Unable to connect TSWeb client through a firewall

  • Thread starter Thread starter James Shymko
  • Start date Start date
J

James Shymko

I know this question has been done to death, but here's a
new twist:

I've set up a Win2K Server with Terminal Services Web
(Admin Mode, not full app mode - I need to manage the
server remotely).
- The Default Web site has been disabled for security
reasons.
- As per KB Article #154596, I've moved the RPC ports to
5000-5999.
- As per KB Article #187623, I've moved the RDP port to
1000.
- I've moved the Default.htm page and msrdp.cab file to
another web server (it automatically links to the TSWeb
server).
- As per KB Article # 326945, I've reconfigured
the .RDPPort in Default.htm to use port 1000.
- I have reconfigured the Netgear firewall to pass port
1000 to the TSWeb server (port 80 already goes to the
other web server with default.htm page).

Here's the problem: When I hit the webserver from my
Intranet client, everything works peachy. However, when I
try from a workstation on the Internet, I can hit the Web
server with the default.htm page (and it loads perfectly)
and it fires up the ActiveX control (perfectly!) but I
always get a "remote connection has timed out" error.

Is there another port that needs to be opened up for the
Web client to work? Or is there something on the TSWeb
server that needs to be changed to allow Internet clients
to hit it?

BTW: the gateway IP on the TSWeb server does point to the
LAN IP of the firewall - so traffic is going in and out
via the same firewall.

HELP!
 
Try changing the serverName in the default.htm to reflect the WAN Ip Address of your Firewall. This will make it work from the internet, but not on your Internal Network

If you have the remote desktop client software there is no need to use the Remote Desktop Web Connection, so as the RDWC is just a delivery engine for the ActiveX control, it doesn't offer any added security or features. I rarely use the RDWC anymore, but here's some how tos on customizing the RDWC

http://www.workthin.com/tshta.htm#RemoteDesktopWebConnectio

Patrick Rous
Microsoft MVP - Terminal Serve
http://www.workthin.co

----- James Shymko wrote: ----

I know this question has been done to death, but here's a
new twist

I've set up a Win2K Server with Terminal Services Web
(Admin Mode, not full app mode - I need to manage the
server remotely)
- The Default Web site has been disabled for security
reasons
- As per KB Article #154596, I've moved the RPC ports to
5000-5999
- As per KB Article #187623, I've moved the RDP port to
1000
- I've moved the Default.htm page and msrdp.cab file to
another web server (it automatically links to the TSWeb
server)
- As per KB Article # 326945, I've reconfigured
the .RDPPort in Default.htm to use port 1000
- I have reconfigured the Netgear firewall to pass port
1000 to the TSWeb server (port 80 already goes to the
other web server with default.htm page)

Here's the problem: When I hit the webserver from my
Intranet client, everything works peachy. However, when I
try from a workstation on the Internet, I can hit the Web
server with the default.htm page (and it loads perfectly)
and it fires up the ActiveX control (perfectly!) but I
always get a "remote connection has timed out" error.

Is there another port that needs to be opened up for the
Web client to work? Or is there something on the TSWeb
server that needs to be changed to allow Internet clients
to hit it

BTW: the gateway IP on the TSWeb server does point to the
LAN IP of the firewall - so traffic is going in and out
via the same firewall

HELP
 
Actually, I've already tried setting the address to the
WAN IP and still nothing. I've also tried using the MS
RDP Client software and get the same results. It keeps
timing out.

I'm guessing I'm missing something to do with port 3389 or
something on the server has to be changed to allow WAN
access. I'm still confused... I've followed everything I
used to do to the letter... It worked when I did it about
a year ago... Very strange.
-----Original Message-----
Try changing the serverName in the default.htm to reflect
Click to expand...
the WAN Ip Address of your Firewall. This will make it
work from the internet, but not on your Internal Network.
If you have the remote desktop client software there is
Click to expand...
no need to use the Remote Desktop Web Connection, so as
the RDWC is just a delivery engine for the ActiveX
control, it doesn't offer any added security or features.
I rarely use the RDWC anymore, but here's some how tos on
customizing the RDWC:
 
It probably has to do with all of the changes you made to the system, i.e.

"The Default Web site has been disabled for security reasons. As per KB Article #154596, I've moved the RPC ports to 5000-5999. As per KB Article #187623, I've moved the RDP port to 1000. I've moved the Default.htm page and msrdp.cab file to another web server (it automatically links to the TSWeb server). As per KB Article # 326945, I've reconfigured the .RDPPort in Default.htm to use port 1000. I have reconfigured the Netgear firewall to pass port 1000 to the TSWeb server (port 80 already goes to the other web server with default.htm page)

Did it work before you made these changes? It's definitely more secure now :

Patrick Rous
Microsoft MVP - Terminal Serve
http://www.workthin.co

----- James Shymko wrote: ----

Actually, I've already tried setting the address to the
WAN IP and still nothing. I've also tried using the MS
RDP Client software and get the same results. It keeps
timing out

I'm guessing I'm missing something to do with port 3389 or
something on the server has to be changed to allow WAN
access. I'm still confused... I've followed everything I
used to do to the letter... It worked when I did it about
a year ago... Very strange
-----Original Message----
Try changing the serverName in the default.htm to reflect
Click to expand...
the WAN Ip Address of your Firewall. This will make it
work from the internet, but not on your Internal Networkno need to use the Remote Desktop Web Connection, so as
the RDWC is just a delivery engine for the ActiveX
control, it doesn't offer any added security or features.
I rarely use the RDWC anymore, but here's some how tos on
customizing the RDWC
 
Actually this is a completely different server (hardware &
OS). I set up a different server on the same network a
year ago and the customer pulled it down after 6 months.
At the time I removed all the port forwarding from the
firewall and assumed they would not want to do that
again.

As it turns out I have to set up the same architecture
again (should be straightforward right?) on a new server
and now the whole thing doesn't work....

I tried setting it up with the default settings (port
3389, default.htm on the TS, etc., etc.) and it still
doesn't work... very odd.

I even pulled out the old RDP client I downloaded a year
ago and same issue.

It's driving me nuts!
-----Original Message-----
It probably has to do with all of the changes you made to the system, i.e.

"The Default Web site has been disabled for security
Click to expand...
reasons. As per KB Article #154596, I've moved the RPC
ports to 5000-5999. As per KB Article #187623, I've moved
the RDP port to 1000. I've moved the Default.htm page and
msrdp.cab file to another web server (it automatically
links to the TSWeb server). As per KB Article # 326945,
I've reconfigured the .RDPPort in Default.htm to use port
1000. I have reconfigured the Netgear firewall to pass
port 1000 to the TSWeb server (port 80 already goes to the
other web server with default.htm page).
 
Can you try connecting thru the firewall to an XP Pro machine to see if maybe the firewall is causing your problems. You'd need to change the port forwarding rule to point to the IP address of the XP Pro machine, and give an XP Pro Machine a static IP address

Patrick Rous
Microsoft MVP - Terminal Serve
http://www.workthin.co

----- James Shymko wrote: ----

Actually this is a completely different server (hardware &
OS). I set up a different server on the same network a
year ago and the customer pulled it down after 6 months.
At the time I removed all the port forwarding from the
firewall and assumed they would not want to do that
again.

As it turns out I have to set up the same architecture
again (should be straightforward right?) on a new server
and now the whole thing doesn't work...

I tried setting it up with the default settings (port
3389, default.htm on the TS, etc., etc.) and it still
doesn't work... very odd

I even pulled out the old RDP client I downloaded a year
ago and same issue

It's driving me nuts
-----Original Message----
It probably has to do with all of the changes you made to the system, i.e.
Click to expand...
reasons. As per KB Article #154596, I've moved the RPC
ports to 5000-5999. As per KB Article #187623, I've moved
the RDP port to 1000. I've moved the Default.htm page and
msrdp.cab file to another web server (it automatically
links to the TSWeb server). As per KB Article # 326945,
I've reconfigured the .RDPPort in Default.htm to use port
1000. I have reconfigured the Netgear firewall to pass
port 1000 to the TSWeb server (port 80 already goes to the
other web server with default.htm page)
 
Back
Top