TSWeb - Internal works - External doesn't

TSWeb - Internal works - External doesn't (Full Version)

All Forums >> [ISA 2006 Publishing] >> Server Publishing

Message

JCI400 -> TSWeb - Internal works - External doesn't (10.Jun.2008 4:31:23 PM)
TSWeb works internally from an XP/Pro PC. I get the 'Remote Desktop Web Connection' page and can jump to any machine from https://www.domainname.com/tsweb. And yes, I am already authenticated with Act/Dir. Externally, I step into https://www.domainname.com and I am asked to authenticate. User/Pass gets me in and I add /tsweb to the above name and get the 'Remote Desktop Web Connection' page asking what server to connect to. Type any machine name in an I get: The specified remote computer could not be found. Verify that you have typed the correct computer name or IP address and then try connecting again. The most frustrating part is the ISA log shows nothing for port 3389, internally or externally. I see port 443 working, but nothing on 3389. I changed the log filter for the IP only and for RDP (3389) only. I can force a 0x80074e21 (or e20) by killing IE7, starting it up again and logging on. That makes sense. I am running on Server 2003 R2s on SP2 and ISA 2006 SP1. I have used Remote Desktop Connection externally for months and jump from there to Remote Desktop to do maintenance on all our machines at night. It works fine. But management wants each Salesman to have access to their own desktop only remotely.

tshinder -> RE: TSWeb - Internal works - External doesn't (12.Jun.2008 10:31:30 AM)
You have to type a computer name that resolves to the IP address used by the listener you configured for the RDP Server Publishing Rule. HTH, Tom

JCI400 -> RE: TSWeb - Internal works - External doesn't (16.Jun.2008 11:15:15 AM)
Sorry, I am still confused. The listener is on the secure web site rule, not the RDP rule. I have two domain names coming in: one secure (SSL) and one not. Niether name is my Act/Dir domain name, so I guess that makes three names.The PCs being accessed have an FQDN for the Act/Dir domain name, not the secure DN used to access the T/S by Sales externally. The ISA2006 SP1 uses the Act/Dir DNS servers to resolve external names per your published articles. Those Act/Dir DNS servers pass DNS requests out. All servers are 2003 R2 SP2. I have found I can make it work by: 1) Log on to the secure site 2) Fire up a VPN connection 3) use the PCs Act/Dir FQDN which confuses me even more. And yet the RDP client works perfectly externally to the T/S. I can't give that to sales (don't trust 'em). Thanks again for the forum and help. You guys (and gals) are amazing.

tshinder -> RE: TSWeb - Internal works - External doesn't (17.Jun.2008 7:26:57 AM)
Hi JCI, With TSWeb, there are two connections: 1. An SSL connection that takes you to the Web site, where you download the ActiveX control 2. An RDP connection The RDP connection goes to the IP address of the name of the server you put in the text box on the log on page. That server name must resolve to an IP address on the external interface of the ISA Firewall, and the RDP Server Publishing Rule must be listening on this IP address. HTH, Tom

JCI400 -> RE: TSWeb - Internal works - External doesn't (21.Jun.2008 11:22:02 PM)
I'm sorry I still do not understand. I have 20 PCs behind a firewall. The TS server is also behind the firewall serving the website and T/S. Port 443 and 3389 are open and pointing to the TS server. In the internal network I can use https://www.website.com/tsweb and it finds every PC that Sales would like to connect to. How can a Salesman access his PC from the big bad internet? Having each PC assigned an external IP cannot be good, that's why we NAT everything. Is this a DNS issue? The hostnames of the Sales PCs are in Act/Dir DNS. The ISA2006 box points back to the D/Cs for DNS, who forward DNS out (is this the "split DNS" I hear so much about?). How and where does the internal TS server resolve names for external tsweb requests?

tshinder -> RE: TSWeb - Internal works - External doesn't (23.Jun.2008 8:48:33 AM)
OK, what you need is to combine TSG with TS Web, so that you're users can access any authorized Terminal Server or Remote Desktop client. HTH, Tom

Page: [1]