ISA Server / TS Web / TS Gateway

Hi All,

I have a setup with TSWeb pubished via ISA Server 2006. The connections go through a TS Gateway to a number of servers, some of them 2003 and some 2008.

The setup works just fine... But at the moment when my users type there UN and PWD in the ISA HTML form and then have to type it again to authentication to the TS Gateway when they choose the server.

ISA has already authenticated them and therefore I am hoping that there is a way for ISA to push these details to the TS Gateway so that the users have one place that they have to type their UN and PWD on and then thats it..
I am sure that I have seen somewhere that is possible, but can't figure out how to do it or find a guide on it...

Does anybody have any ideas?

LVL 17
Who is Participating?
JohnGerhardtConnect With a Mentor Author Commented:
On a side note..
I have seen a lot of things on the internet about how to setup SSO. I followed them to the letter and still had problems...
There were two things that took a lot more time to find:
  • when you typed the username in the RDWeb logon screen.. make sure that you use domain\username (or edit the logon scripts to add your domain (if you are in a single domain environment).
  • Select the bullet "Private Computer" on the logon screen.
I hope this helps someone...
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
You may have to use kerberos to do this or you might need to change the https bridging to https tunelling - effectively you want to use single sign on or SSO but you need to enable it within the publishing rule under the authentication section.
I think basicly you don't have to use ISA with TS Gateway, without worring about security,you can allow only RDP ports for it,
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

JohnGerhardtAuthor Commented:
@keith - Thanks for this, I will need to fiddle around with this and get SSO working, but from what you are saying ISA should be able to take the creditionals of the authenticated user and pass them to the GW for authentication.
@fryezz - I am not sure quite what you are saying, ISA is fronting a TS web install that connects via a TS GW, there are no RDP ports shown publically only port 443.
Keith AlabasterEnterprise ArchitectCommented:
If you can get the SSO to work thats great - it can be fiddly sometimes. Else, change it to https tunneling so the 443 traffic basically passes through ISA direct to the TS box.
JohnGerhardtAuthor Commented:
I have managed to get SSO working on for remote Apps but I would like it to work as well for the "free hand page" where you can can choose which RD Server you want to connect to...
Does anybody know if this is possible...?
All Courses

From novice to tech pro — start learning today.