Differences

This shows you the differences between two versions of the page.

--- virtualization:ras:ras [2019/02/05 11:52]
gcooper
+++ virtualization:ras:ras [2023/09/06 09:38] (current)
gcooper
@@ Line 1: / Line 1: @@
 ====== Parallels RAS – Remote Application Server ======
-See also **[[virtualization:ras:ras_thin_client_server|RAS ThinClient Server]]**
 **Client Downloads**: https://www.parallels.com/products/ras/download/client/
 **Server Downloads**: https://my.parallels.com
-**2XOS Downloads**: http://www.2x.com/os/downloadlinks
 **Parallels RAS Upgrade Procedure**: http://kb.parallels.com/en/123005
@@ Line 44: / Line 40: @@
 **Quick Configuration Guide**: http://www.2x.com/support/ras/setup/
-  - If the 2X RAS will also be a terminal server, install these first:
+  - If the Parallels RAS will also be a terminal server, install these first:
     * **Role-based Installation**
       * **Remote Desktop Services** (role)
@@ Line 58: / Line 54: @@
      * **Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> Allow log on through Remote Desktop Services
 **
-  - Install Parallels RAS
+  - Install Parallels RAS - login with domain_admin@your_domain_name
   - Add a terminal server
     * Use IP addresses unless the hostname is fully resolvable
@@ Line 112: / Line 108: @@
   * Potentially more secure
   * Not as good for multimedia
+  * Use this for all remote connections
 ===== RemoteFX =====
@@ Line 162: / Line 159: @@
 ===== Policies =====
-After the Parallels RAS client has been configured and used to log in once the policies set here will take effect.
+After the Parallels RAS client has been configured and used to log in once, the policies set here will take effect.
   * RAS Console -> Policies -> Plus sign for New
@@ Line 169: / Line 166: @@
   * Control Settings -> Password (check Do NOT save password)
+===== Brute Force Attacks =====
+https://download.parallels.com/ras/v17/docs/en_US/Parallels-RAS-v17-Administrators-Guide/39294.htm
+Older Parallels RAS installations included a default Gateway Tunneling Policy that would tunnel regular RDP (mstsc.exe) client connections into servers on TCP port 80.
+Frequently, botnets or other brute force attackers will abuse port 80 for RDP connections leading to annoying warning pop-ups and RAS ''controller.log'' entries.  {{ :virtualization:ras:ras_brute_force_pop-up.jpg?direct&250|RAS Brute Force Pop-Up}}
+==== Steps to Disable ====
+Performing these actions will restrict native MSTSC from accessing the Gateway on the RAS Gateway port (default 80).  So if an end-user tries using MSTSC (ipaddress:80) it won't be permitted.  Same goes for RDP connections using the RAS Client pointing to port 80.
+  - Open to Remote Application Server console.
+  - Open the list of Gateways within your farm.
+  - Highlight the Gateway.
+  - Head to Tunneling Policies tab.
+  - Double click the policy (Usually Default policy is used. If you happen to use another policy make sure to double click the used one).
+  - Click "None" checkpoint.
+  - Apply new setting in RAS Console.
+Note: Performing these actions will restrict native MSTSC from accessing the Gateway on the RAS Gateway port (default 80) So if the end-user will try using MSTSC ipaddress:80 it won't let them in. Same with RDP connection on the Client pointing to port 80.

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools