SBS does not allow terminal services?

[Forealz]

I've been trying to get a SBS 2008 server running with Terminal Services Gateway so an employee who is moving soon will be able to remotely log into a computer and work as if she was still there, basically. I'm googling the crap out of this and everything on the server seems fine, but then I come across this line from ms technet

"Review the following guidelines before you configure Terminal Services with Windows SBS 2008:

Use the second server that is included with Windows SBS 2008 Premium for Terminal Services. You cannot use a server that is running Windows SBS 2008 as a terminal server. Terminal Services does not coexist well with the rest of the applications and services that are included with Windows SBS 2008.

For the terminal server, you can use either the second server that is included with Windows SBS 2008 Premium or Windows Server 2008 Standard with a separate server license."

So seems pretty clear to me. Is this true, I cannot configure the SBS box for RDP? Any other way to do this?

Edit:I'd like the user to use RWW. So they would go to https://remote.xxxx.com then have access to a remote desktop. I'm pretty sure that they are the same because when trying to use it I get "Terminal Services Gateway Not installed" or something like that.

 

[ashman]

Its not clear to be what your objective is. If you are trying to install terminal services on your SBS 2008 box so it can become a terminal server, forget it, its not an option. The last version of SBS that allowed you to install terminal services on the SBS box was SBS 2000, since 2003, you have to use RWW. Now in SBS 2008 they introduced the two server model, so what you can do is add a second SBS 2008 box and install terminal services on that box, I believe. In any case, if you only have one SBS 2008 box, simply turn on RWW for the user, they will need a PC inside the network to remote to, its not possible for them to log onto the server in a terminal server session though, unless you add the second server as I mentioned.

 

[joblo37pam]

It would be a pretty big security risk to have a user logging into the SBS server because of all of the roles that it runs and the rights that must be granted to allow a remote desktop connection.

RWW will allow them to log into any machine on the network that they have priveleges to. It may mean you need to setup a dedicated machine on the network specifically for that user, but it would be much more secure than having them log directly into the server.

 

[ashman]

That is exactly why Microsoft did an about face between Windows 2000 and 2003, in Windows 2000 everything was wide open, in 2003, they locked it down more. Same thing with SBS 2000, security was a joke, it was a lot better with SBS 2003 but they replaced Terminal Services with RWW which pissed some people off, but it was better for security.

 

[Forealz]

Great. I'm trying to set up RWW for them. When I try to connect I get the error "Terminal Services Gateway Service is not running". So that's what I've been trying to solve, and at one point I came across the article above and must have confused the two. I've been trying to get the Terminal Services Gateway Service going to remove the error but have so far had no joy.

 

[joblo37pam]

You shouldn't need to mess with any services. SBS will install everything it needs out of the box. Just log into the RWW site and pick the client (not the server) that the user needs to log into.

 

[Forealz]

Ideally yes, but it's not working. I've recently taken over administration for this server and everything about it is messed up.

 

[ashman]

The first thing to know about managing SBS is that you should do everything through the SBS console using the wizards, if you do stuff outside the wizards, stuff will get horribly messed up. So even basic stuff like adding a user, or a share, don't go to AD users and computers or jump into windows explorer to add the share. Does RWW work for anyone else? Is there an SSL certificate installed? Go through the wizards and the event logs and make sure everything is turned on and working that should be.

 

[Forealz]

Well that's good to know.

 

[joblo37pam]

Ideally yes, but it's not working. I've recently taken over administration for this server and everything about it is messed up.

Have you opened all of the required firewall ports: http://www.sbsfaq.com/?p=2559

 

[Forealz]

Yes, but after reading that I opened too many ports. Thank you!

 

[D-EJ915]

Make sure the TS gateway has a proper cert installed. Also if you don't use the connect wizard to join the computers to the domain don't expect it to work properly.

 

[Forealz]

Arg really? I always just joined the domain from the computer itself.

 

[joblo37pam]

I've never had a problem manually adding machines to the domain, but you do miss out on some scripts if you don't use the wizard. I think the remote desktop settings are all set in GPO, though, so I don't think the wizard should matter there.

Have you made sure that remote desktop is enabled on the client machine that you are trying to login to? Also, does the client machine that you are logging in with have the correct certificate installed? RWW can be pretty picky about that.

 

[Forealz]

Yes I think it does. For some reason there are many certificates on the server, so I made a new one (lol) and started using that one. At least that is not the error I'm getting (it was at first before I grabbed the cert). And, I can log into computers on the network with the server without issue.