• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Discussion about part 3 of article on publishing TSAC sites

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Server Publishing >> RE: Discussion about part 3 of article on publishing TSAC sites Page: <<   < prev  1 [2]
Login
Message << Older Topic   Newer Topic >>
RE: Discussion about part 3 of article on publishing TS... - 15.Mar.2006 3:28:46 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Patrick,

I'm getting a forbidden message. Looks like maybe the public name isn't configured correctly in the Web Publishing Rule.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to PatrickPinto)
Post #: 21
RE: Discussion about part 3 of article on publishing TS... - 1.Jan.2007 10:04:31 PM   
Sunny.C

 

Posts: 801
Joined: 5.Apr.2005
From: sydney
Status: offline
Hey guys,

Just wondering how to get this working on ISA 2006 when you are using a SSL listener for OWA aswell.

Thanks.

(in reply to tshinder)
Post #: 22
RE: Discussion about part 3 of article on publishing TS... - 19.Jan.2008 3:30:07 AM   
mortem

 

Posts: 2
Joined: 19.Jan.2008
Status: offline
Hi,

I just did the install in on my testing ISA 2004 SP2 server and everthing seems to work well.
Only downside was when i tested
PS: my clients are windows XP SP2 with IE7 or Windows 2003 std SP2 with IE7 too.
Here are my 2 problems:

1- This problem is not serious but when i put the URL https://mywebsite, i can access it. I can access only when i https://mywebsite/tsweb. Is it normal? Is it possible to redirect the URL, like that, i would have to write /tsweb...

2- This is my real problem: when i put my URL https://mywebsite/tsweb, I have the windows popup to write my login and password and after that, i've the web page to connect on client that is open. So, everything is normal.
But on the top of page, i have the security warning that tell me to install "terminal services activex client" module. This is also normal but when i do it... it doesn't install. The warning is still at the top and the "connect" tab is always impossible to clic.
I was thinking this can come from my IIS, so i connected directly on it from my internal network and i'v been able to install the module. It seems this problem occure only when i'm on the External side of my ISA server. Does someone as an idea?

Thanks a lot for your help.

PM

(in reply to tshinder)
Post #: 23
RE: Discussion about part 3 of article on publishing TS... - 20.Jan.2008 1:06:45 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
1. You can create a Deny Web Publishing Rule on the ISA Firewall and redirect to the Https site

2. You might have to configure the clients to allow ActiveX by changing the security settings on the browser.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to mortem)
Post #: 24
RE: Discussion about part 3 of article on publishing TS... - 20.Jan.2008 2:27:39 PM   
mortem

 

Posts: 2
Joined: 19.Jan.2008
Status: offline
Hi tshinder,
 
I'm sorry but your solution doesn't apply to my problem.
My browser works well because when i contact the website from my internal network (so without passing the ISA), i can download the ActiveX Control.
But when i'm outside, this is impossible
And I did a rule that allow all trafic from the Inside to the Outside.
 
Does anyone has encountered this problem and know a solution?
 
thanks a lot
 
 
PM

(in reply to tshinder)
Post #: 25
RE: Discussion about part 3 of article on publishing TS... - 20.Jan.2008 6:01:38 PM   
Sunny.C

 

Posts: 801
Joined: 5.Apr.2005
From: sydney
Status: offline
quote:

My browser works well because when i contact the website from my internal network (so without passing the ISA), i can download the ActiveX Control.
But when i'm outside, this is impossible
And I did a rule that allow all trafic from the Inside to the Outside.

As Tom said sounds like a Browser problem or even firewall issue on the local pc. Are you getting any errors in your logs? You might want to check your browser security setting, make sure it is not blocking the externally address.
What does your TS rule looking like?

< Message edited by Sunny.C -- 20.Jan.2008 6:03:41 PM >

(in reply to mortem)
Post #: 26
RE: Discussion about part 3 of article on publishing TS... - 21.Apr.2008 7:40:10 AM   
birdan

 

Posts: 3
Joined: 19.Apr.2008
Status: offline
Hi

I'm using the ISA 2004 with "Remote Desktop Web Connection - External Interface of the ISA Firewall uses a Private IP Address" since a few days - and it works perfect! Thanks!

Now I have to "enhance" the security trough a company security policy. The clients have to install a SSL certificate on the private computer to logon the company server with the "Remote Desktop Web Connection" feature. I've tried to add the “SSL certificate” option in the “SSL Listener” additional to the “Basic” Authentication. Now – when I connect to server - the ISA server ask for a username, password and the certificate – but I can choose any certificate or just abort this dialog box – I  always can logon the server. I think my way is the wrong way, isn’t?

I have two of the ISA server books and some Internet articles about ISA 2004 but I can’t find any solution. Is there solution available?

Daniel Birrer
info@birdan.org

Switzerland


(in reply to tshinder)
Post #: 27
RE: Discussion about part 3 of article on publishing TS... - 22.Apr.2008 1:59:34 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Daniel,

Not sure what you're trying to accomplish here. Are you trying to enforce User Certificate Authentication to access the Remote Desktop Web Connection Site?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to birdan)
Post #: 28
RE: Discussion about part 3 of article on publishing TS... - 23.Apr.2008 3:30:51 AM   
birdan

 

Posts: 3
Joined: 19.Apr.2008
Status: offline
Hi Tom
 
You're right! A user should only can connect to the ISA/RDP server with a certificate. The certificate must be installed on his notebook.
 
I have your books "ISA 2004" & "Configuring ISA 2004" - do you describe my scenario in this books? I haven't found my scenario or I'm blind...  Thanks!
 
Best regards,
Daniel

(in reply to tshinder)
Post #: 29
RE: Discussion about part 3 of article on publishing TS... - 24.Apr.2008 10:45:21 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Daniel,

I don't think I covered User Certificate Authentication in the books.

In order for the ISA Firewall to support User Certificate authentication, you need to enable KCD on the ISA Firewall, or use a Server Publishing Rule to publish the secure site so that the client can auth directly with the Web site.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to birdan)
Post #: 30
RE: Discussion about part 3 of article on publishing TS... - 28.Apr.2008 4:38:01 AM   
birdan

 

Posts: 3
Joined: 19.Apr.2008
Status: offline
Hi Tom,

I will check and try this in the next days.

Thank you for your help,
Daniel

(in reply to tshinder)
Post #: 31
RE: Discussion about part 3 of article on publishing TS... - 29.Apr.2008 6:44:23 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Daniel,

Very good! Let us know how it works out for you.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to birdan)
Post #: 32

Page:   <<   < prev  1 [2] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Server Publishing >> RE: Discussion about part 3 of article on publishing TSAC sites Page: <<   < prev  1 [2]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts