Multiple PC RDP to a single IP - best way?

drjones · Feb 6, 2014

I'm going to install 5x new workstations at a client today & the want each one to have RDP access. Each PC is Win7 Pro x64.

They already have a Windows SBS 2008 server on-site that they access via RDP. (I know....I've warned them....

)

I googled & it seems the easiest, cleanest way to do it is as outlined here: http://www.howtogeek.com/50570/how-to-run-multiple-terminal-servers-on-a-single-ip-address/

This way, all the work would be done in the router/firewall & I wouldn't have to change the RDP port in each workstations' registry.

They have a Motorola Netopia-3000 modem/router.

When I go to configure > Advanced > Pinholes (their term for ports) and look at the current RDP setup for their server, external port 3389 points to the servers internal IP and port 3389.

So could I then assign each workstation a static LAN IP and configure say, ports 3390 - 3394 to forward to the workstations' static LAN IPs, but internal port 3389?

Would that work?

Thanks

angry_geek · Feb 6, 2014

Rds gateway server.

drjones · Feb 6, 2014

angry_geek said:
Rds gateway server.

Can you elaborate on that please?

EDIT: Just googled it. They have *SBS* 2008 which doesn't allow for terminal services.

YeOldeStonecat · Feb 6, 2014

You already have the proper secure way, "TSGateway"...which SBS08 already has built into it. It's a role...it's not terminal server, but a role...and it's already setup and running on SBS08 by default (it's part of the foundation of how RWW works).

Only need port 443 open/forwarded for RWW. Do NOT need port 3389.

Read up on how to configure RDP client to a TSGateway server..and you're all set.

In doing the SBS08 setup, you likely (hopefully) did the SSL certificate for it, and setup an FQND, and that's in place.
The rest is all just on the RDP client installs. I just did 2x this morning for a client on SBS08.

Markverhyden · Feb 6, 2014

Just wondering what their motivation is for RDP'ing to those workstations?

allstarit · Feb 6, 2014

If its SBS you can use remote web workplace. In SBS console you just go to remote tab and select the PC they using. Make sure they leave pc on and that will give them access.
If clients dont want to login to website first do port forwards like yoi said in router and if router allows it make public port 3390,3391ect and map local port 3389. K have done this and works well however I tell client first option is better because its more secure and doesnt leave ports open.
If they have terminal server add this into their remote computer tab on sbs console rather than rpd to their workstations

YeOldeStonecat · Feb 6, 2014

Yeah RWW FTW! Wonderfully simple, secure, and filled with features!

drjones · Feb 6, 2014

allstarit said:
If its SBS you can use remote web workplace. In SBS console you just go to remote tab and select the PC they using. Make sure they leave pc on and that will give them access.
If clients dont want to login to website first do port forwards like yoi said in router and if router allows it make public port 3390,3391ect and map local port 3389. K have done this and works well however I tell client first option is better because its more secure and doesnt leave ports open.
If they have terminal server add this into their remote computer tab on sbs console rather than rpd to their workstations

Yeah good call....is RWW turned on/enabled by default or does it require extra setup?

drjones · Feb 6, 2014

markverhyden said:
Just wondering what their motivation is for RDP'ing to those workstations?

They're a retail shop with multiple locations. They use Quickbooks POS. If a store wants to make certain changes to the POS system, it must be done at the headquarter location.

With the number of users and physical locations, we all figured it was easiest to have dedicated workstations for this purpose; each remote location can login and make their own changes. Unfortunately QB POS doesn't work in a virtual environment; we considered that.

drjones · Feb 6, 2014

YeOldeStonecat said:
In doing the SBS08 setup, you likely (hopefully) did the SSL certificate for it, and setup an FQND, and that's in place.
The rest is all just on the RDP client installs. I just did 2x this morning for a client on SBS08.

Ohhhh........yeah...probably not.....they do not run exchange but wanted the option to in the future....so no, I don't think they have the SSL / FQDN setup.

YeOldeStonecat · Feb 6, 2014

It's there.

https://remote.fqdn.com/remote

The first remote, https://remote....you get to chose that name when running the certificate setup wizard, and when you purchase your SSL cert.
The fqdn.com is whatever your clients domain is, and ties in with their public DNS record that you manage. The /remote at the end is "built in".

allstarit · Feb 6, 2014

I think its by default but as mentioned above you will need to install ssl in sbs console and ill give you a tip: if workstations are using ie11 you need to add domain to compatability mode. I definately know you do for sbs2011 but maybe same for 2008

pceinc · Feb 6, 2014

Don't forget to check their ISP for blocked ports. Some ISPs require a business class or enterprise class account to allow lower ports to be used for incoming connections. If they already have something like Comcast Business or Fios you should be all set for RWW.

Multiple PC RDP to a single IP - best way?

drjones

Well-Known Member

angry_geek

Well-Known Member

drjones

Well-Known Member

YeOldeStonecat

Well-Known Member

Markverhyden

Well-Known Member

allstarit

Well-Known Member

YeOldeStonecat

Well-Known Member

drjones

Well-Known Member

drjones

Well-Known Member

drjones

Well-Known Member

YeOldeStonecat

Well-Known Member

allstarit

Well-Known Member

pceinc

Active Member

Similar threads