How To Setup Windows Server 2019 for Remote Access for users outside the local network

jjssj

Distinguished
May 26, 2009
29
0
18,530
0
Hi Trying to setup windows server 2019 for remote access for users outside the local network

I've installed remote access and remote access service, and active directory

I'm stuck on setting/allocating my current static ip address as the servers external and ip and the servers local ip
So when a User outside of the network logs in - they can log in via the external ip - however how do I allocate that ip to that specific machine?

Heres a video I recorded:
View: https://youtu.be/o5b1epMr4S4


Thanks
 

jeremyj_83

Commendable
Aug 23, 2017
1,184
128
1,740
95
You are going to have to use NAT rules to get that to the server. For example your internal IP is 192.168.1.100 for the 2019 box and your external ip is 175.214.2.52 you will need to set up a rule in your firewall for NAT forwarding. In this case you could say the person comes in over 175.214.2.52:1234 (the 1234 is the port number and the : states that you connect over that specific port) on your firewall you would use NAT forwarding to forward the connection coming in from 175.214.2.52:1234 to go to internal ip 192.168.1.100 over Windows RDP. This isn't the most secure way of doing this, especially if this has sensitive information on it. The best way would be to have a VPN connection to your internal network and then just connect as you would if you were on the office LAN.
 

jjssj

Distinguished
May 26, 2009
29
0
18,530
0
Thanks for the reply Jeremy really appreciate it

Is remote acess setup via "remote acess" or "remote desktop services"?

On trying to setup via remote access i get this error

"Connecting to remote server failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic."

I have followed this tutorial: http://technico.qnownow.com/the-winrm-client-cannot-process-the-request-if-the-authentication-scheme-is-different/ however no luck

Currently, I have setup network to static local ip address.

Remote Desktop Services has and error "You are currently logged on as local administrator on the computer. You must be logged on as a domain user to manage servers and collections. I did "demote" the server from domain controller to workgroup - as a domain controller server can't have Remote Desktop Services/Remote Access running on the same server.

I am able to remote in via administrator settings via local computer. However I havent tried to remote in via an external device - however I wouldnt know what ip to put in.

he best way would be to have a VPN connection to your internal network and then just connect as you would if you were on the office LAN.
This is what I want! Less chance of hacking/secure line + less likely to go down in my opinion.

Remote Desktop Management "RDMS" doesnt run/startup or start manually. - I have un-installed "Remote Desktop Services" however after installing same issues.
 

jeremyj_83

Commendable
Aug 23, 2017
1,184
128
1,740
95
Thanks for the reply Jeremy really appreciate it

Is remote acess setup via "remote acess" or "remote desktop services"?

On trying to setup via remote access i get this error

"Connecting to remote server failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic."

I have followed this tutorial: http://technico.qnownow.com/the-winrm-client-cannot-process-the-request-if-the-authentication-scheme-is-different/ however no luck

Currently, I have setup network to static local ip address.

Remote Desktop Services has and error "You are currently logged on as local administrator on the computer. You must be logged on as a domain user to manage servers and collections. I did "demote" the server from domain controller to workgroup - as a domain controller server can't have Remote Desktop Services/Remote Access running on the same server.

I am able to remote in via administrator settings via local computer. However I havent tried to remote in via an external device - however I wouldnt know what ip to put in.


This is what I want! Less chance of hacking/secure line + less likely to go down in my opinion.

Remote Desktop Management "RDMS" doesnt run/startup or start manually. - I have un-installed "Remote Desktop Services" however after installing same issues.
You are going to have to make sure that Remote Desktop is setup on the server. Image of where to see if Remote Desktop is enabled By clicking on "Enabled" in my instance you would be able to change options on RDP. By default anyone in the administrator group will be able to RDP if it is enabled.
When it comes to RDP externally you will have to adjust NAT firewall settings. RDP is plain text so having that going to your internal network over NAT isn't a good security measure. Having it sitting in your internal network with external users connecting via VPN is far more secure and then all they would have to do is go to the local IP or FQDN of the server.
 
Before tryint to make it work over Internet, make sure it works locally - that is, you can RDP into the server from local workstation.

Once you set-up the domain, it's better not to user local Administrator account, unless absolutely necessary. You also have to enable users to login remotely onto the server.

And last but not least - you're limited to two logins. Or you need Terminal Services.
 

ASK THE COMMUNITY

TRENDING THREADS