IT 專業人員的技術資源 >
論壇首頁
>
Forefront Edge Security - General
>
Remote Desktop Connection to Forefront TMG Server
Remote Desktop Connection to Forefront TMG Server
- I am trying to remotely manage the Forefront TMG server but I can't seem to get it to work. I have added my desktop's IP address to the Enterprise Remote Management Computers and have made sure the system policy is set to allow connections from the group. When I try to connect via RDP on my desktop, it just times out trying to connect.
The logs show the connection initiating but then it closes without connection. The log shows, "A connection closed becasue no SYN/ACK reply was received from the server."- 已移動Shrikant MaskeMSFT, 管理員Tuesday, 19 January, 2010 18:01As per owners request. (From:Forefront Threat Management Gateway)
解答
- Hi,
On ISA itself, go to the Terminal Services Configuration and make sure that the RDP-TCP connection is only bound to the ISA Internal interface (Properties -> Network Adapter).
To do this, click on Start > Administrative Tools > Terminal Services Configuration, from the left panel click the Connection node > then on the right page, right click the RDP-TCP then click on properties > click on the Network Adapters Tab and then from the drop down list , choose the Internal NIC
Source : ISA Firewall Quick Tip : Administrating ISA Server 2006 Remotely Using MMC and Remote Desktop Connection
Tarek Majdalani | MS Forefront Edge Security MVP | http://www.elmajdal.net- 已標示為解答James KilnerMSFT, 擁有者Wednesday, 20 January, 2010 13:27
- 已提議為解答Bala Natarajan MSFT Wednesday, 25 November, 2009 0:52
所有回覆
- have you rememberd to turn on RDP in OS?
- Yes, RDP is enabled in the OS.
- sometimes port-stealing in ISA/TMG (i think this is the case) takes the TCP3389 port and local TS/RDP is not able to use it.
Configure the OS RDP to only listen on the "internal" NIC since you are not likely to have a RDP publishing rule conflicting on that interface. - Hey there,
I just activated RDP on the Windows Server 2008 Box which is hosting the TMG.
Using Network Layer Authentication to secure that.
Then I simply set up a rule in the firewall
from External to Local Host allowing RDP protocol.
And thats it ;)
Hope I could help - cheers! - Kent,
How do I configure the OS RDP to only listen on the internal NIC? - Hi,
On ISA itself, go to the Terminal Services Configuration and make sure that the RDP-TCP connection is only bound to the ISA Internal interface (Properties -> Network Adapter).
To do this, click on Start > Administrative Tools > Terminal Services Configuration, from the left panel click the Connection node > then on the right page, right click the RDP-TCP then click on properties > click on the Network Adapters Tab and then from the drop down list , choose the Internal NIC
Source : ISA Firewall Quick Tip : Administrating ISA Server 2006 Remotely Using MMC and Remote Desktop Connection
Tarek Majdalani | MS Forefront Edge Security MVP | http://www.elmajdal.net- 已標示為解答James KilnerMSFT, 擁有者Wednesday, 20 January, 2010 13:27
- 已提議為解答Bala Natarajan MSFT Wednesday, 25 November, 2009 0:52
Hi,
On ISA itself, go to the Terminal Services Configuration and make sure that the RDP-TCP connection is only bound to the ISA Internal interface (Properties -> Network Adapter).
To do this, click on Start > Administrative Tools > Terminal Services Configuration, from the left panel click the Connection node > then on the right page, right click the RDP-TCP then click on properties > click on the Network Adapters Tab and then from the drop down list , choose the Internal NIC
Source : ISA Firewall Quick Tip : Administrating ISA Server 2006 Remotely Using MMC and Remote Desktop Connection
Tarek Majdalani | MS Forefront Edge Security MVP | http://www.elmajdal.net
This might have solved the problem. However, before attempting this, I upgraded from the RC to RTM by unistalling the RC, then installing the RTM. Without changing any other settings, remote desktop began working. I followed these steps just to see what it's set to, and it is still configured to "All Network Adaptors."
Not sure what specifically changed by doing the upgrade, but I've got it working now. Thanks!- Normally you will need to use the process Tarek suggested and use a Publishing rule to allow 3389 from external to local host.
This will make sure there is no port conflict on which process ( TS process or TMG firewall ) is listening on 3389 for the external NIC. (
This will also help you in case you need to publish additional internal servers using multiple External IP
Bala Natarajan [MSFT]| Sr. Support Escalation Engineer | CSS Security -TMG Beta support team | Email: bala.natarajan@microsoft.com | Office 425.704.4626 Bing it on bing.com - Nice, damn i've been struggeling with this for a while,
Thnak you!
