Link to home
Start Free TrialLog in
Avatar of Comptrib
Comptrib

asked on

Connecting to TS Web Access via TS Gateway

Hi all,

I'm trying to find an article on how to configure TS Web Access so a domain user can authenticate to a TS Web server via TS Gateway from outside. I have configured two Windows server 2008 R2 Standard servers, 1 as a TS Gateway with external access (terminal.blabla.ca) and 1 as TS Server which has a few apps installed such as MS Office, Adobe Acrobat, etc. This all works fine when using a RDP file, the user connects to the remote server easily thru the Gateway but when trying with the web access I can't get it to work from outside. It works fine inside obviously when typing the URL, I get redirected to the TS web access on the TS Server with access to the apps.  I have installed Remote Desktop Web Access Role on both machines and Remote Desktop Gateway Role on only one with a 3rd party SSL Cert. The fact that everything works fine with a RDP file makes me think that I'm not far but still not there!

thanks
Avatar of Ayman Bakr
Ayman Bakr
Flag of United Arab Emirates image

First see if your configuration is aligned to the checklist here:

http://technet.microsoft.com/en-us/library/cc772415.aspx

Moreover, if you deployed your RD Web Access and RD Gateway in DMZ, while your RD Session host was deployed internally, ensure you open WMI traffic on the firewall from the RD Web Access to the RD Session host.

Also ensure that your RD Web Access is configured to use Forms Authentication (it should by default).
Avatar of Comptrib
Comptrib

ASKER

Thanks for the reply,

Both of my servers are inside the domain. When typing "https://terminal.blabla.ca" in tnhe browser, the address gets translated at the Firewall level to the TS Gateway. After going thru the checklist you sent me, I created an RDP file within RemoteAppManager, took a copy and tried it outside my domain with a wifi connection. It worked perfectly. However, what I am looking for is the possibility for a user to type the "https://terminal.blabla.ca" in his browser and be redirected and authenticated to the TS Web server so he can select the application he wants to work on. Is this feasable?

thanks
To have SSL, and thus HTTPS, on your RD Web Access you need to setup SSL in IIS for your site and create an HTTPS binding for that site. Have you done it? Check this link on how to do it:

http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis

Moreover, have you configured the RemoteApp programs to be available through RD WebAccess? Please verify your configurations with this checklist:

http://technet.microsoft.com/en-us/library/cc730739.aspx
SSL is configured on RD Web Access and programs are available through RD Web access. I can access them in the browser from inside.

The problem seems to be at the Gateway. How can I set it up to have the user redirected to my RD Web Server? Actually when I type my address in the browser, I end up to the default web page of the TS Gateway server (iisstart.htm). Like I said, the address "terminal.blabla.ca" is translated to 192.168.x.x which is my TS Gateway. It stops there.

Thanks
Correct configuration should be as follows:

1. On RD Web Access the following should be configured:
    a. Source should be configured with the FQDN of your RD Session Hosts (have you configured this correctly?)

2. On Remote Desktop Session Host the following should be configured:
    a. Within the RemoteApp Manager settings you need to specify the RD Gateway settings including to 'Bypass RD Gateway Server for local addresses'
    b. Add your RDS User group to the TS Web Access Computers local group
    c. Publish the applications you want your users to run

How are your external users accessing your RD network - i.e. is terminal.blabla.ca the FQDN of your RD Gateway?
Yes, external users accessing the Gateway via the FQDN terminal.blabla.ca.

Here's what I tried; I enabled Directory Browsing in RDWeb on my Gateway and added RDWeb in my URL (https://terminal.blabla.ca/RDWeb) and I got a page showing the directory. I clicked on "Pages" and the Login page (RD Services Default Connection page) opened. I was able to log and run the applications on my Web Server. I changed the physical path of the RDWeb directory so it points to the default.aspx page but that generates an error.  I'm not far from what I want. Why I see the Directory and not the Login page?

G
Okay, I got it to work after reading this article on MS Forum http://social.technet.microsoft.com/Forums/en/winserverTS/thread/8d2af593-9f6f-4b5b-bf33-cfd29ad31db5. I simply redirected the default web site to "/RDWeb/Pages/default.aspx"

One more issue though, Once authentcated, I get the RD Web access page with the Apps available but to open one I have to authenticate again with Domain\username and also accept a "Unknow Publisher" warning. I need to do this for every App. Any idea how I can bypass this since I'm already authenticated as a domain user thru the Gateway.

Thanks
ASKER CERTIFIED SOLUTION
Avatar of Ayman Bakr
Ayman Bakr
Flag of United Arab Emirates image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
THak you for the help. Greatly appreciated.