none
Accessing to RemoteApp Externally via RDWeb

    Question

  • I recently started trying to deploy RDWeb to allow external access of RemoteApp.

    I have configured a server that is running Remote Desktop Host and also RD Web Connection. There are no TS Gateway or RD Gateway and any other roles installed on this server. 

    I can access to the page and launch the RemoteApp internally using the internal address 

    https://servername/rdweb 

    I perform a NAT on my firewall to allow external access

    CLIENT -> INTERNET -> FIREWALL -> RDWEBSERVER

    I can see the page loads

    https://remote.companydomain.com/rdweb 

    But when I launch the apps, I get the error

    Remote Desktop can't connect to the remote computer for one of the reason

    1) Remote access to the server is not enabled

    2) The remote computer is turned off

    3) The remote computer is not available on the network

    Make sure the remote computer is turned on and connected to the network, and that remote access is enabled

    Only Port 80 and 443 were allowed externally.


    Thanks

    Thursday, April 18, 2013 1:01 AM

Answers

  • I recently started trying to deploy RDWeb to allow external access of RemoteApp.

    I have configured a server that is running Remote Desktop Host and also RD Web Connection. There are no TS Gateway or RD Gateway and any other roles installed on this server. 

    I can access to the page and launch the RemoteApp internally using the internal address 

    https://servername/rdweb 

    I perform a NAT on my firewall to allow external access

    CLIENT -> INTERNET -> FIREWALL -> RDWEBSERVER

    I can see the page loads

    https://remote.companydomain.com/rdweb 

    But when I launch the apps, I get the error

    Remote Desktop can't connect to the remote computer for one of the reason

    1) Remote access to the server is not enabled

    2) The remote computer is turned off

    3) The remote computer is not available on the network

    Make sure the remote computer is turned on and connected to the network, and that remote access is enabled

    Only Port 80 and 443 were allowed externally.


    Thanks

    It turns out that I need to allowed Port 3389 externally for it to work. It is quite confusing for me as I have read multiple guides but no one seems to explained it on how it works.

    When you connect to the web server that is serving up the Remote Desktop Web Connection page, you are connecting over port 80 or 443. Upon connection to the Web page, the ActiveX control is downloaded to your client computer and stored in the default location for downloaded controls in Internet Explorer - %systemroot%\Downloaded Program Files. From the supplied sample Web page, the name of the Terminal Server, and display resolution are passed as parameters to the ActiveX control. After these parameters are passed, the connect method on the control is called, and then a session is launched to the Terminal Server computer. The ActiveX control on the client computer then creates a connection directly to the Terminal Server over TCP port 3389.

    The web client is the same as the full Remote Desktop Connection client without the full configuration interface. It obtains these properties from the Remote Desktop Web Connection page, and not by any communication with the IIS computer itself.

    So after opening POrt 3389 it works externally. I know it is not secure and to get around it, you can install RD Gateway on the same server or different server and when you do this, you will only need to allow Port 80 and 443 for it to work externally.

    Guide to install RD Gateway

    http://networkdojo.net/2011/09/12/remote-desktop-services-rd-gateway/

    Please mark this post as helpful if this had helped you.


    Thanks

    • Marked as answer by cyw77 Thursday, April 18, 2013 1:06 AM
    Thursday, April 18, 2013 1:05 AM

All replies

  • I recently started trying to deploy RDWeb to allow external access of RemoteApp.

    I have configured a server that is running Remote Desktop Host and also RD Web Connection. There are no TS Gateway or RD Gateway and any other roles installed on this server. 

    I can access to the page and launch the RemoteApp internally using the internal address 

    https://servername/rdweb 

    I perform a NAT on my firewall to allow external access

    CLIENT -> INTERNET -> FIREWALL -> RDWEBSERVER

    I can see the page loads

    https://remote.companydomain.com/rdweb 

    But when I launch the apps, I get the error

    Remote Desktop can't connect to the remote computer for one of the reason

    1) Remote access to the server is not enabled

    2) The remote computer is turned off

    3) The remote computer is not available on the network

    Make sure the remote computer is turned on and connected to the network, and that remote access is enabled

    Only Port 80 and 443 were allowed externally.


    Thanks

    It turns out that I need to allowed Port 3389 externally for it to work. It is quite confusing for me as I have read multiple guides but no one seems to explained it on how it works.

    When you connect to the web server that is serving up the Remote Desktop Web Connection page, you are connecting over port 80 or 443. Upon connection to the Web page, the ActiveX control is downloaded to your client computer and stored in the default location for downloaded controls in Internet Explorer - %systemroot%\Downloaded Program Files. From the supplied sample Web page, the name of the Terminal Server, and display resolution are passed as parameters to the ActiveX control. After these parameters are passed, the connect method on the control is called, and then a session is launched to the Terminal Server computer. The ActiveX control on the client computer then creates a connection directly to the Terminal Server over TCP port 3389.

    The web client is the same as the full Remote Desktop Connection client without the full configuration interface. It obtains these properties from the Remote Desktop Web Connection page, and not by any communication with the IIS computer itself.

    So after opening POrt 3389 it works externally. I know it is not secure and to get around it, you can install RD Gateway on the same server or different server and when you do this, you will only need to allow Port 80 and 443 for it to work externally.

    Guide to install RD Gateway

    http://networkdojo.net/2011/09/12/remote-desktop-services-rd-gateway/

    Please mark this post as helpful if this had helped you.


    Thanks

    • Marked as answer by cyw77 Thursday, April 18, 2013 1:06 AM
    Thursday, April 18, 2013 1:05 AM
  • Thanks for your sharing.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, April 18, 2013 6:38 AM
    Moderator