Simple question about RD and RWW

[cory@bluepointdesign.com]

I've been looking for a while for an answer to what I think should be
a common question but I think I'm just not using the right words.

We have a 2003 SBS running ISA and on the LAN we have a separate
Windows 2003 Standard Server for Terminal Services. In the beginning I
had no idea it was so simple to set up access to the TS because I had
not heard of RWW. In my mind one maps 3389 to a single server and
that's it. For instance at home I have to change the ports on multiple
machines so I can map ports on my router to them for remote
connections. At this point RWW is FM (F'ng Magic) to me but as with so
many things I just take it on faith since it works. But recently I've
had some issues that lead me to wonder how this thing is actually
working.

Q 1: How does RWW do it? That is get you do different machines if
internally all those machines are listening on port 3389.

I recently discovered that even though the corporate site is using RWW
I can point the regular non-activex RDC to the corporate IP and get to
the TS on the inside. Huh?

Q 2: Why is it going to the TS instead of the main server which hosts
the RWW?

I have seen mention in this group and other places hints that one
doesn't need to use RWW to get to machines on the company network. But
they only say things like "if properly configured".

Q 4: Can I connect to various machines on the internal LAN which have
RD enabled and all listening on port 3389? IOW can I make the same
connections available in RWW without RWW? And if yes how is it
configured?

In the RD client there is a section for Connect from anywhere that
talks about connecting to a TS Gateway. There are very interesting
settings in here and seem to suggest functionality like RWW and Q4.

Q 5: What is TSG and what part does it play with RWW and if the answer
to Q4 is 'yes' does this have something to do with it? And if this
section has anything to do with what I think it does what do all the
fields mean?

Thanks much for taking the time to read this and hopefully you have
some answers for me. Any and all help or references to other reading
is greatly appreciated.

 

[TP]

RWW includes a dynamic proxy that forwards the incoming RDP
traffic on External port 4125 to the selected Internal machine's
port 3389. If you are able to get to your TS by connecting directly
to the External port 3389 then you have set up ISA (or your router)
to forward 3389 traffic to your TS.

Without RWW or a similar solution to translate/map the traffic from
the External machine to the Internal machine's port 3389 then you
need unique ports or external ips for each machine similar to your
home.

TS Gateway is a new feature introduced in Windows Server 2008.
It allows you to make an SSL connection to the TS Gateway on
port 443 and then connects you to the TS on whichever port you
choose (default 3389). The only port you need open on the external
interface is 443.

Server 2008 Beta 3 is available if you want to test it out:

http://www.microsoft.com/windowsserver2008/audsel.mspx

There are lots of articles and information on the web about TS
Gateway. Use google to find them if you are interested.

-TP

cory@bluepointdesign.com wrote:
> I've been looking for a while for an answer to what I think should be
> a common question but I think I'm just not using the right words.
>
> We have a 2003 SBS running ISA and on the LAN we have a separate
> Windows 2003 Standard Server for Terminal Services. In the beginning I
> had no idea it was so simple to set up access to the TS because I had
> not heard of RWW. In my mind one maps 3389 to a single server and
> that's it. For instance at home I have to change the ports on multiple
> machines so I can map ports on my router to them for remote
> connections. At this point RWW is FM (F'ng Magic) to me but as with so
> many things I just take it on faith since it works. But recently I've
> had some issues that lead me to wonder how this thing is actually
> working.
>
> Q 1: How does RWW do it? That is get you do different machines if
> internally all those machines are listening on port 3389.
>
> I recently discovered that even though the corporate site is using RWW
> I can point the regular non-activex RDC to the corporate IP and get to
> the TS on the inside. Huh?
>
> Q 2: Why is it going to the TS instead of the main server which hosts
> the RWW?
>
> I have seen mention in this group and other places hints that one
> doesn't need to use RWW to get to machines on the company network. But
> they only say things like "if properly configured".
>
> Q 4: Can I connect to various machines on the internal LAN which have
> RD enabled and all listening on port 3389? IOW can I make the same
> connections available in RWW without RWW? And if yes how is it
> configured?
>
> In the RD client there is a section for Connect from anywhere that
> talks about connecting to a TS Gateway. There are very interesting
> settings in here and seem to suggest functionality like RWW and Q4.
>
> Q 5: What is TSG and what part does it play with RWW and if the answer
> to Q4 is 'yes' does this have something to do with it? And if this
> section has anything to do with what I think it does what do all the
> fields mean?
>
> Thanks much for taking the time to read this and hopefully you have
> some answers for me. Any and all help or references to other reading
> is greatly appreciated.

 

[cory@bluepointdesign.com]

Ah, I see. Thank you very much for clearing that up for me. I may have
at one point pointed ISA to the TS and that makes sense. I'm thinking
that instead of having users access the RWW where they are confused as
to whether they should use OWA, Connection Manager and what have you
that I just give them an RDP shortcut on their desktop instead. This
will also eliminate the weird timeout problems where the RWW VBScript
is throwing some error and bumping people off. Many thanks!