[Today’s post comes to us courtesy of Shawn Sullivan, Justin Crosby, and Edwin Joseph]
SBS 2008 is configured for Remote Desktop for Administration and TS Gateway during setup. However, it is not supported to install the Terminal Services role on the SBS server due to security, performance, and reliability purposes. Even though the installation of the Terminal Services role will not fail, you will receive the following error in Terminal Services Configuration when attempting to change the licensing mode from Remote Desktop for Administration to any other mode:
Unable to complete operation: 8007013D
In addition, the SBS Console will crash if you attempt to open any of the following links:
- In the Users tab: “Purchase additional client access licenses”
- In the Computers tab: “Purchase additional client access licenses”
- In the Networking, connectivity tab: “Manage Router” (several locations under properties)
- In the Shared Folders tab: “Browse any of the shares”
If you are experiencing any of these issues, you must remove the Terminal Server service from the SBS 2008 standard server (or Server #1 in SBS 2008 Premium) to regain proper functionality of the SBS console. You can do so by opening Server Manager, expanding Roles, and selecting the Terminal Services role. On the right hand side pane, select Remove Role Services and uncheck the Terminal Server role, click Next and Remove to complete the wizard. This is documented in the following KB article: http://support.microsoft.com/default.aspx?scid=kb;EN-US;957712
If you wish to deploy the Terminal Services role in your SBS environment, we recommend purchasing SBS 2008 Premium, which comes with a copy of Windows Server 2008 standard to install on a second machine. It is fully supported to install the Terminal Services role on this second machine.
The following remote access options are available in SBS 2008:
Clients running Remote Desktop Connection (RDC) 6.0 can be configured to connect to internal network resources on port 443, which most customers will have open to the internet already. This no longer requires the administrator to open RDP ports directly through the firewall.
Full details on TS Gateway can be found here: http://technet.microsoft.com/en-us/library/cc771530.aspx
Remote Web Workplace (RWW)
Clients can open an https connection to the RWW website from their web browser and access their email, connect to authorized internal machines, and connect to the internal Sharepoint website.
For more information, please see: http://technet.microsoft.com/en-us/library/cc527519.aspx
Virtual Private Network (VPN)
You can enable Routing and Remote Access (RRAS) on SBS 2008 to accept client VPN connections. Note: You cannot enable RRAS as a router or NAT firewall on server 1, due to the single network card topology requirements.