ISA Server / TS Web / TS Gateway

Hi All,

I have a setup with TSWeb pubished via ISA Server 2006. The connections go through a TS Gateway to a number of servers, some of them 2003 and some 2008.

The setup works just fine... But at the moment when my users type there UN and PWD in the ISA HTML form and then have to type it again to authentication to the TS Gateway when they choose the server.

ISA has already authenticated them and therefore I am hoping that there is a way for ISA to push these details to the TS Gateway so that the users have one place that they have to type their UN and PWD on and then thats it..
I am sure that I have seen somewhere that is possible, but can't figure out how to do it or find a guide on it...

Does anybody have any ideas?

Thanks,
LVL 17
JohnGerhardtAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
You may have to use kerberos to do this or you might need to change the https bridging to https tunelling - effectively you want to use single sign on or SSO but you need to enable it within the publishing rule under the authentication section.
0
FarWestCommented:
I think basicly you don't have to use ISA with TS Gateway, without worring about security,you can allow only RDP ports for it,
 
0
JohnGerhardtAuthor Commented:
@keith - Thanks for this, I will need to fiddle around with this and get SSO working, but from what you are saying ISA should be able to take the creditionals of the authenticated user and pass them to the GW for authentication.
@fryezz - I am not sure quite what you are saying, ISA is fronting a TS web install that connects via a TS GW, there are no RDP ports shown publically only port 443.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Keith AlabasterEnterprise ArchitectCommented:
If you can get the SSO to work thats great - it can be fiddly sometimes. Else, change it to https tunneling so the 443 traffic basically passes through ISA direct to the TS box.
0
JohnGerhardtAuthor Commented:
I have managed to get SSO working on for remote Apps but I would like it to work as well for the "free hand page" where you can can choose which RD Server you want to connect to...
Does anybody know if this is possible...?
Thanks
0
JohnGerhardtAuthor Commented:
On a side note..
I have seen a lot of things on the internet about how to setup SSO. I followed them to the letter and still had problems...
There were two things that took a lot more time to find:
  • when you typed the username in the RDWeb logon screen.. make sure that you use domain\username (or edit the logon scripts to add your domain (if you are in a single domain environment).
  • Select the bullet "Private Computer" on the logon screen.
I hope this helps someone...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.