RDP Port Access via Internet - [WP]
in [Terminal Services]
|
From: TP on 2 Oct 2009 11:23 WP, The TSGateway server name needs to be resolvable from the *client* machine, whereas the Terminal Server name must be resolvable from the *TSGateway* machine. If the TS is on the same local LAN as your TSG, then the TS name should resolve to a *local* ip address (eg 192.168.1.x) from the perspective of the TSG. Example connection: 1. First the client attempts to connect to the TS Gateway using the TS Gateway name you provided--it finds the name and connects via port 443 2. Second the TS Gateway attempts to connect to your TS Server using the TS Server name provided via port 3389 I think it is the second step which is failing (if 3389 is blocked), because the CN may not be resolvable to the correct *internal* ip address. The short answer is you should either change your internal DNS so that the CN will resolve to the internal ip address of your TS when on the LAN, -or- change the TS server name to the internal server name. Thanks. -TP WildPacket wrote: > Rob Thanks. > > "I THINK" I did. Let me run it by you ..... > > On the TS Remoteapp Manger Properties -> Under TSGateway tab in the > server name field I have the same name as the CN on the certificate > ...??? > > And on the Terminal Server tab in the server name field I have the > same name as the CN on the certificate > > Is that right???? > > Thanks,
From: WildPacket on 2 Oct 2009 12:11 TP thanks for your input .... Changing the internal DNS name to resolve the CN is a big job? I ahve tried to change the TS Server name to internal name it still no workie ...... Waht about UCC Certificates ... I heard we can mentioned both the CN name and the internal Server name in that cert and that will work????? Thanks adivse Please. "TP" wrote: > WP, > > The TSGateway server name needs to be resolvable from the > *client* machine, whereas the Terminal Server name must > be resolvable from the *TSGateway* machine. If the TS > is on the same local LAN as your TSG, then the TS name > should resolve to a *local* ip address (eg 192.168.1.x) from > the perspective of the TSG. > > Example connection: > > 1. First the client attempts to connect to the TS Gateway using > the TS Gateway name you provided--it finds the name and > connects via port 443 > > 2. Second the TS Gateway attempts to connect to your TS > Server using the TS Server name provided via port 3389 > > I think it is the second step which is failing (if 3389 is blocked), > because the CN may not be resolvable to the correct *internal* > ip address. > > The short answer is you should either change your internal > DNS so that the CN will resolve to the internal ip address of > your TS when on the LAN, -or- change the TS server name > to the internal server name. > > Thanks. > > -TP > > WildPacket wrote: > > Rob Thanks. > > > > "I THINK" I did. Let me run it by you ..... > > > > On the TS Remoteapp Manger Properties -> Under TSGateway tab in the > > server name field I have the same name as the CN on the certificate > > ...??? > > > > And on the Terminal Server tab in the server name field I have the > > same name as the CN on the certificate > > > > Is that right???? > > > > Thanks, >
From: WildPacket on 2 Oct 2009 12:26 TP: The TSG, TServer, RemoteApp all on this one server in the same LAN ....and TS License server also on this server "TP" wrote: > WP, > > The TSGateway server name needs to be resolvable from the > *client* machine, whereas the Terminal Server name must > be resolvable from the *TSGateway* machine. If the TS > is on the same local LAN as your TSG, then the TS name > should resolve to a *local* ip address (eg 192.168.1.x) from > the perspective of the TSG. > > Example connection: > > 1. First the client attempts to connect to the TS Gateway using > the TS Gateway name you provided--it finds the name and > connects via port 443 > > 2. Second the TS Gateway attempts to connect to your TS > Server using the TS Server name provided via port 3389 > > I think it is the second step which is failing (if 3389 is blocked), > because the CN may not be resolvable to the correct *internal* > ip address. > > The short answer is you should either change your internal > DNS so that the CN will resolve to the internal ip address of > your TS when on the LAN, -or- change the TS server name > to the internal server name. > > Thanks. > > -TP > > WildPacket wrote: > > Rob Thanks. > > > > "I THINK" I did. Let me run it by you ..... > > > > On the TS Remoteapp Manger Properties -> Under TSGateway tab in the > > server name field I have the same name as the CN on the certificate > > ...??? > > > > And on the Terminal Server tab in the server name field I have the > > same name as the CN on the certificate > > > > Is that right???? > > > > Thanks, >
From: Wayne Tilton on 2 Oct 2009 17:04 "TP" <tperson.knowspamn(a)mailandnews.com> wrote in news:u4Be#Q3QKHA.4028 @TK2MSFTNGP05.phx.gbl: > WP, > > The TSGateway server name needs to be resolvable from the > *client* machine, whereas the Terminal Server name must > be resolvable from the *TSGateway* machine. If the TS > is on the same local LAN as your TSG, then the TS name > should resolve to a *local* ip address (eg 192.168.1.x) from > the perspective of the TSG. > > Example connection: > > 1. First the client attempts to connect to the TS Gateway using > the TS Gateway name you provided--it finds the name and > connects via port 443 > > 2. Second the TS Gateway attempts to connect to your TS > Server using the TS Server name provided via port 3389 > > I think it is the second step which is failing (if 3389 is blocked), > because the CN may not be resolvable to the correct *internal* > ip address. > > The short answer is you should either change your internal > DNS so that the CN will resolve to the internal ip address of > your TS when on the LAN, -or- change the TS server name > to the internal server name. > > Thanks. > > -TP > > WildPacket wrote: >> Rob Thanks. >> >> "I THINK" I did. Let me run it by you ..... >> >> On the TS Remoteapp Manger Properties -> Under TSGateway tab in the >> server name field I have the same name as the CN on the certificate >> ...??? >> >> And on the Terminal Server tab in the server name field I have the >> same name as the CN on the certificate >> >> Is that right???? >> >> Thanks, I set this up in a lab recently and the way I got it to work was to use the FQDN of the TS Gateway (e.g. tsgateway.mydomain.com) on the "Connect from anywhere" tab under Advance and the NetBIOS name of the target system in the 'Computer' field of the General tab. This causes the initial connect to the TS Gateway to work by resolving the external over the internet using DNS and the connection to the actual target server resolves by NetBIOS on the internal network. HTH, Wayne Tilton
From: WildPacket on 3 Oct 2009 13:08 Thanks all for your participation .... Got it going... had to use a UCC Certificate. "Wayne Tilton" wrote: > "TP" <tperson.knowspamn(a)mailandnews.com> wrote in news:u4Be#Q3QKHA.4028 > @TK2MSFTNGP05.phx.gbl: > > > WP, > > > > The TSGateway server name needs to be resolvable from the > > *client* machine, whereas the Terminal Server name must > > be resolvable from the *TSGateway* machine. If the TS > > is on the same local LAN as your TSG, then the TS name > > should resolve to a *local* ip address (eg 192.168.1.x) from > > the perspective of the TSG. > > > > Example connection: > > > > 1. First the client attempts to connect to the TS Gateway using > > the TS Gateway name you provided--it finds the name and > > connects via port 443 > > > > 2. Second the TS Gateway attempts to connect to your TS > > Server using the TS Server name provided via port 3389 > > > > I think it is the second step which is failing (if 3389 is blocked), > > because the CN may not be resolvable to the correct *internal* > > ip address. > > > > The short answer is you should either change your internal > > DNS so that the CN will resolve to the internal ip address of > > your TS when on the LAN, -or- change the TS server name > > to the internal server name. > > > > Thanks. > > > > -TP > > > > WildPacket wrote: > >> Rob Thanks. > >> > >> "I THINK" I did. Let me run it by you ..... > >> > >> On the TS Remoteapp Manger Properties -> Under TSGateway tab in the > >> server name field I have the same name as the CN on the certificate > >> ...??? > >> > >> And on the Terminal Server tab in the server name field I have the > >> same name as the CN on the certificate > >> > >> Is that right???? > >> > >> Thanks, > > I set this up in a lab recently and the way I got it to work was to use > the FQDN of the TS Gateway (e.g. tsgateway.mydomain.com) on the "Connect > from anywhere" tab under Advance and the NetBIOS name of the target > system in the 'Computer' field of the General tab. > > This causes the initial connect to the TS Gateway to work by resolving > the external over the internet using DNS and the connection to the actual > target server resolves by NetBIOS on the internal network. > > HTH, > > Wayne Tilton >
First
|
Prev
|
Pages: 1 2 3 Prev: Normal.dot Permissions Issue Next: Using GPO to force local profiles on a terminal server |