Remote Desktop Gateway issues (?)

I

iroc409

[H]ard|Gawd
Joined
Jun 17, 2006
Messages
1,385
Before I abandon this project, I just wanted to see if anyone could think of the issues I might be having, or a setting I may have missed.

I set up a Server 2012 Essentials instance at home to play with and learn. For various reasons, I wanted to have some remote access to the home network. I only forward HTTPS/443 to the server. The web access works fine, and does exactly what I would like (and was working on in a previous thread), even though it makes me a little nervous to have the server on my home LAN open to the world.

I built a virtual machine with Windows 7 on the server to use Remote Desktop. I have worked on it quite a bit, but am having trouble with it. From work, if I try to remote in, I log in to the remote access website, and click the machine for RDP. When I log in, it either pops back immediately, or tries for a while, and I get this message:


Remote Desktop Connection

Your computer can't connect to the remote computer because an error occurred on the remote computer that you want to connect to. Contact your network administrator for assistance.
Click to expand...


I've taken my laptop to the local Starbucks, and was able to login and use the virtual machine with remote desktop just as you would expect. Everything seems to work fine.

I don't know anyone else who uses Remote Desktop Gateway from work, but I do know someone who forwards RDP/3389 directly to his server, and he is able to connect to it from work with no issues. I was hoping to avoid that, and probably would not allow it. I did temporarily have my laptop connected with RDP/3389 forwarded directly to it (on its own VLAN). I was not able to connect to it from work, but I think I know why. The first time I tried it, I forwarded from an alternate port (53389 I think), and I suspect that was blocked by the work firewall. I had a friend in a different state connect, and it worked fine for them from their home machine. I think the second time I tried it, I may have had it blocked somehow on my firewall, but can't confirm it.

Anyway, just looking for ideas that maybe there's a setting or something that I may have missed that would be not allowing me to connect. My work machine is running Win 7 also.
 
I have a couple customers with SBS 2008 who use the Remote Desktop Gateway, you do have to have TCP/3389 forwarded to your server. The server will act as a proxy for your workstations, so you only need the port forwarded to a single PC. If you want to use alternate ports, then make sure your firewall can do different port forwards (WAN:53389 to LAN:3389). Switching the ports for the RDP service itself can cause issues, so I would leave it alone.

You could also do a SSH Tunnel to secure the connection and not open TCP/3389. Setup an SSH server on your server (either a VM or there are Windows SSH servers), then you can SSH Tunnel to your server and once connected you can RDP directly to your desktop.
 
Are they using a website https filtering at work?
In that case it is dropping the non-http headers so it wont work.
 
firedrow said:
I have a couple customers with SBS 2008 who use the Remote Desktop Gateway, you do have to have TCP/3389 forwarded to your server. The server will act as a proxy for your workstations, so you only need the port forwarded to a single PC. If you want to use alternate ports, then make sure your firewall can do different port forwards (WAN:53389 to LAN:3389). Switching the ports for the RDP service itself can cause issues, so I would leave it alone.

You could also do a SSH Tunnel to secure the connection and not open TCP/3389. Setup an SSH server on your server (either a VM or there are Windows SSH servers), then you can SSH Tunnel to your server and once connected you can RDP directly to your desktop.
Click to expand...

It works off the server fine without forwarding 3389 if I am not at work (coffee shop, wireless VLAN), so I would think this isn't a requirement of 2012 Essentials. I don't even forward port 80, just 443. When I was using an alternate port for the laptop, I didn't change it on the machine, just the router/firewall.

stormy1 said:
Are they using a website https filtering at work?
In that case it is dropping the non-http headers so it wont work.
Click to expand...

I don't think it does HTTPS, at least not MITM-style. It used to just be Websense, but it looks different now... only company branding on the block/warn pages, so I don't know if it changed.


ETA: I set up the server mostly in reference to a previous thread, here. The changes haven't hit my workstation yet, but some people can't use external drives very well. It offers the drive in read-only mode, or it can be encrypted for full use. They can't run any executable off removable media. I use password managers for specific sites, so this was to be somewhat of a workaround that isn't working. Using anything that requires a software client, and really VPN, isn't going to work. The next step I guess would be to try straight RDP again, followed by maybe something like Guacamole... but I don't know I want to get that far down the rabbit hole. I might just take my very slow netbook and use it on the excruciatingly slow open wireless or something, and call it a day. I really only need it maybe for music, and to occasionally get into banking stuff and so forth.
 
Last edited:
You must log in or register to reply here.
Back
Top