Jump to content
RESET Forums (homeservershow.com)

Anywhere Access - Remote Desktop Access not working


Recommended Posts

Since there was no change in my issue between WSE2012 and WSE2012R2, I am rebuilding the server again using WSE2012R2.  Because I am upgrading all of my clients to W8.1E.

Link to post
Share on other sites
  • Replies 46
  • Created
  • Last Reply

Top Posters In This Topic

  • scockman

    21

  • ikon

    10

  • Drashna Jaelre

    7

  • timekills

    4

Top Posters In This Topic

Popular Posts

Glad to hear you're making progress. Yep, one of the 1st basic tests when you run into an issue is to try it using some other hardware, whenever possible, to help isolate the singular cause.

If I want to RDP from the Internet to a client machine on my LAN, I use alternate ports and forward those ports to different computers on my LAN. So, for one client computer with an IP of 192.168.1.99, I will designate port 5678. On my router I will set up a Port Forward from port 5678 to 192.168.1.99:3389. From the Internet, I will start RDP, specify my DomainName:5678 as the destination. When the packets reach my router it changes the port # to 3389 and forwards the packets to 192.168.1.99.

Link to post
Share on other sites

Ikon, in the scenario you mentioned the traffic isn't encrypted unless you first establish a VPN connection and then RDP using internal/LAN addresses, correct?

Link to post
Share on other sites
Drashna Jaelre

That is correct.  

 

Using RDP Gateway encrypts everything, start to finish. And only requires that port 443 be forwarded.

Link to post
Share on other sites

No. Well sort of, but specifically:

 

  1. Win8 Client set byto use DHCP (Router)
  2. Router's DHCP server set to hand out WSE and router as DNS
  3. WSE set to use itself as DNS (this is a must, or you will break the domain basically, and no need to add OpenDNS here)
  4. WSE's DNS server configured for to Forward to use Open DNS:

    DNS Forwarder: http://technet.microsoft.com/en-us/library/cc754941.aspx

  5. Router set to use OpenDNS

 

And most consumer router's DHCP server allows you specify up to three DNS servers. Set the first one to the server (so this is the primary DNS server) and the secondary to ... well, either the router itself, or OpenDNS's IP. If you used the router, then add OpenDNS for the third. Just in case.

 

This will tell clients that they have 2-3 DNS servers. That the first should be the server, and lookups should be done via that. If that server fails/times out, then it hits up the second DNS server. Your router/OpenDNS. This ensures network connectivity, even if your server is down.

 

I set my network up this way as well, but just remind all that this will cause an (ignorable) error in DNS on the server, as it will complain you've set it's own IP as primary DNS.

Link to post
Share on other sites

Ikon, in the scenario you mentioned the traffic isn't encrypted unless you first establish a VPN connection and then RDP using internal/LAN addresses, correct?

 

As Drashna said, "correct".

Link to post
Share on other sites

I have gone back and rebuilt my server again.  This time I went with using WSDC2012 R2 and added the Esssentials Experience to it.  I did this since I also want to play around with the Hyper-V stuff (try the migration with another node I will be bringing online later).  So this is going to be my final build on this - I hope.

 

Anyway here is what I have so far:

1. SERVER - WSDC2012 R2 with AD, DHCP, DNS, Essentials Experience.  (IP Address - 192.168.1.2) - DNS Forwarder configured with OpenDNS

2. ROUTER - pfSense - IP Address 192.168.1.1, its DNS Servers pointing to OpenDNS - DHCP Service DISABLED

3. CLIENT - Windows 8.1 Enterprise getting its IP address from SERVER, Gateway set to ROUTER, DNS set to SERVER, ROUTER, and OpenDNS all set by the DHCP Scope on the SERVER

4. RWA domain name configured to:  <NAME>.remotewebaccess.com

 

Now I am still not able to get RDP to work via the internet.  But like I mention before, if I edit my C:\Windows\system32\drivers\etc\hosts file on the CLIENT and set it to:

192.168.1.2     <NAME>.remotewebaccess.com

then from the CLIENT access <NAME>.remotewebaccess.com from IE, I can connect to the Dashboard via RDP.

 

 

So I am wondering are there logs that I can enable or look at the see if the RDP request is being routed properly?

Is it possible to access the RDP Gateway via GUI or command line to see if it is properly set?

Since I enabled both VPN and RWA, can someone help me in configuring a VPN connection so that I can see if that will work?

Link to post
Share on other sites

Do you have any other roles/features/network activity that is using port 443? My understanding is that Essentials uses and requires exclusive assess to that port for RWA, anywhere access, and VPN. I ran into this problem when I tried to enable the work folders role which also uses 443 by default. Only one or the other would work at the same time, so I had to manually change the port that work folders uses.

Link to post
Share on other sites
Drashna Jaelre

Umm, why edit the host files. That's .... poor form. You have a DNS server. Create a new primary zone of <name>.remotewebaccess.com and add an "A Name" record for it, using "192.168.1.2" as the IP address.  

 

This is EXACTLY the same thing as editing the host files, but much more .... what's the word... rather, less hacky. No editing files, no changing permissions, no UAC prompts. And it works on EVERY computer that uses the server as a DNS server. Simple. Elegant. Survives reinstalls/restore/rollbacks of the clients.

 

As for the gateway, I actually had to check this:

Load up Event Viewer, Go to the "Applications and Services Logs" -> Microsoft -> Windows -> TerminalServices-Gateway. Open the "Operational" log, an filter for Event ID 302. Event 302 is the successful login via the Gatway. And it records the username used and the IP address. Event ID 301. 313 and a few others are failed attempts. And include the same info. 

 

 

And if you set up Anywhere Access, it has set up VPNs for you. I'd recommend using the SSTP protocol, as it runs over Port 443 (shared with HTTPS website, RDP Gateway and itself).

Link to post
Share on other sites

kylejwx - Nothing else is using 443, just the Essentials system.  I have turned off the web access for the WHS 2011 server a full day before I started the new project.

 

Drashna - would I create the new primary zone in the "Forward Lookup Zones"?  I made the attempt to create in the forward lookup zone and it appears to work.

- deleted my hosts file entry, ran ipconfig /flushdns and then tried to ping the name that put there "homeserver.remotewebaccess.com" - could not find host

- created a new primary zone and called it "remotewebaccess.com", clicked through using all of the default selections

- then created one Host (A) record with the name of the domain name that I picked - example "homeserver" and assigned the ip of the server.

- waited about 20 minutes then tried to ping homeserver.remotewebaccess.com from my home client - the ping responds.

 

Now for the VPN connection, I noticed that there was one created on my home client, so I looked at the properties of it and tried to duplicate that on my work notebook.  But when I try to use it on the work notebook using my iphone as a hotspot.  It prompts for credentials but the I am not able to change those. It wants to use my work credentials. It tries to connect but then disconnects. So I do not know if I will be able to use that since my work and home ad domains are two different ones.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...