Solved

IIS - web remote connection authentication problem

Posted on 2004-09-01
1
254 Views
Last Modified: 2012-05-05
 I have 2 servers both Windows Server 2003. One has IIS on it and has the web remote desktop client on it and has an external IP. The other is a terminal server and allows terminal server access. In front of both of these we have a linux firewall.
  We have allowed access just to the IIS server through the firewall by letting anybody access port 80 on the IIS server and i can access the remote web client on http://<ipaddress>/tsweb absolutely fine!! The problem comes when trying to access the terminal server through the IIS web remote desktop. It cant connect to it!!
  I have put trace on the linux firewall to find out why and i know whats happening but i dont know why!!! It seems that all IIS does it gives the external browser the info to make a terminal services connection itself.
  This means we had to "punch" another hole for the same address through the firewall to the terminal server!! Is there any way that we can not do this and make the IIS server make the connection straight to the terminal server not having to open the firwall up for the termianl server? At the moment in the firewall we allow tcp to port 3389 and allow ICMP to both local and external adresses of the terminal server. With these rules it accesses the terminal server fine through the IIS web connection client. BUT ideally id like to not have any ports open for this authentication and let the IIS web connection client authenticate locally. Is this possible??
0
Comment
Question by:How_Di
1 Comment
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 90 total points
ID: 11959487
This is not possible.

The Terminal Server Advanced Client (TSAC) Web edition is nothing more than a page that loads an ActiveX object into your browser and gives you a handy interface for telling it what to do.

Basicaly they took the functionality of the Remote Desktop client and wrapped it up in an ActiveX package that runs in your browser.  Your browser then works as an RDP client and connects *from your machine* to whereever you specified on the web page.  All the page does is feeds the entries to the ActiveX object so it knows where to connect.

For the connection to run from the IIS server you would have to have either a server side version of the ActiveX client (doesn't exist) or set up some sort of proxy on the web server to bouce the request from the client to the other server internally (option of using ISA server for this).

In simple terms this is the way it is designed to work and it will be a boatload of customer coding and configuration to make it work any other way.

Dave Dietz
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question