Avatar billede magnusm Nybegynder
19. juli 2004 - 13:05 Der er 1 kommentar

Problemer med Remote dekstop på server med ISA

Hejsa,

Jeg har store problemer med at få remote desktop til at spille på en server med ISA firewall. I serveren sidder 2 netkort og det lader til at problemet er at få trafikken routet videre til netkortet med den interne ip.

Jeg har gjort det lige efter bogen (skulle jeg mene), men der er simpelthen ikke hul igennem.
jeg har oprettet packet filter, rotocol defnitiong packet filter... og terminal service lytter på det interne netkort.
Jeg er ingen ekspert i isa, men har jeg overset noget? eller har jeg bare brugt den helt forkerte guide.. serven jeg skal ha' terminal service adgang til er den samme som ISA serveren.. det er altså ikke en computer på det lokale net, men sådan som jeg har forstået det skal man alligevel angive den interne ip for at få det til at spille.

Jeg skal måske lige oplyse at jeg skal bruger terminal service via internettet. Når jeg sidder ved serveren er der ingen problemer med at logge på terminal service hvis jeg skriver den interne ip/localhost.

jeg har fulgt nedenstående guide, fra http://www.microsoft.com/technet/prodtechnol/isa/maintain/ISA2krem.mspx





Running Terminal Services on the ISA Server computer

After Terminal Services has been enabled on the ISA Server computer, it listens on all network adapters by default. You may want to change this default setting in the following scenario:
•   

If you want to publish Terminal Services from computers in the internal network while running Terminal Services on the ISA Server computer, there may be port contention issues. With the default setting, any Terminal server request that arrives at the ISA Server external adapter will be answered by Terminal Services running on the ISA Server computer. To free up the external adapter, configure Terminal Services running on the ISA Server computer to listen to only the internal network adapter. For instructions, see the section that follows later in this document, "Remote management from the external network."
Remote management from the internal network

To manage ISA Server using Terminal Services client from a computer on the local internal network, set up Terminal Services as described previously, and then connect using the correct logon credentials to access the ISA Server computer. Note that unless otherwise configured, the computer running Terminal Services only allows local administrators to connect.
Remote management from the external network

There are a number of choices for remote administration of the ISA Server computer from an external network such as the Internet, including:
•   

Enable packet filtering, and open a packet filter to make Terminal Services available on the ISA Server external interface.
•   

Publish Terminal server on the ISA Server computer to make it available to external clients.
•   

Set up a virtual private network (VPN) tunnel and use a Remote Desktop connection.
Creating a packet filter

You can make Terminal Services available on the external interface of the ISA Server computer by creating a packet filter for Terminal Services, as you do for all services running on the ISA Server computer that listen to the Internet. This packet filter enables Terminal server clients to connect to a Terminal Services session running on the ISA Server computer by using RDP protocol over TCP port 3389. Ensure that packet filtering is enabled, and then do the following:
To create a packet filter

1.

In ISA Management, click to expand arrayname, and then click to expand Access Policy.

2.

Right-click IP Packet Filters, point to New, and then click Filter.

3.

Type a name for the filter, and then click Next.

4.

For arrays only, select Only this server for the filter, and then click Next.

5.

In the Filter Mode page, select Allow packet transmission, and then click Next.

6.

In the Filter Type page, select Custom, and then click Next.

7.

In the Filter Settings page, configure the following:
•   

IP protocol: TCP
•   

Direction: Inbound
•   

Local port: Fixed port
•   

Port number: 3389
•   

Remote port: All ports

8.

In the Local Computer page, select Default IP addresses for each external interface on the ISA Server computer, and then click Next.

9.

In the Remote Computers page, select All remote computers, or Only this remote computer (enter an IP address for the specified computer), and then click Next. The setting you select specifies the terminal client computer that can access the Terminal Services session.

10.

Click Finish to complete the wizard.
Publishing Terminal server on the ISA Server computer

Alternatively, you can Terminal Services to listen only on the internal adapter, and then use a server publishing rule to publish it, just like any other published server. To do this, you need to do the following:
•   

Step 1: Create an RDP Protocol definition.
•   

Step 2: Bind to the internal network adapter.
•   

Step 3: Create an RDP server publishing rule to make Terminal Services available to external clients.
Step 1: Create a protocol definition

1.

Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.

2.

Click to expand the Policy Elements node, right-click Protocol Definitions, click New, and then click Definition.

3.

In the New Protocol Definition Wizard, type RDP Server for the protocol definition, and then click Next.

4.

On the Primary Connection Information page, specify the following:
•   

In Port, type 3389.
•   

In Protocol Type, select TCP.
•   

In Direction, select Inbound.

Then, click Next.

5.

On the Secondary Connections Page, in Do you want to use secondary connections, click No. Click Next, and then click Finish to complete the wizard.
Step 2: Bind Terminal Services to the internal adapter

1.

Click Start, point to Programs, click Administrative Tools, and then click Terminal Services Configuration.

2.

Click the Connections folder, and then click the RDP-TCP connection.

3.

Right-click this connection and click Properties.

4.

Click the Network Adapter tab and click to select the internal network adapter in the Network Adapter check box.

5.

Restart the server so that this change can take effect.
Step 3: Create a publishing rule

1.

Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.

2.

Click to expand arrayname, expand the Publishing node, right-click Server Publishing Rules, point to New, and then click Rule.

3.

In the New Server Publishing Rule Wizard, type ISA RDP, and then click Next.

4.

In Address Mapping, in IP address of internal server, type the internal IP address of the ISA Server computer.

5.

In Address Mapping, in External IP address on ISA Server, type the external IP address on the ISA Server computer that this publishing rule will use, and then click Next.

6.

In Protocol Settings, in the list of protocols, select the RDP Server protocol definition you created previously, and then click Next.

7.

In Client Type, select the client type to which the rule will apply. Click Next, and then click Finish.
Avatar billede peterlund Nybegynder
05. marts 2006 - 17:07 #1
Har du sørget for at serveren router mellem de to netværk?
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester