks for the help

 

[kurio71]

Just out of curiosity, can you enter the public DNS name?

Level 1 Support Technician

 

[LRB45]

So trying the DOmain name instead of exposed IP returns
"This computer can't connect to the remote computer because Terminal Services Gateway server's certificate is expired or revoked

 

[kurio71]

Is it possible to issue a new certificate? We usually connect via VPN and RDC to the workstation but RWW is a much better solution.

Level 1 Support Technician

 

[LRB45]

I can try a new certificate to see if that helps.
My main reason is I have to do a fair amount of remote assistance with our internal people and from a mobile it's a lot easier to go straight in rather than using RWW like I have been. And Logmein lags so bad that i hate to use it.

 

[kurio71]

Try a new cert only used Citrix on my iPhone which I found great.

Level 1 Support Technician

 

[laytoncy]

LRB45 are you using any firewall or router? I just did something like this with a Cisco ASA 5505 but on an internal Windows 7 client. You can change the port that the client responds to RDC calls from 3389 to say 3390. Then on the router you need to use PAT and open external port to something like 52222 and have it forward to 3390. You could do this with most any router I would think that supports port redirection.

 

[ShackDaddy]

Just to describe what laytoncy suggested from a non-Cisco standpoint:

As long as your firewall supports port redirection, you can pick a non-standard port like 3390 and publish that port on your firewall and redirect it to port 3389 on the IP of a specific workstation. On the firewalls I work with (SonicWall/Watchguard/NetGear) I never need to worry about a PAT rule.

For clients that are trying to connect to workstations using iPads or Macs (on which RD Gateway redirection and RWW doesn't work natively) this is a pretty common solution.

Dave Shackelford
ThirdTier.net
TrainSignal.com