Windows Server 2016 Remote Access



-->

  1. Windows Server 2016 Remote Access Vpn
  2. Windows Server 2016 Tutorial
  3. Windows Server 2016 Remote Access Not Working
  4. Remote Access To Windows Server

The Remote Web Access functionality in WSE 2016 is similar to RWA in WSE 2012R2. It offers easy, touch-friendly, access to data on your server. Before we can use it we have to run the Access Anywhere wizard on the server and install an SSL certificate for your domain. Mar 12, 2021 The first step to setup a Windows Server 2016, as a VPN server is to add the Remote Access role to your Server 2016. Info: For this example we're going to setup VPN on a Windows Server 2016 machine, named 'Srv1' and with IP Address '192.168.1.8'. To install VPN role on Windows Server 2016, open 'Server Manager' and click on Add Roles. By default Windows Server 2016 sets external remote desktop access to disabled as a security measure, we can easily optionally enable it from within the server console to everyone or a. By default Windows Server 2016 sets external remote desktop access to disabled as a security measure, we can easily optionally enable it from within the server console to everyone or a specific set of users or groups. The Remote Web Access setting is displayed for each user account on the USERS tab of the Windows Server Essentials Dashboard. To change the Remote Web Access setting, right-click the user account, and then click View the account properties. Turn on Remote Web Access.

Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

This topic describes how to configure the client and server settings that are required for remote management of DirectAccess clients. Before you begin the deployment steps, ensure that you have completed the planning steps that are described in Step 2 Plan the Remote Access Deployment.

TaskDescription
Install the Remote Access roleInstall the Remote Access role.
Configure the deployment typeConfigure the deployment type as DirectAccess and VPN, DirectAccess only, or VPN only.
Configure DirectAccess clientsConfigure the Remote Access server with the security groups that contain DirectAccess clients.
Configure the Remote Access serverConfigure the Remote Access server settings.
Configure the infrastructure serversConfigure the infrastructure servers that are used in the organization.
Configure application serversConfigure the application servers to require authentication and encryption.
Configuration summary and alternate GPOsView the Remote Access configuration summary, and modify the GPOs if desired.

Note

This topic includes sample Windows PowerShell cmdlets that you can use to automate some of the procedures described. For more information, see Using Cmdlets.

Install the Remote Access role

You must install the Remote Access role on a server in your organization that will act as the Remote Access server.

To install the Remote Access role

To install the Remote Access role on DirectAccess servers

  1. On the DirectAccess server, in the Server Manager console, in the Dashboard, click Add roles and features.

  2. Click Next three times to get to the server role selection screen.

  3. On the Select Server Roles dialog, select Remote Access, and then click Next.

  4. Click Next three times.

  5. On the Select role services dialog, select DirectAccess and VPN (RAS) and then click Add Features.

  6. Select Routing, select Web Application Proxy, click Add Features, and then click Next.

  7. Click Next, and then click Install.

  8. On the Installation progress dialog, verify that the installation was successful, and then click Close.

Windows PowerShell equivalent commands

The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

Configure the deployment type

There are three options that you can use to deploy Remote Access from the Remote Access Management console:

Windows Server 2016 Remote Access Vpn

  • DirectAccess and VPN

  • DirectAccess only

  • VPN only

Note

This guide uses the DirectAccess only method of deployment in the example procedures.

To configure the deployment type

  1. On the Remote Access server, open the Remote Access Management console: On the Start screen, type, type Remote Access Management Console, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

  2. In the Remote Access Management Console, in the middle pane, click Run the Remote Access Setup Wizard.

  3. In the Configure Remote Access dialog box, select DirectAccess and VPN, DirectAccess only, or VPN only.

Configure DirectAccess clients

For a client computer to be provisioned to use DirectAccess, it must belong to the selected security group. After DirectAccess is configured, client computers in the security group are provisioned to receive the DirectAccess Group Policy Objects (GPOs) for remote management.

To configure DirectAccess clients

  1. In the middle pane of the Remote Access Management console, in the Step 1 Remote Clients area, click Configure.

  2. In the DirectAccess Client Setup Wizard, on the Deployment Scenario page, click Deploy DirectAccess for remote management only, and then click Next.

  3. On the Select Groups page, click Add.

  4. In the Select Groups dialog box, select the security groups that contain the DirectAccess client computers, and then click Next.

  5. On the Network Connectivity Assistant page:

    • In the table, add the resources that will be used to determine connectivity to the internal network. A default web probe is created automatically if no other resources are configured. When configuring the web probe locations for determining connectivity to the enterprise network, ensure that you have at least one HTTP based probe configured. Configuring only a ping probe is not sufficient, and it could lead to an inaccurate determination of connectivity status. This is because ping is exempted from IPsec. As a result, ping does not ensure that the IPsec tunnels are properly established.

    • Add a Help Desk email address to allow users to send information if they experience connectivity issues.

    • Provide a friendly name for the DirectAccess connection.

    • Select the Allow DirectAccess clients to use local name resolution check box, if required.

      Note

      When local name resolution is enabled, users who are running the NCA can resolve names by using DNS servers that are configured on the DirectAccess client computer.

  6. Click Finish.

Configure the Remote Access server

To deploy Remote Access, you need to configure the server that will act as the Remote Access server with the following:

  1. Correct network adapters

  2. A public URL for the Remote Access server to which client computers can connect (the ConnectTo address)

  3. An IP-HTTPS certificate with a subject that matches the ConnectTo address

  4. IPv6 settings

  5. Client computer authentication

To configure the Remote Access server

Windows
  1. In the middle pane of the Remote Access Management console, in the Step 2 Remote Access Server area, click Configure.

  2. In the Remote Access Server Setup Wizard, on the Network Topology page, click the deployment topology that will be used in your organization. In Type the public name or IPv4 address used by clients to connect to the Remote Access server, enter the public name for the deployment (this name matches the subject name of the IP-HTTPS certificate, for example, edge1.contoso.com), and then click Next.

  3. On the Network Adapters page, the wizard automatically detects:

    • Network adapters for the networks in your deployment. If the wizard does not detect the correct network adapters, manually select the correct adapters.

    • IP-HTTPS certificate. This is based on the public name for the deployment that you set during the previous step of the wizard. If the wizard does not detect the correct IP-HTTPS certificate, click Browse to manually select the correct certificate.

  4. Click Next.

  5. On the Prefix Configuration page (this page is only visible if IPv6 is detected in the internal network), the wizard automatically detects the IPv6 settings that are used on the internal network. If your deployment requires additional prefixes, configure the IPv6 prefixes for the internal network, an IPv6 prefix to assign to DirectAccess client computers, and an IPv6 prefix to assign to VPN client computers.

  6. On the Authentication page:

    • For multisite and two-factor authentication deployments, you must use computer certificate authentication. Select the Use computer certificates check box to use computer certificate authentication and select the IPsec root certificate.

    • To enable client computers running Windows 7 to connect via DirectAccess, select the Enable Windows 7 client computers to connect via DirectAccess check box. You must also use computer certificate authentication in this type of deployment.

  7. Click Finish.

Configure the infrastructure servers

To configure the infrastructure servers in a Remote Access deployment, you must configure the following:

  • Network location server

  • DNS settings, including the DNS suffix search list

  • Any management servers that are not automatically detected by Remote Access

To configure the infrastructure servers

  1. In the middle pane of the Remote Access Management console, in the Step 3 Infrastructure Servers area, click Configure.

  2. In the Infrastructure Server Setup Wizard, on the Network Location Server page, click the option that corresponds to the location of the network location server in your deployment.

    • If the network location server is on a remote web server, enter the URL, and then click Validate before you continue.

    • If the network location server is on the Remote Access server, click Browse to locate the relevant certificate, and then click Next.

  3. On the DNS page, in the table, enter additional name suffixes that will be applied as Name Resolution Policy Table (NRPT) exemptions. Select a local name resolution option, and then click Next.

  4. On the DNS Suffix Search List page, the Remote Access server automatically detects domain suffixes in the deployment. Use the Add and Remove buttons to create the list of domain suffixes that you want to use. To add a new domain suffix, in New Suffix, enter the suffix, and then click Add. Click Next.

  5. On the Management page, add management servers that are not detected automatically, and then click Next. Remote Access automatically adds domain controllers and Configuration Manager servers.

  6. Click Finish.

Configure application servers

In a full Remote Access deployment, configuring application servers is an optional task. In this scenario for remote management of DirectAccess clients, application servers are not utilized and this step is greyed out to indicate that it is not active. Click Finish to apply the configuration.

Configuration summary and alternate GPOs

When the Remote Access configuration is complete, the Remote Access Review is displayed. You can review all of the settings that you previously selected, including:

  • GPO Settings

    The DirectAccess server GPO name and Client GPO name are listed. You can click the Change link next to the GPO Settings heading to modify the GPO settings.

  • Remote Clients

    The DirectAccess client configuration is displayed, including the security group, connectivity verifiers, and DirectAccess connection name.

  • Remote Access Server

    The DirectAccess configuration is displayed, including the public name and address, network adapter configuration, and certificate information.

  • Infrastructure Servers

    This list includes the network location server URL, DNS suffixes that are used by DirectAccess clients, and management server information.

Windows server 2016 remote desktop access denied

See also

-->

Applies To: Windows Server 2016 Essentials, Windows Server 2012 R2 Essentials, Windows Server 2012 Essentials

Remote Web Access is a feature of Windows Servers Essentials that enables you to access file/folders and computers on your network via a web browser from anywhere with Internet connectivity.

Remote Web Access helps you stay connected to your Windows Server Essentials network when you are away. When you log on to Remote Web Access, you can connect to the computers on your Windows Server Essentials network, open the Dashboard to manage your Windows Server Essentials network, and access all of the shared folders and media files on the server.

This topic includes the following sections:

Connect to Remote Web Access

Log on to Remote Web Access

When you log on to Remote Web Access from a local or remote computer, you can access resources on your server running Windows Server Essentials and computers on your network.

To log on to Remote Web Access from a network computer
  1. Open a Web browser, type https://<YourServerName>/remote in the address bar, and then press Enter.

  2. On the Remote Web Access logon page, type your user name and password in the text boxes, and then click the arrow.

To log on to Remote Web Access from a remote computer
  1. Open a Web browser, type https://<YourDomainName>/remote in the address bar, and then press Enter.

    Note

    You can get your domain name information from your network administrator. Make sure that you include the s in https.

  2. On the Remote Web Access logon page, type your user name and password in the text boxes, and then click the arrow.

Remotely access your computer

When you are away from your office, you can use your Web browser to log on to the Remote Web Access site to remotely access your Windows Server Essentials Dashboard, shared folders, and computers on your network.

When you connect to the Dashboard, you can manage Windows Server Essentials just like you would if you were at the office. You can perform all of the usual administrative tasks, such as adding user accounts, adding shared folders, setting shared folder access, and so on. When you connect to computers on your network, you can access their desktops as if you were sitting in front of them at the office.

The Status column shows you if you can connect to a computer on your network, and can include the following values:

  • Available

    The computer is turned on and is available for a remote connection. Even if you see this status, you still may not be able to connect to this computer if a third-party firewall blocks the connection.

  • Offline or Sleeping

    The computer is turned off or is in Sleep or Hibernate mode. If a computer is offline or sleeping, the status is updated in real time so that you can know when the computer becomes available.

  • Unsupported operating system

    The operating system on the computer does not support Remote Desktop. It may take up to 6 hours for this status to be updated on the server if there is a change.

  • Connection is disabled

    The computer connection is either blocked by a firewall, or the remote desktop is disabled on the computer or by Group Policy. It may take up to 6 hours for this status to be updated on the server if there is a change.

To connect to a computer on your network

On the DEVICES tab, click the name of the computer. You can select only computers with an Available status.

To connect to the server Dashboard

On the DEVICES tab, click the name of your server. You can select only computers with an Available status. You must be able to provide an administrator user account and password on your server to use the Dashboard.

Share files and folders

Upload and download files in Remote Web Access

On the Remote Web Access Shared Folders tab, you can do the following:

  • Upload (send) files from your computer to Windows Server Essentials.

    Note

    You can upload only files and not folders to Remote Web Access. If you want to have the same file and folder hierarchy in the Shared Folders on the server as on your computer, you must create the folders on the server in Remote Web Access, and then upload the files to the folder that you created. For information about creating server folders, see Add or move a server folder.

  • Download (receive) files and folders from Windows Server Essentials to your computer.

  • Create a folder within a shared folder on Windows Server Essentials.

  • Move, delete, and rename files and folders on Windows Server Essentials. For more information, see Create, rename, move, delete, or copy files and folders in Remote Web Access.

  • Move, delete, and rename files and folders on Windows Server Essentials. For more information, see Create, rename, move, delete, or copy files and folders in Remote Web Access.

Upload files

To upload files
  1. In Remote Web Access, click the Shared Folders tab, and then click a shared-folder link. A list of the files and folders in that shared folder is displayed.

  2. From the shared-folder list of files and folders, click the folder where you want to upload the file to, and then click Upload.

  3. If the standard upload tool is not already loaded, click Use the standard upload method.

  4. Click Browse to find a file on your computer.

  5. Navigate through the folders on your computer to find the file that you want to upload, and then click Open.

  6. Repeat Steps 2 and 3 for each file that you want to upload.

  7. When you have added all of the files that you want to upload, click Upload.

    The Easy File Upload tool streamlines the process of uploading files on your server running Windows Server Essentials. You can add as many files as you want to the Easy File Upload tool by using the drag-and-drop feature, and then upload them to the shared folders on the server.

Note

Uploading of multiple files is natively supported in web browsers that are compatible with HTML5. This tool is only necessary when the web browser does not support HTML5.

To upload files using the Easy File Upload tool
  1. In Remote Web Access, click the Shared Folders tab, and then click a shared-folder link. A list of the files and folders in that shared folder is displayed.

  2. From the shared-folder list of files and folders, click the folder where you want to upload the files to, and then click Upload. If the folder that you want to upload to does not exist, click New folder, type the name of the new folder in the dialog box, and then click OK.

  3. You may need to run the Windows Server Solutions add-on. If so, click in the yellow strip at the top of the screen, click run Add-on, and then click Run in the dialog box.

  4. If the Easy File Upload tool is not already loaded, click Use the Easy File Upload tool.

  5. You can drag-and-drop files from Windows Explorer to the Easy File Upload tool, or click browse to select files.

  6. When you finish adding the files that you want to upload to the selected folder, click Upload.

  7. When the files are uploaded successfully, click Close.

Download files or folders

To download a single file
  1. In Remote Web Access, click the Shared Folders tab, and then click a shared-folder link. A list of the files and folders in that shared folder is displayed.

  2. From the shared-folder file list, click the check box next to the file that you want to download to your home computer.

  3. Click Download to begin the download.

  4. On the File Download dialog box, click Save to save the file to your computer.

  5. In the Save As dialog box, select the location to save the file, and then click Save. A single file is not compressed before it is downloaded.

    There are two options for downloading multiple files or folders. Choose the option that fits your needs:

Note

These options are available only when you are downloading multiple files or folders to your computer.

  • Self-extracting executable file (.exe)

    Note

    This section applies to a server running Windows Server Essentials.

    A self-extracting executable file is a file that you can download that combines the decompression (executable) program with the compressed files. When you run the executable program, it automatically decompresses the compressed files (self-extracting). This is a common way to distribute compressed data without worrying about whether the recipient has the right decompression utility.

  • Windows Compressed folder (.zip)

    Zipping a file creates a compressed version of the file that is smaller than the original file. The zipped version of the file has a .zip file name extension. File types that are reduced the most by zipping are text-oriented file types, such as .txt, .doc, .xls, and graphics files that use non-compressed file types such as .bmp. Some graphic files, such as .jpg and .gif files, already use compression, and the file size is reduced very little by zipping. Also, a Word document that contains a lot of graphics is not reduced as much as a document that is mostly text.

    Note

    This option provides limited support for international file names in Windows Server Essentials.

    Before the actual download begins, the exe or zip file is created. Depending on the number of files and the total size of the files to be downloaded, this may take several minutes. After the download file is created, downloading the file occurs in the background. This allows you to continue working while the download process completes.

To download multiple files or folders
  1. In Remote Web Access, click the Shared Folders tab, and then click a shared-folder link. A list of the files and folders in that shared folder is displayed.

  2. From the shared-folder file list, click the check box next to the files or folders that you want to download to your home computer.

  3. Click Download to begin the download.

  4. In the Choose a Download Format dialog box, click to select the download format option that you prefer, and then click OK. The compressed file is prepared in the format option that you selected.

  5. In the File Download dialog box, click Save to save the file to your computer.

  6. In the Save As dialog box, select the location to save the file, and then click Save.

Retrieve compressed files downloaded to your computer

Note

This section applies to a server running Windows Server Essentials.

If you select multiple files or folders to download, you can receive a self-extracting compressed executable file (.exe) or a compressed (.zip) file.

To retrieve a file from the compressed (.exe) file
  1. On your computer, double-click the compressed file to open it.

  2. Follow the instructions to extract the files to a folder on your computer.

To retrieve a file from the compressed (.zip) file
  1. On your computer, double-click the compressed file to open it.

  2. Select the files that you want to retrieve, and then drag the files to a folder on your computer where you want to store them.

    Note

    If you use a third-party file compression program, follow the procedures for that program to extract your files from the compressed file.

Create, rename, move, delete, or copy files and folders in Remote Web Access

You can use Remote Web Access to create new folders in an existing shared folder, to rename files and folders, to move and copy files and folders, and to delete files and folders on your server.

Note

To add new shared folders on a server that is running Windows Server Essentials, you must use the Dashboard. To connect to the server console from Remote Web Access, on the Computers tab, click the server name, click Connect, and then follow the instructions for logging on to the server. For information about how to create shared folders, see Add or move a server folder.

To create a new folder

  1. In Remote Web Access, click the Shared Folders tab, and then click a shared folder link. A list of the files and folders in that shared folder is displayed.

  2. On the task bar, click New Folder.

  3. Type a name for the folder, and then click OK.

To rename a file or folder
  1. In Remote Web Access, click the Shared Folders tab, and then click a shared folder link. A list of the files and folders in that shared folder is displayed.

  2. Right-click the file or folder that you want to rename, and then click Rename.

  3. Type a new name in the text box, and then click OK.

To move files or folders

  1. In Remote Web Access, click the Shared Folders tab, and then click a shared folder link. A list of the files and folders in that shared folder is displayed.

  2. Select the check box next to the files or folders that you want to move, right-click one of the selected files or folders, and then click Cut.

  3. Right-click the folder that you want to move the files or folders to, and then click Paste.

To delete a file or folder
  1. In Remote Web Access, click the Shared Folders tab, and then click a shared folder link. A list of the files and folders in that shared folder is displayed.

  2. Select the check box next to the files or folders that you want to delete, right-click one of the selected files or folders, and then click Delete.

  3. To confirm that you want to delete the selected files and folders, click Yes.

To copy files or folders
  1. In Remote Web Access, click the Shared Folders tab, and then click a shared folder link. A list of the files and folders in that shared folder is displayed.

  2. Select the check box next to the files or folders that you want to copy, right-click one of the selected files or folders, and then click Copy.

  3. Right-click the folder that you want to copy the files or folders to, and then click Paste.

Connect from a mobile device

Use Remote Web Access from a mobile device

You can log on to Remote Web Access from your smart phone to view the files and folders in the shared folders on the server.

Note

You can also download and use the My Server app for Windows Server Essentials from the Windows Phone Marketplace to access your shared folders and media files that are stored on the server.

To log on to Remote Web Access from a mobile device
  1. Open a Web browser and type https://<YourDomainName>/remote in the address bar. Make sure that you include the s in https.

  2. On the Remote Web Access logon page, type your user name and password in the text boxes, and then click the arrow. You are logged on to the mobile version of Remote Web Access.

To switch to the desktop version of Remote Web Access
  1. Open a Web browser and type https://<YourDomainName>/remote in the address bar. Make sure that you include the s in https.

  2. On the Remote Web Access logon page, type your user name and password in the text boxes, click View desktop version, and then click the arrow. You are logged on to the desktop version of Remote Web Access.

To return to the mobile version of Remote Web Access

Windows Server 2016 Tutorial

  1. Log off.

  2. Open a Web browser and type https://<YourDomainName>/remote/m in the address bar. Make sure that you include the s in https.

  3. The mobile version of Remote Web Access is displayed. On the Remote Web Access logon page, type your user name and password in the text boxes, and then click the arrow. You are logged on to the mobile version of Remote Web Access.

    You can search for files and folders in the shared folders on the server.

Supported Web browsers for mobile devices

Supported web browsers for mobile devices include:

Windows Server 2016 Remote Access Not Working

  • Internet Explorer Mobile 6.0 or later

  • Safari

  • Blackberry

  • Symbian 6.0 or later

  • Android

  • Google Chrome

  • Firefox

Remote Access To Windows Server

Additional References