Solved

IIS - web remote connection authentication problem

Posted on 2004-09-01
1
258 Views
Last Modified: 2012-05-05
 I have 2 servers both Windows Server 2003. One has IIS on it and has the web remote desktop client on it and has an external IP. The other is a terminal server and allows terminal server access. In front of both of these we have a linux firewall.
  We have allowed access just to the IIS server through the firewall by letting anybody access port 80 on the IIS server and i can access the remote web client on http://<ipaddress>/tsweb absolutely fine!! The problem comes when trying to access the terminal server through the IIS web remote desktop. It cant connect to it!!
  I have put trace on the linux firewall to find out why and i know whats happening but i dont know why!!! It seems that all IIS does it gives the external browser the info to make a terminal services connection itself.
  This means we had to "punch" another hole for the same address through the firewall to the terminal server!! Is there any way that we can not do this and make the IIS server make the connection straight to the terminal server not having to open the firwall up for the termianl server? At the moment in the firewall we allow tcp to port 3389 and allow ICMP to both local and external adresses of the terminal server. With these rules it accesses the terminal server fine through the IIS web connection client. BUT ideally id like to not have any ports open for this authentication and let the IIS web connection client authenticate locally. Is this possible??
0
Comment
Question by:How_Di
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 90 total points
ID: 11959487
This is not possible.

The Terminal Server Advanced Client (TSAC) Web edition is nothing more than a page that loads an ActiveX object into your browser and gives you a handy interface for telling it what to do.

Basicaly they took the functionality of the Remote Desktop client and wrapped it up in an ActiveX package that runs in your browser.  Your browser then works as an RDP client and connects *from your machine* to whereever you specified on the web page.  All the page does is feeds the entries to the ActiveX object so it knows where to connect.

For the connection to run from the IIS server you would have to have either a server side version of the ActiveX client (doesn't exist) or set up some sort of proxy on the web server to bouce the request from the client to the other server internally (option of using ISA server for this).

In simple terms this is the way it is designed to work and it will be a boatload of customer coding and configuration to make it work any other way.

Dave Dietz
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question