Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
tsweb advvance client : http version
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
tsweb advvance client : http version - 12.Jul.2004 5:14:00 PM
|
|
|
Uju Sivas
Posts: 236
Joined: 31.Dec.2001
Status: offline
|
I installed tsweb advance client http version so that I can access my machine behind the firewall from internet.
I have isa2004 and web server behind it. The web server is domain controller also. DNS is working fine.
after installing tsweb client in web server, I created the web publishing and server publishing rules in ISA 2004.
I cannot access the site from outside. I'm using IP address to acess like
http://<public ip >/tsweb.
This public IP is the external interface of ISA. Nothing has been published to this interface, so I'm utilizing this one.
When i access i get 403 resource locator error.
Any help is appreciated.
|
|
|
|
|
RE: tsweb advvance client : http version - 13.Jul.2004 6:11:00 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Uju,
In your Web Publishing Rule, what do you have on your "To" and "Public Name" tabs?
Thanks!
Tom
|
|
|
|
|
RE: tsweb advvance client : http version - 13.Jul.2004 6:54:00 AM
|
|
|
Uju Sivas
Posts: 236
Joined: 31.Dec.2001
Status: offline
|
To: 192.168.0.2
Public name : external ip address of ISA server, which is public.
BTW, when I did played little bit different option, I was able to do RDP to directly to web server which is behind the ISA server.
This is just the information.
Don't tell me that I cannot use IP address.
thx
Uddhav.
|
|
|
|
|
RE: tsweb advvance client : http version - 13.Jul.2004 8:00:00 AM
|
|
|
Uju Sivas
Posts: 236
Joined: 31.Dec.2001
Status: offline
|
I did get the page. But, pictures do not appear in tsweb and I cannot press connect tab ??
It looks like I'm half way thru and I'm stuck in that black hole tunnell
help me !
|
|
|
|
|
RE: tsweb advvance client : http version - 13.Jul.2004 6:55:00 PM
|
|
|
Uju Sivas
Posts: 236
Joined: 31.Dec.2001
Status: offline
|
Now something more:
once I put in my login id information in tsweb
I get box only - not any other stuffs...
the box where you see the windows screen with userid, password, domain
|
|
|
|
|
RE: tsweb advvance client : http version - 13.Jul.2004 8:30:00 PM
|
|
|
Uju Sivas
Posts: 236
Joined: 31.Dec.2001
Status: offline
|
so looks like
I can reach to my internal server by tsweb which is hosted in IIS web server which is inside ISA.
So, port 80 is working
Now from there, port 3389 needs to work - that is from that web server to any other web server.
I did publish the server rule for that....
there is still something missing here
|
|
|
|
|
RE: tsweb advvance client : http version - 14.Jul.2004 6:52:00 PM
|
|
|
Uju Sivas
Posts: 236
Joined: 31.Dec.2001
Status: offline
|
After working late nights yesterday, finally I was able to make my VMWare works.
Now, I have Dual Xeon 1 GHZ , LX440G+, 512 ECC, 15000 RPM machine running.
It took me several hrs to make HOST ISA 2004 SE released to public few days ago with two nics and Virtual Windows 2003 EE work in Secure NAT. Now, they can talk , traffic all pass by ISA 2004.
I'll have better findings .....
Just stayed tuned.....
thx
San Jose, CA
|
|
|
|
|
RE: tsweb advvance client : http version - 16.Jul.2004 6:15:00 AM
|
|
|
Uju Sivas
Posts: 236
Joined: 31.Dec.2001
Status: offline
|
Did not work
I did get the initial tsweb page. But at there I do not see any pictures on left hand side. I think it needs to download some pictues and it downloads some cookies or certificate in other machines ( like when I do from internally ) it works very perfect.
As cookies and or pictures are not downloaded, I cannot hit connect. So, I think the issue, might be some other ports needs to open besides 80. I did both web publish and server publish. I 'm using everything IPwise.
Help me...................
thx
|
|
|
|
|
RE: tsweb advvance client : http version - 16.Jul.2004 9:05:00 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Uju,
You're working so hard on this! Because you've spent so much time and shared your efforts, I'll put this on the top of my article list and see if I can figure it out and publish the results next week.
Are you using Windows 2000 and the TSAC on that? Has anything changed in the TSAC since the last time I ran it a couple of years ago? I want to make sure I replicate your config as closely as possible.
Thanks!
Tom
|
|
|
|
|
RE: tsweb advvance client : http version - 16.Jul.2004 4:11:00 PM
|
|
|
Uju Sivas
Posts: 236
Joined: 31.Dec.2001
Status: offline
|
I do not see any changes. The new one is very fast.
I always prefer to have Windows 2003 Ad server as my ISA server than Windows 2000. As it is more securitywise close than Windows 2000.
It absoluly blocks all ports besides some 10, 15 while ISA 2004 SE is installed on top of that.....
I'm planning to have all my setup at least like that way .....for firewall.s
Last time I did ran some Network Monitor tools and I don't exactly remmeber , I think it were trying to talk in other port as well.....like some 33xx or something....
Last time I was in touch with one of the CEOs here in Silicon Valley, they are using RDP as their major firmware device to make small hard drive like box to travel with you. Its called travellingpc.com
They use some sort of RDP to achieve that and they are thinking they gonna be the lead than Citrix....MS sold out some piece of RDP to them...and last I heard that you can "chanallize the RDP session within Port 80 "....that means multiple channels can come thru.....I still need to figure out that.......
Its always like that. People sell and buy....but somethimes, you get garbage.....like HFNetChkPro sold out some piece to MS but I think they sold out not so good part to MS and now they have MBSA which is kind of rouge.....does not work well....
Anyway, let me come to the point....
1. My enviroment is ISA 2004 SE on top of Windows 2003 EE.
2. Domain controller is behind the ISA. Its mylab.com. It is Windows 2000.
3. has split DNS. DNS works fine. WINS is installed in DC as well and Wins Address is pointed in internal interface of ISA as well....
4. Have got downloaded version of remote desktop which MS has posted for XP - the only one I got it....
5. Can access the http://domain/tsweb or http://192.168.0.2/tsweb from anywhere from within the enviroment. From ISA too. Very fast which is win2003. BTW, domain is host name of DC and silverline is host name of MS ISA Firewall.
6. Typically just 3 or 4 rules are there.....
|
|
|
|
|
RE: tsweb advvance client : http version - 16.Jul.2004 4:23:00 PM
|
|
|
Uju Sivas
Posts: 236
Joined: 31.Dec.2001
Status: offline
|
sorry, hit the wrong button...
To Be Continued....
There are typically 3,4 rules
a. Outside all open
b. DNS
c. RDP
d. Web publish ( where new port 3389 is enabled )
e. Server publish.
My concern is it has to work by IPwise. That is the first test. As if it works IPwise, then domainwise it will work.....domain can be spoofed, hijacked but I guess not IP.
Now, what happens is once I hit the external interface of ISA from public, the page tsweb get displayed.....I 'm using straight public adddrss like http:// < public > /tsweb...
that means port 80 of http works. Now there are two , three things needs to happen here.....one is during that page display, some pictures on left and other pictures needs to come and there is kind of MS Certificate or Cookies page needs to come to install something or activate somethig......then the control goes to RDP session. Now, typically, once we hit, it useses the same RDP to coonect from that box to other box inside the network. Which is Remote Desktop Termianl Services protocol.....and the outside user ( who is at Internet ) feels that everything is tunnelling thru 80 which is true.....
When I do just simple RDP publish , I can go directly to my domain controller ( just RDP ).....trust me.....it works......RDP directly to DC IPwise......it works - very perfect.....
So, I'm kind of lost where we missed here.....
Hope that....you can help me out.....
My 3,4 projects are pending becasue of this.....I cannot access my servers when I'm behind the firewall in some other Corp offices.....but, then cannot block port 80.......???
If needed we can do conf command in windows - > Run and have you look into the situation directly......we just need to co-ordinate the time........
|
|
|
|
|
RE: tsweb advvance client : http version - 16.Jul.2004 4:33:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Uju,
I'm in Remond today and tomorrow, but I start work on this on Sunday. It shouldn't take more than a day to complete the project. If you send me your email address at tshinder@isaserver.org, I'll send you the draft doc before I post it to the Web site.
Thanks!
Tom
|
|
|
|
|
RE: tsweb advvance client : http version - 18.Jul.2004 12:18:00 AM
|
|
|
Uju Sivas
Posts: 236
Joined: 31.Dec.2001
Status: offline
|
so far no luck, hope you got my previous mail.
I'm waiting for your final copy.
Looks like there is big problem in active x dll download and some security issues involved in
tsweb....
I tried various option just to make tsweb correctly - that is once it is published, I should get some pictures and activex download.....
so there might be some other things needs to done in 2004...
I'll continue playing with it....
btw, my vmware is working fine now
|
|
|
|
|
RE: tsweb advvance client : http version - 18.Jul.2004 6:01:00 AM
|
|
|
Uju Sivas
Posts: 236
Joined: 31.Dec.2001
Status: offline
|
Half way crossed....
Now, Active X download is working, pictures are coming.....but, when I point to the internal server, I see just the black square box in edge and nothing....so, it looks like there is some game of that 3389 protocol....
I'll be working on that.....
To be Continued....
|
|
|
|
|
RE: tsweb advvance client : http version - 18.Jul.2004 4:46:00 PM
|
|
|
vankampenp
Posts: 40
Joined: 29.Jun.2004
From: Netherlands
Status: offline
|
I would think you need to publish the 3389 separately, not from the web publishing rule.
|
|
|
|
|
RE: tsweb advvance client : http version - 18.Jul.2004 10:36:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hey guys,
I tested it today and its very simple.
Create two publishing rules, one is a Web Publishing Rule for the /tsweb/* path and the second is a Server Publishing Rule for the TS site. That's it.
Any other issues would be with the client or published server end.
HTH,
Tom
|
|
|
|
|
RE: tsweb advvance client : http version - 18.Jul.2004 10:42:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Uju,
I just realized something. I read over some of the things you said above, and I noticed that you said that you thought that the RDP connection is tunneled in the HTTP connection. That is not true; the RDP connection is separate from the HTTP connection.
So, if you want to use RDP to 10 machines on the internal network, you will need to bind 10 IP addresses to the external interface of the ISA firewall.
HTH,
Tom
|
|
|
|
|
RE: tsweb advvance client : http version - 19.Jul.2004 6:19:00 PM
|
|
|
Uju Sivas
Posts: 236
Joined: 31.Dec.2001
Status: offline
|
Just qurious,
if I'm behind the firewall in other corp places, and port 3389 is blocked from Internet to Lan, will I be able to access my tsweb...
I guess no, right ?
If no, then is there any possiblitity that we might have RDP inside http...??? like RPC inside http ??
|
|
|
|
|
RE: tsweb advvance client : http version - 20.Jul.2004 2:57:00 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Uju,
That is correct. I heard a rumor that Windows 2003 SP1 might support RDP over HTTP, but I don't have any details on this.
HTH,
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Smile]](/image/smiles/smile.gif)
Has it changed since then? Does it run on Windows 2003? Or, are you using it in Win2k?
