Welcome to ISAserver.org

Terminal Services Gateway and ISA

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Terminal Services Gateway and ISA

Page: [1]

Message

<< Older Topic Newer Topic >>

Terminal Services Gateway and ISA - 10.Aug.2007 11:51:12 AM

grantorino

Posts: 8
Joined: 20.Jul.2006
Status: offline

Just curious if anyone has successfully configured ISA 2006 with Longhorn's Terminal Services Gateway. I've been trying to publish it through our ISA 2006 server but am having a problem setting up the authentication (I think) with the Terminal Services Gateway computer on our internal. I'm attempting to use HTTPS-HTTPS bridging, which should work.

I see SSL traffic coming into the ISA server's external network interface, but the client just keeps gettting an authentication window no matter what credentials they enter.

If anyone has done this and could share what authentication worked on the listener, the policy and IIS on the Terminal Services Gateway server I'd really appreciate it!

Thanks,

George

Post #: 1

Featured Links*

RE: Terminal Services Gateway and ISA - 10.Aug.2007 2:52:18 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi George,

at the time of writing my blog A Quest for Strong User Authentication with RPC over HTTP services and ISA Server 2006 I have done that. I can't remember I did have to do something special on ISA but configuring a standard RPC over HTTPS publishing rule. Did you try both Basic and Integrated on the web listener?

Also, check out the document Windows Server 2008 TS Gateway Server Step-By-Step Setup Guide .

HTH,
Stefaan

< Message edited by spouseele -- 10.Aug.2007 2:55:17 PM >

(in reply to grantorino)

Post #: 2

RE: Terminal Services Gateway and ISA - 10.Aug.2007 4:21:20 PM

grantorino

Posts: 8
Joined: 20.Jul.2006
Status: offline

Hi Stefaan:

Thanks for the quick reply. I was able to get this to work this morning, but only when I use the "No delegation but client may authenticate directly" option on the Authentication Delegation tab in the policy rule.

I'm using basic authentication on the web listener. I tried as best I could to duplicate what I did when I set up RPC over HTTPS (which works great), but IIS 7 is different enough that I'm not sure if I'm setting it up correctly on the Web Server (TSG) end.

I have read the Microsoft Step-by-Step article, but it refers to ISA 2004 and doesn't discuss anything about the authentication methods. So I'm kind of in the dark. I'm not quite well enough rehearsed in IIS to fake my way through this. Am I correct in thinking that if I'm using Basic Authtication delegation that I need to have that defined on IIS on the RPCwithCert page? That didn't seem to work.

Thanks for any advice!

-George

(in reply to spouseele)

Post #: 3

RE: Terminal Services Gateway and ISA - 11.Aug.2007 1:36:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi George,

as far as I can remember I used Integrated authentication on the listener and Kerberos constraint delegation to the published TSG. Take note that the use of Kerberos constraint delegation was one of the important topics in that blog. So, I think that there are other combinations of authentication/delegation that might work also.

BTW --- I no longer have a Longhorn or TSG VM in my lab. Therefore I can't test it out...

HTH,
Stefaan

(in reply to grantorino)

Post #: 4