Solved

IIS - web remote connection authentication problem

Posted on 2004-09-01
1
253 Views
Last Modified: 2012-05-05
 I have 2 servers both Windows Server 2003. One has IIS on it and has the web remote desktop client on it and has an external IP. The other is a terminal server and allows terminal server access. In front of both of these we have a linux firewall.
  We have allowed access just to the IIS server through the firewall by letting anybody access port 80 on the IIS server and i can access the remote web client on http://<ipaddress>/tsweb absolutely fine!! The problem comes when trying to access the terminal server through the IIS web remote desktop. It cant connect to it!!
  I have put trace on the linux firewall to find out why and i know whats happening but i dont know why!!! It seems that all IIS does it gives the external browser the info to make a terminal services connection itself.
  This means we had to "punch" another hole for the same address through the firewall to the terminal server!! Is there any way that we can not do this and make the IIS server make the connection straight to the terminal server not having to open the firwall up for the termianl server? At the moment in the firewall we allow tcp to port 3389 and allow ICMP to both local and external adresses of the terminal server. With these rules it accesses the terminal server fine through the IIS web connection client. BUT ideally id like to not have any ports open for this authentication and let the IIS web connection client authenticate locally. Is this possible??
0
Comment
Question by:How_Di
1 Comment
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 90 total points
ID: 11959487
This is not possible.

The Terminal Server Advanced Client (TSAC) Web edition is nothing more than a page that loads an ActiveX object into your browser and gives you a handy interface for telling it what to do.

Basicaly they took the functionality of the Remote Desktop client and wrapped it up in an ActiveX package that runs in your browser.  Your browser then works as an RDP client and connects *from your machine* to whereever you specified on the web page.  All the page does is feeds the entries to the ActiveX object so it knows where to connect.

For the connection to run from the IIS server you would have to have either a server side version of the ActiveX client (doesn't exist) or set up some sort of proxy on the web server to bouce the request from the client to the other server internally (option of using ISA server for this).

In simple terms this is the way it is designed to work and it will be a boatload of customer coding and configuration to make it work any other way.

Dave Dietz
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Learn about cloud computing and its benefits for small business owners.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now