Jump to content

Terminal Services in Windows Server 2008 Default securitypreventing connection from internet

Guest Andrew Davis

By Guest Andrew Davis
in Windows NT Server

 Share

Recommended Posts

Guest Andrew Davis

Guest Andrew Davis

Posted
Posted

Terminal Services in Windows Server 2008 Default securitypreventing connection from internet

 

I have a Server 2008 Enterprise x86 system sitting at home, which I use

to run various game servers and whatnot. For whatever reason, since I

upgraded (I formatted and re-installed to not leave junk behind during

the upgrade), I have not been able to access Terminal Services from the

Internet. I haven't changed the firewall at all, and the server can

still be accessed for other services but for Terminal Services, it gives

a connection refused. I've even tried connecting to the router's

external IP from inside, and it still gives a connection refused.

 

I only have Terminal Services and Terminal Services Licensing installed.

 

I've also looked through the various Remote Desktop and Terminal Services

firewall rules, but they don't hint at a policy to block Internet

connection to terminal services.

 

What am I missing? What do I need to change to enable this? I'd prefer

it if I didn't have to install the TS gateway because I think that might

be overkill for my server, and I connect from some clients that do not

support the remote desktop client 6.0.

 

Thanks for the help!

 

--

Andrew Davis

IT Administrator

WestGate Church

  • Replies 10
  • Created
  • Last Reply

Popular Days

Popular Days

Guest George Yin

Guest George Yin

Posted
Posted

RE: Terminal Services in Windows Server 2008 Default security preventing connection from internet

 

RE: Terminal Services in Windows Server 2008 Default security preventing connection from internet

 

Hello,

 

I am a bit unclear about what do you mean by the "upgrade". Did you use an

Windows Server 2003 before and upgraded it to Windows Server 2008 or

performed a fresh installation?

 

There are two settings that must be configured before establishing Remote

Desktop sessions, remote connections must be enabled and users must be

granted permission to connect to the server.

 

To enable Remote Desktop connections using the Server Manager console,

perform the following steps:

 

1. Open Server Manager.

 

2. On the Server Summary pane, click Configure Remote Desktop.

 

3. Select one of the following options:

 

1). Allow connections from computers running any version of Remote Desktop

 

Used if any remote clients will be using the Remote Desktop Connection 5.x

client application.

 

2). Allow connections only from computers running Remote Desktop with NLA.

 

Used if all remote clients will be using the Remote Desktop Connection 6.x

client application.

 

4. In the Remote Desktop section, click Select Users¡­

 

5. In the Remote Desktop Users dialog box, click Add.

 

6. Add the users that will be allowed to remotely connect to the server.

 

Besides, please check if the "Remote Desktop" has been selected on the

Exceptions tab of the Windows Firewall Settings. You can do this by opening

the Control Panel, then opening the Windows Firewall.

 

If this problem remains, please try to log on through the RDC locally from

the terminal server and see how it goes. Please collect the detailed

information on the error box for us to better understand it, or you can

take a snapshot and send it directly to me at v-chayin@microsoft.com

<mailto: v-chayin@microsoft.com>.

 

I look forward to your reply.

 

Sincerely,

George Yin

Microsoft Online Support

Microsoft Global Technical Support Center

 

Get Secure! - http://www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so

that others may learn and benefit from your issue.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Guest Andrew Davis

Guest Andrew Davis

Posted
Posted

Re: Terminal Services in Windows Server 2008 Default securitypreventing connection from internet

 

Re: Terminal Services in Windows Server 2008 Default securitypreventing connection from internet

 

On Wed, 26 Mar 2008 12:46:05 +0000, George Yin(MSFT) wrote:

> Hello,

>

> I am a bit unclear about what do you mean by the "upgrade". Did you use

> an Windows Server 2003 before and upgraded it to Windows Server 2008 or

> performed a fresh installation?

>

> There are two settings that must be configured before establishing

> Remote Desktop sessions, remote connections must be enabled and users

> must be granted permission to connect to the server.

>

> Besides, please check if the "Remote Desktop" has been selected on the

> Exceptions tab of the Windows Firewall Settings. You can do this by

> opening the Control Panel, then opening the Windows Firewall.

>

> If this problem remains, please try to log on through the RDC locally

> from the terminal server and see how it goes. Please collect the

> detailed information on the error box for us to better understand it, or

> you can take a snapshot and send it directly to me at

> v-chayin@microsoft.com <mailto: v-chayin@microsoft.com>.

>

> I look forward to your reply.

>

> Sincerely,

> George Yin

> Microsoft Online Support

> Microsoft Global Technical Support Center

 

It is a fresh install. I formatted the drive and installed Server 2008.

I've had bad experiences upgrading, so I always install a fresh copy of

windows. When it was 2003, remote desktop worked from every TS client I

used. I've already configured Remote Desktop, and it works flawlessly,

just only from the local subnet. Remote desktop also works if I connect

from the server itself to the server's netbios name.

 

If I connect to the external ip for my computer, it says it can't connect

to the remote computer, when I try to connect from the server

 

I've looked through the Windows Firewall inbound rules and none of the

remote desktop/terminal services firewall rules hint at the fact that it

might only accept connections from the local subnet.

 

Thanks for the help!

--

Andrew Davis

IT Administrator

WestGate Church

Guest Andrew Davis

Guest Andrew Davis

Posted
Posted

Re: Terminal Services in Windows Server 2008 Default securitypreventing connection from internet

 

Re: Terminal Services in Windows Server 2008 Default securitypreventing connection from internet

 

 

It looks to have started to work out of the blue. I don't know what

happened, I didn't change anything, but it seems to work now.

 

--

Andrew Davis

IT Administrator

WestGate Church

Guest Andrew Davis

Guest Andrew Davis

Posted
Posted

Re: Terminal Services in Windows Server 2008 Default securitypreventing connection from internet

 

Re: Terminal Services in Windows Server 2008 Default securitypreventing connection from internet

 

On Wed, 26 Mar 2008 09:36:38 -0700, Andrew Davis wrote:

> It looks to have started to work out of the blue. I don't know what

> happened, I didn't change anything, but it seems to work now.

 

New issue, I forgot to mention in that message:

 

Terminal Services on Server 2k8 isn't prompting for a login, it's showing

the active user on the welcome screen, like vista does. How do I setup

the Terminal Services so that it prompts for a username/password instead

of showing active users and letting you click on one to login to?

 

I have it setup for a user/password entry for the console, but it's not

taking for Terminal Services some reason. Part of my security is i have

obscure usernames which further help me secure my system.

 

--

Andrew Davis

IT Administrator

WestGate Church

Guest George Yin

Guest George Yin

Posted
Posted

Re: Terminal Services in Windows Server 2008 Default security preventing connection from internet

 

Re: Terminal Services in Windows Server 2008 Default security preventing connection from internet

 

Hello,

 

Thank you for the reply.

 

I am a little unclear about the last question. Do you mean that you don't

want the previous logged on user name to show up on the Remote Desktop

Connection dialog box?

 

If not, will you please describe this more clearly for us to better

understand it? Or will you please take a snapshot of it and send it

directly to to me at v-chayin@microsoft.com <mailto:

v-chayin@microsoft.com>?

 

If you don't want the previous user name to show up when another user logs

on using the Remote Desktop Connection, you may need to delete some values

in the following path:

 

HKEY_CURRENT_USER\Software\Microsoft\Terminal Server

Client\Servers\<ServerName>\

 

The value is UsernameHint, and you should delete all of this type of value

one-by-one.

 

Beside, here is a workaround to automatically achieve this. Please note, we

do not recommend that you use this method as using this may cause many

potential problems.

 

Right click the <ServerName> node in the left pane, and click

"Permissions¡­". Choose the specified user or group and deny all the

permissions for them.

 

I look forward to your reply.

 

Sincerely,

George Yin

Microsoft Online Support

Microsoft Global Technical Support Center

 

Get Secure! - http://www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so

that others may learn and benefit from your issue.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Guest George Yin

Guest George Yin

Posted
Posted

Re: Terminal Services in Windows Server 2008 Default security preventing connection from internet

 

Re: Terminal Services in Windows Server 2008 Default security preventing connection from internet

 

Hello,

 

I am just writing to see how everything is going. If you have any updates

or need any further assistance on this issue, please feel free to let me

know. I am glad to be of assistance.

 

Sincerely,

George Yin

Microsoft Online Support

Microsoft Global Technical Support Center

 

Get Secure! - http://www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so

that others may learn and benefit from your issue.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Guest Andrew Davis

Guest Andrew Davis

Posted
Posted

Re: Terminal Services in Windows Server 2008 Default securitypreventing connection from internet

 

Re: Terminal Services in Windows Server 2008 Default securitypreventing connection from internet

 

On Fri, 28 Mar 2008 10:31:40 +0000, George Yin(MSFT) wrote:

> Hello,

>

> I am just writing to see how everything is going. If you have any

> updates or need any further assistance on this issue, please feel free

> to let me know. I am glad to be of assistance.

>

> Sincerely,

> George Yin

 

 

The problem is when I connect to Terminal Services, I'm not using

negotiation, since I have computers that can't use RDP 6.0. That being

the case, I always connect, then enter my password once I'm in my

server. This worked well with Server 2003, since it has a login prompt,

and TS always filled in with what your username is on the computer your

connecting from. The problem is that Server 2008 changed login screens,

so now I have a login screen when I connect to Terminal Services that's

identical to Vista's login screen. I have policies setup to forget the

last username, which works. The console is now always at a login prompt,

but it didn't apply for Terminal Services for whatever reason. I'd like

to know what polices I have to change to get it to work like that.

 

Thanks!

--

Andrew Davis

IT Administrator

WestGate Church

Guest George Yin

Guest George Yin

Posted
Posted

Re: Terminal Services in Windows Server 2008 Default security preventing connection from internet

 

Re: Terminal Services in Windows Server 2008 Default security preventing connection from internet

 

Hello,

 

Do you mean the screen showing the "<DomainName>\Userxx" and "Other User"

which asks you to choose one to log onto the terminal server, after you

click the Connect button of the Remote Desktop Connection?

 

If so, I would like to suggest that you try the following steps and see if

they work for your situation:

 

1. On the Windows 2008 terminla server, click Start->Programs->Admin

Tools->Terminal Services->Terminal Services Configuration -> Under

"Connections", select RDP-Tcp-> Right Click -> Properties > Select "Log On

Settings" Tab.

 

2. Select the Radio Button "Always use the following logon information" -

Leave all the fields blank. Click OK.

 

Now when clients establish remote desktop connection, he will be prompted

to input user name and password.

 

I hope this helps. Thank you.

 

Sincerely,

George Yin

Microsoft Online Support

Microsoft Global Technical Support Center

 

Get Secure! - http://www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so

that others may learn and benefit from your issue.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Guest Andrew Davis

Guest Andrew Davis

Posted
Posted

Re: Terminal Services in Windows Server 2008 Default securitypreventing connection from internet

 

Re: Terminal Services in Windows Server 2008 Default securitypreventing connection from internet

 

On Mon, 31 Mar 2008 12:04:46 +0000, George Yin(MSFT) wrote:

> Hello,

>

> Do you mean the screen showing the "<DomainName>\Userxx" and "Other

> User" which asks you to choose one to log onto the terminal server,

> after you click the Connect button of the Remote Desktop Connection?

>

> If so, I would like to suggest that you try the following steps and see

> if they work for your situation:

>

> 1. On the Windows 2008 terminla server, click Start->Programs->Admin

> Tools->Terminal Services->Terminal Services Configuration -> Under

> "Connections", select RDP-Tcp-> Right Click -> Properties > Select "Log

> On Settings" Tab.

>

> 2. Select the Radio Button "Always use the following logon

information"

> - Leave all the fields blank. Click OK.

>

> Now when clients establish remote desktop connection, he will be

> prompted to input user name and password.

>

> I hope this helps. Thank you.

>

> Sincerely,

> George Yin

 

That worked great!

 

Thank you!

 

--

Andrew Davis

IT Administrator

WestGate Church

Guest George Yin

Guest George Yin

Posted
Posted

Re: Terminal Services in Windows Server 2008 Default security preventing connection from internet

 

Re: Terminal Services in Windows Server 2008 Default security preventing connection from internet

 

Hello,

 

Thank you for the reply. It is great to hear that it works!

 

If you need any further assistance, please feel free to let me know.

 

Have a nice day!

 

Sincerely,

George Yin

Microsoft Online Support

Microsoft Global Technical Support Center

 

Get Secure! - http://www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so

that others may learn and benefit from your issue.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 Share
Go to topic listing
×
×
  • Create New...