RE: Discussion about part 3 of article on publishing TSAC sites (Full Version)

All Forums >> [ISA Server 2004 General ] >> Server Publishing



Message


tshinder -> RE: Discussion about part 3 of article on publishing TSAC sites (15.Mar.2006 3:28:46 PM)

Hi Patrick,

I'm getting a forbidden message. Looks like maybe the public name isn't configured correctly in the Web Publishing Rule.

HTH,
Tom




Sunny.C -> RE: Discussion about part 3 of article on publishing TSAC sites (1.Jan.2007 10:04:31 PM)

Hey guys,

Just wondering how to get this working on ISA 2006 when you are using a SSL listener for OWA aswell.

Thanks.




mortem -> RE: Discussion about part 3 of article on publishing TSAC sites (19.Jan.2008 3:30:07 AM)

Hi,

I just did the install in on my testing ISA 2004 SP2 server and everthing seems to work well.
Only downside was when i tested
PS: my clients are windows XP SP2 with IE7 or Windows 2003 std SP2 with IE7 too.
Here are my 2 problems:

1- This problem is not serious but when i put the URL https://mywebsite, i can access it. I can access only when i https://mywebsite/tsweb. Is it normal? Is it possible to redirect the URL, like that, i would have to write /tsweb...

2- This is my real problem: when i put my URL https://mywebsite/tsweb, I have the windows popup to write my login and password and after that, i've the web page to connect on client that is open. So, everything is normal.
But on the top of page, i have the security warning that tell me to install "terminal services activex client" module. This is also normal but when i do it... it doesn't install. The warning is still at the top and the "connect" tab is always impossible to clic.
I was thinking this can come from my IIS, so i connected directly on it from my internal network and i'v been able to install the module. It seems this problem occure only when i'm on the External side of my ISA server. Does someone as an idea?

Thanks a lot for your help.

PM




tshinder -> RE: Discussion about part 3 of article on publishing TSAC sites (20.Jan.2008 1:06:45 PM)

1. You can create a Deny Web Publishing Rule on the ISA Firewall and redirect to the Https site

2. You might have to configure the clients to allow ActiveX by changing the security settings on the browser.

HTH,
Tom




mortem -> RE: Discussion about part 3 of article on publishing TSAC sites (20.Jan.2008 2:27:39 PM)

Hi tshinder,
 
I'm sorry but your solution doesn't apply to my problem.
My browser works well because when i contact the website from my internal network (so without passing the ISA), i can download the ActiveX Control.
But when i'm outside, this is impossible
And I did a rule that allow all trafic from the Inside to the Outside.
 
Does anyone has encountered this problem and know a solution?
 
thanks a lot
 
 
PM




Sunny.C -> RE: Discussion about part 3 of article on publishing TSAC sites (20.Jan.2008 6:01:38 PM)

quote:

My browser works well because when i contact the website from my internal network (so without passing the ISA), i can download the ActiveX Control.
But when i'm outside, this is impossible
And I did a rule that allow all trafic from the Inside to the Outside.

As Tom said sounds like a Browser problem or even firewall issue on the local pc. Are you getting any errors in your logs? You might want to check your browser security setting, make sure it is not blocking the externally address.
What does your TS rule looking like?




birdan -> RE: Discussion about part 3 of article on publishing TSAC sites (21.Apr.2008 7:40:10 AM)

Hi

I'm using the ISA 2004 with "Remote Desktop Web Connection - External Interface of the ISA Firewall uses a Private IP Address" since a few days - and it works perfect! Thanks!

Now I have to "enhance" the security trough a company security policy. The clients have to install a SSL certificate on the private computer to logon the company server with the "Remote Desktop Web Connection" feature. I've tried to add the “SSL certificate” option in the “SSL Listener” additional to the “Basic” Authentication. Now – when I connect to server - the ISA server ask for a username, password and the certificate – but I can choose any certificate or just abort this dialog box – I  always can logon the server. I think my way is the wrong way, isn’t?

I have two of the ISA server books and some Internet articles about ISA 2004 but I can’t find any solution. Is there solution available?

Daniel Birrer
info@birdan.org

Switzerland





tshinder -> RE: Discussion about part 3 of article on publishing TSAC sites (22.Apr.2008 1:59:34 PM)

Hi Daniel,

Not sure what you're trying to accomplish here. Are you trying to enforce User Certificate Authentication to access the Remote Desktop Web Connection Site?

Thanks!
Tom




birdan -> RE: Discussion about part 3 of article on publishing TSAC sites (23.Apr.2008 3:30:51 AM)

Hi Tom
 
You're right! A user should only can connect to the ISA/RDP server with a certificate. The certificate must be installed on his notebook.
 
I have your books "ISA 2004" & "Configuring ISA 2004" - do you describe my scenario in this books? I haven't found my scenario or I'm blind... [;)] Thanks!
 
Best regards,
Daniel




tshinder -> RE: Discussion about part 3 of article on publishing TSAC sites (24.Apr.2008 10:45:21 AM)

Hi Daniel,

I don't think I covered User Certificate Authentication in the books.

In order for the ISA Firewall to support User Certificate authentication, you need to enable KCD on the ISA Firewall, or use a Server Publishing Rule to publish the secure site so that the client can auth directly with the Web site.

HTH,
Tom




birdan -> RE: Discussion about part 3 of article on publishing TSAC sites (28.Apr.2008 4:38:01 AM)

Hi Tom,

I will check and try this in the next days.

Thank you for your help,
Daniel




tshinder -> RE: Discussion about part 3 of article on publishing TSAC sites (29.Apr.2008 6:44:23 PM)

Hi Daniel,

Very good! Let us know how it works out for you.

Thanks!
Tom




Page: <<   < prev  1 [2]