I just did the install in on my testing ISA 2004 SP2 server and everthing seems to work well. Only downside was when i tested PS: my clients are windows XP SP2 with IE7 or Windows 2003 std SP2 with IE7 too. Here are my 2 problems:
1- This problem is not serious but when i put the URL https://mywebsite, i can access it. I can access only when i https://mywebsite/tsweb. Is it normal? Is it possible to redirect the URL, like that, i would have to write /tsweb...
2- This is my real problem: when i put my URL https://mywebsite/tsweb, I have the windows popup to write my login and password and after that, i've the web page to connect on client that is open. So, everything is normal. But on the top of page, i have the security warning that tell me to install "terminal services activex client" module. This is also normal but when i do it... it doesn't install. The warning is still at the top and the "connect" tab is always impossible to clic. I was thinking this can come from my IIS, so i connected directly on it from my internal network and i'v been able to install the module. It seems this problem occure only when i'm on the External side of my ISA server. Does someone as an idea?
I'm sorry but your solution doesn't apply to my problem. My browser works well because when i contact the website from my internal network (so without passing the ISA), i can download the ActiveX Control. But when i'm outside, this is impossible And I did a rule that allow all trafic from the Inside to the Outside.
Does anyone has encountered this problem and know a solution?
Posts: 801
Joined: 5.Apr.2005
From: sydney
Status: offline
quote:
My browser works well because when i contact the website from my internal network (so without passing the ISA), i can download the ActiveX Control. But when i'm outside, this is impossible And I did a rule that allow all trafic from the Inside to the Outside.
As Tom said sounds like a Browser problem or even firewall issue on the local pc. Are you getting any errors in your logs? You might want to check your browser security setting, make sure it is not blocking the externally address. What does your TS rule looking like?
< Message edited by Sunny.C -- 20.Jan.2008 6:03:41 PM >
I'm using the ISA 2004 with "Remote Desktop Web Connection - External Interface of the ISA Firewall uses a Private IP Address" since a few days - and it works perfect! Thanks!
Now I have to "enhance" the security trough a company security policy. The clients have to install a SSL certificate on the private computer to logon the company server with the "Remote Desktop Web Connection" feature. I've tried to add the “SSL certificate” option in the “SSL Listener” additional to the “Basic” Authentication. Now – when I connect to server - the ISA server ask for a username, password and the certificate – but I can choose any certificate or just abort this dialog box – I always can logon the server. I think my way is the wrong way, isn’t?
I have two of the ISA server books and some Internet articles about ISA 2004 but I can’t find any solution. Is there solution available?
Not sure what you're trying to accomplish here. Are you trying to enforce User Certificate Authentication to access the Remote Desktop Web Connection Site?
I don't think I covered User Certificate Authentication in the books.
In order for the ISA Firewall to support User Certificate authentication, you need to enable KCD on the ISA Firewall, or use a Server Publishing Rule to publish the secure site so that the client can auth directly with the Web site.