RE: Publishing Remote Desktop with W2k3 ISA
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 28 Sep 2003 10:05:41 -0500
Hi Darryl,
It looks like socket pooling, but its not. Its just that the default
setting for the terminal services in Win2k is to listen on all
interfaces. For Win2003, most people won't be using terminal services on
the firewall (at least I hope not), but they will be use remote desktop
services to manage the firewall.
That is where the problem lies. There is no information available on how
to disable the listening on all interfaces issue with the remote desktop
services. There is no management interface that allows you to change the
NIC the remote desktop service listens on. Therefore, the solution is to
create a packet filter for TCP 3389 inbound and limit access to that
packet filter to a select number of IP addresses. Then RDP to an
internal host from the firewall machine itself.
I'm sure there's a Registry setting somewhere that allows you to bind
the remote desktop services RDP server to the internal NIC, I just
haven't got around to looking for it yet :-)
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Darryl Janetzki [mailto:darrylj@xxxxxxxxxxxxxxxx]
Sent: Saturday, September 27, 2003 9:50 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Publishing Remote Desktop with W2k3 ISA
http://www.ISAserver.org
I found that I could not publish an internal TS with this set. I had to
set the RDP port to the internal interface on the ISA server using the
Terminal services configuration tool. Is this part of the problem with
socket pooling? Has any one created a script to remove all protocols
from socket pooling on the external interface. Web, FTP and CITRIX rules
are OK
Thanks
Darryl Janetzki
Other related posts:
