Remote Web Access, VPN, Remote Desktop Services 1

[JimmyRosa]

Hi there,

I have just set up a SBS 2011 standard server, RWA is up and running, mail and access to files are working, however I need users to be able to access files e.g. open, edit and then save directly to the shared folder location on the server using Remote Web Access.
Does Remote Web Access allow this, I've tested and it just seems that you have to download the file you want to edit, edit and then upload it to the same location?

I understand that you would need to phurchase the premium add on for remote desktop servies at cost, also would you need a seperate server to host this?

I also know that users can connect remotely using ther PC at home to connect to the office PC/LT, the problem I have is that some users don't have a PC at home and take home the office laptop which they would connect to. Tight budget.

What other options do I have with SBS 2011 std?

Also what other ports do I need open for the full use of Remote Web Access with regards to connecting to local PCs etc?

Ports opened on firewall currently are TCP 443 and TCP 3389 for RDP port forward to server.

Clients laptops are Windows 7.

I'm still learning and trying to do as much as I can without asking for help, but I'm a bit stuck on what to do.

Many thanks for any advice give.

James

 

[JimmyRosa]

any one please?

James

 

[ShackDaddy]

The file access functionality for RWA is crap for regular work: yes, you have to download, edit and upload, but it's helpful in a pinch.

To use the premium add-on without having to have an extra server, you would have needed to install a HyperV server first and then you could have virtualized both the SBS and an additional Windows 2008R2 server using the Premium disk. That would have allowed you to set up a terminal/RDS server to give remote users a local desktop. Trying to build an RDS environment at this point is going to cost some $$ as you'd need more hardware, an OS license, and RDS CALs. You'd need the CALs even if you had Premium though.

As far as RWA, you shouldn't need any additional ports. SBS 2008 required tcp 4125 to be opened, but that requirement was dropped with SBS 2011. Are you having trouble getting it working?

Other options: VPN by opening port 1723 and GRE, or you could have a workstation in the office that's expressly for people to connect to from the outside for "short-term" projects.

Dave Shackelford
ThirdTier.net
TrainSignal.com

 

[JimmyRosa]

Hi ShackDaddy,

Thanks for taking the time to reply, very helpful.


The RWA is working ok thanks, I was going to try out the remote PC connection option within RWA and wanted to know if any addtional ports needed to be opened for this?

My understanding of VPN is that it will give the remote user access to the office LAN e.g.
Printers, mapped network drives and connection to the Exchange server via Outlook or any other local server connections.

With regards to having a PC on the LAN for Remote Desktop, what are the benefits over VPN: 1 I can think of is
software use which is installed on the remote PC?

Also I currently use RDP though port 3389 port forward to the server for administration, how would I enable the port forward to the remote machine? Wouldn’t this knock out my current RDP for the server?

I could use a cheap XP box, or if they don’t mind spending a little more than a windows 7 box for the remote connection, what would be the maximum current connections, 2 connections at the same time for remote users?
Is GRE also configured on the firewall router, I'm not familiar with it?

Thanks a lot,
Jimmy

 

[ShackDaddy]

Benefits of VPN: "It's just like you're in the office, only slower. Sometimes a LOT slower." I can map drives and attempt to run client-server apps hosted on servers in my office.

Downsides: You are adding non-domain joined systems, some of them used by teenagers and without antivirus installed, onto your internal network. Plus, if one of these workstations is already compromised and then is connected to your network via an authenticated connection, the hackers don't even need any passwords: you've just opened a direct pre-authenticated channel to your resources.

Notes: you don't need to have a VPN to open up Outlook from home and connect it to the office. That's what Outlook Anywhere does for you, as long as you take the time to get a cheap public certificate.

In general it's much better to connect to an in-house workstation and use it remotely than to try and turn a remote workstation into an in-house system.

You don't need port 4125 for RWA on SBS 2011. SBS 2008 did, but SBS 2011 does not.

As far as your question about port-forwarding: SBS 2011 has something called Remote Desktop Gateway included with it. That means that you can create an RDP shortcut at home that just has your internal workstation name defined in the "Computer" field. You can then go into Options -> Advanced and configure the "Connect from Anywhere" settings and enter the public name of your SBS 2011 server. When you save this shortcut and use it to connect, your RDP connection will be proxied by the SBS box straight to the workstation you specified on the first general tab.

Dave Shackelford
ThirdTier.net
TrainSignal.com

 

[kurio71]

Has anyone got a self-signed cert to work with remote access?

Level 1 Support Technician

 

[JimmyRosa]

Hey ShackDaddy, Kurio71,

I have tried to get the remote connection working but contiune to receive this error:

"Your computer can't connect to the remote computer because the remote desktop gateway server is temporaily unavailable"

Have any of you got this remote connection working?

I phurchased a GoDaddy SSL certificate today and still no joy?

I must be doing something wrong?

Do you need to install the server cert in differnt areas on the server?

Cheers,
JR

 

[ShackDaddy]

Did you install the certificate using the SBS wizard, or did you do it some other way? The wizard should have plugged it in properly to the Remote Desktop Gateway settings.

Dave Shackelford
ThirdTier.net
TrainSignal.com

 

[JimmyRosa]

Hi SD,

I will install again though the SBS wizard and let you know.

Cheers,
JR