?
Solved

TS Web Access?

Posted on 2010-01-06
18
Medium Priority
?
1,591 Views
Last Modified: 2013-11-21
I am trying to help a buddy of mine who is a small business owner set up a Windows 2008 Server at his place of business. He has a few employees that work for him at his CPA firm that travel quite a bit and need to access application(s) remotely on the server. I have never configured TS Web Access before and it would be great if any of you could help a brother out. What needs to happen apparently is that the employees will need to gain access to my buddy's website from their laptops, click on either a link or an application icon that then runs an application like Quick Books remotely on the 2008 Terminal Server over a secured connection. My buddy has a static IP set up with the ISP so that is taken care of and his website is up and functional. He uses DSL in his office and a wireless router is connected to that. I have configured the DSL modem and his wireless router and set up his server which is a PowerEdge T100 with a reserved IP. The DSL modem is also configured as the acting DHCP server in this environment and uses PPoE to connect and authenticate to the ISP. I did not upgrade the server to an AD DC since it is not some large corporate environment, not even a mid size corporate environment. In fact, it is just him in the office and his employees just work from home and there is only around 3 or 4 of them. IIS 7 is running on the server also and I do not have extensive knowledge regarding this technology. My buddy initially had a consulting company attempt to set this up for him but the company was sitting on the job for 6 months or so without really doing much at all and so he just cancelled the account and got his server back from them. He then called me up and I said I would take a look at it and try and configure to the best of my ability. He is a good guy and I just want to help him out so he can have a productive little business. Going over the Invoice from the consulting  company it shows that the SSL certificates were already ordered and I found those located on the server in a directory on a separate drive. Also on the Invoice it reads "Starting work on TS Remote Apps but need to get list from 'my buddy' and get proper SKU for a pair of retail Win Server 2008 RDS CALs." Apparently the CALs were never ordered since he cancelled the service with the consulting company and this is where I am at right now. Let me recap here about what my buddy wants to happen again:

1. Have employees access the public website from home or anywhere on their portable systems
2. Click on perhaps a Quick Books icon on the website that will open a secured session to the internal PowerEdge T100 (Windows Server 2008  Standard with Service Pack 2) in his office to run the QB application installed on the server.

Just so you don't think I am being lazy and trying to piggyback off of your knowledge, I am researching all this right now on the following sites:
- http://www.microsoft.com/windowsserver2008/en/us/rds-product-licensing.aspx 
- http://technet.microsoft.com/en-us/library/cc771623.aspx

Thanks everyone. As always, I appreciate your help.
0
Comment
Question by:kulisncc
  • 11
  • 4
  • 3
18 Comments
 
LVL 10

Expert Comment

by:abhijitwaikar
ID: 26195206
0
 
LVL 31

Accepted Solution

by:
Cláudio Rodrigues earned 2000 total points
ID: 26195382
You actually need several components:
1. Terminal Services: this is the one that will actually give you access to the application itself.
2. TS Web Access: this is the web interface your users will connect to.
3. TS Gateway: this guy will be your RDP over HTTPS tunnel. It will allow your users to launch the apps using HTTPS only (no need for RDP).
You can install all three on the same box using the Roles wizard.
All explained here:
http://www.msterminalservices.org/articles/Windows-Server-2008-Terminal-Services-Web-Access-Part1.html
http://www.msterminalservices.org/articles/Windows-Server-2008-Terminal-Services-Web-Access-Part2.html

Then you follow the links posted above for the TS Gateway.

Cláudio Rodrigues
Citrix CTP
0
 

Author Comment

by:kulisncc
ID: 26294617
thanks guys I appreciate your help. I am going back over to my buddies place of business today and I will use the information given. I will let you know how it turns out.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:kulisncc
ID: 26308032
TS Web Access looks likes it is working on the internal side of the firewall. I am just trying to get it configured to be accessible externally. I just read on Microsoft's site that: "The server name must match what is specified in the SSL certificate for the TS Gateway server."  I will go back and do a check on the TS Gateway Server settings. I will let you know how it turns out.
0
 
LVL 10

Expert Comment

by:abhijitwaikar
ID: 26318434
Ok.
0
 
LVL 10

Expert Comment

by:abhijitwaikar
ID: 26318449
Yes,

"The server name must match what is specified in the SSL certificate for the TS Gateway server."  
0
 

Author Comment

by:kulisncc
ID: 26346126
Well I am confused as to what is going on now. The individual who initially tried to set this up configured an SSL cerfiticate on the server purchased from Go Daddy. Looking at the certificate I see the name but the name in the certificate is not the actual computer name of the server. When typing in what I see in the certificate in a web browser it redirects me to the ADSL router. On my buddies Go Daddy account I see that the server name is pointing to his static IP that the ISP gave him which just takes you to the ADSL router sitting next to his printer. So, am I assuming correctly that the individual screwed up when setting up the SSL certificate and inidicating the static public IP that the ISP gave him? Am I supposed to call up Go Daddy and have them correct the information? Like I said before I have not done this before so I appreciate your help. Thanks
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 26346155
When a certificate request is created (to later create the actual certificate) you are asked for the FQDN that is the name users will use to connect to that box like server.mycompany.com. If you enter an IP address (what seems to be the case) you are toasted basically. Some places may issue you a new one at no cost; others will simply ask you to buy another certificate.
Once you have the correct certificate all you do is to install it on the server and then configure your firewall to send the correct ports to that server.
Simple as that.

Cláudio Rodrigues
Citrix CTP
0
 

Author Comment

by:kulisncc
ID: 26346289
On my friends Go Daddy account the server name (server.mycompany.com) points to his ISP static IP. The server IP is just a 192.168 non routable address within the LAN. I type in the following: http://server.mycompany.com and it takes me to his ADSL router. I type in https://server.mycompany.com and it shows as a dead site because it cannot find the SSL certificate located on the server because it cannot find the server. When you say "configure your firewall to send the correct ports to that server" are you referring to port triggering or port forwarding? I did configure ports 80, 8080 and 3389.
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 26346307
Port forwarding. HTTPS uses 443. You must add that.

Cláudio Rodrigues
Citrix CTP
0
 

Author Comment

by:kulisncc
ID: 26346596
i meant 443 sorry.
0
 

Author Comment

by:kulisncc
ID: 26356976
ok i am getting irritated now. Here at my buddies he has an ADSL modem, connected to that he has a belkin wireless router. I configured NAT virtual servers on the ADSL router to allow ports 3389 and 443 to pass through. I then allowed the same on the belkin wirelss router. I know he has to purchase the TS CALs and I will configure them in TS Licensing Manager in order for the users to be able to use TS Web Access and the Remote Apps I have configured, but is there any way I can check to see if any packets are making it through the ADSL modem and the Belkin wireless router to ensure that the users can connect to Terminal Services running on the 2008 Server? Since he has a static IP set up for him by the ISP, I tried to do the following: http://<staticIP>:3389, but with no luck. How can I check to see if this is working properly so people can start remotely accessing these apps I have configured? Thanks everyone I appreciate your help.
0
 

Author Comment

by:kulisncc
ID: 26357331
nevermind the above i finally was able to remote into the server from home to ensure that connectivity was successful. Now all i think i need for my buddy to do is just purchase the TS CALs for his users and configure this in the TS Licensing Manager. I will keep you guys abreast of my success or failures. I made a rhyme that was kinda cool. Thanks for your support again and I will let you know how it goes since I am going back tomorrow.
0
 

Author Comment

by:kulisncc
ID: 26367027
I can access TS Web Access fine now but when i try to run one of the Remote Apps i get the following error:

The Remote computer could not be found. Please contact your helpdesk about this error.

Is this possibly due to the Windows Firewall blocking inbound connections on the server?
0
 

Author Comment

by:kulisncc
ID: 26367449
well that cant be it because remember i disabled the firewall on the server to test connectivity. The TS Web Access Computers group is empty so maybe that it is or what do you think Cláudio? However, the server is not running Active Directory or connected to an Active Directory network and the TS Web Access server and the Remote Desktop Session Host (RD Session Host) server that hosts the RemoteApp programs are ON ONE server. So Cláudio my friend, what advice can you serve me buddy? muchas gracias bro.
0
 

Author Comment

by:kulisncc
ID: 26367521
my buddy does not have 2008 R2 so when I said "Remote Desktop Session Host (RD Session Host) server" above I actually meant Terminal Services Gateway (TS Gateway) sorry.
0
 

Author Comment

by:kulisncc
ID: 26367939
okay i figured it out. I had to enable Microsoft Terminal Services Client Control and then the TS Web Access popped up with all the remote apps completely visible. Hey Cláudio, you are badass bro and I am going to give all the points to you because you led me in all the right directions. Thanks dude.
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 26370240
Thanks man. Appreciated.

Cláudio Rodrigues
Citrix CTP
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question