In a typical slightly undocumented Microsoft move, you need to open up TCP port 4125 as well as port 3389 (which is the standard RDP port) to allow a remote user to log in through the SBS Remote Web Workplace. So why not just say so somewhere?
Actually no, 3389 isn’t used at all for Remote Web Workplace.
Probably the best instructions on RWW are here:
But no, it’s 443 and 4125 ONLY for Remote Web Workplace. I don’t have 3389 open at all.
And it says so, it’s just hard to find. Buy a book. It’s in most all of the good SBS books.
…and stay tuned to SBS 2008 when port 4125 won’t be used at all….
25 (for SMTP e-mail)
443 (for HTTP SSL for Remote Web Workplace and OWA)
4125 (required for Remote Web Workplace)
1701 (for LT2P), 1723 (for VPN PPTP)
4125 and 3389 (for Remote Desktop administration and terminal services connections) <<< that’s not exactly correct. 4125 is the desktop control port needed for Remote Web Workplace. If you want to log into the server and from there RDP to different workstations, you won’t be using 4125. I would recommend that you not keep 3389 open, or if you do, limit it to your external IP only.