TS Web Access – no access from outside


I read everything I could get my hands on regarding TS Web Access before proposing it to a client who needed to work from off-site. Normally I would have pushed for SBS2003, but it’s about to be replaced and this client had no use for Exchange.

Sure enough, installing and configuring the required Terminal Server Roles in Windows Server 2008 is pretty straightforward. Thanks Microsoft! But then I spent days banging my head against the wall when I discovered that I couldn’t connect to internal computers from the outside. I had a fully propagated A Record for the TS Gateway computer and a third-party SSL cert for the same server name, but my attempts to connect to internal resources from the outside would fail with the error, “This computer can’t connect to the remote computer.”

Eventually, I gave up and called Microsoft PSS who sent me an email pointing me to this TechNet blog. Here’s the important part:

My installation had no value for DefaultTSGateway, and technically, even this screenshot is wrong. You need to specify your TS Gateway’s external FQDN.

The term “DefaultTSGateway” is not even mentioned in the Windows Server 2008 TS Gateway Server Step-By-Step Setup Guide so I can only assume that my installation encountered an error which left out this value. Then again, Googling the now known solution turns up others with the same problem.