Remote Web Workplace "Connect to a Computer" button is not working

I am trying to setup Remote Desktop using RWW.  I can get to RWW from external network.  I get the button for "Connect to a Computer" and when I click on it I get a list of the internal client/server systems. I select a system and get the messages asking to share printers and clipboard I click Connect and a username and password window comes up.  I put the username and password in and a few seconds later I get the username and password screen again.

I've logged into the security server on EBS and turned on logging in Forefront while trying to connect.  Here is the error I get:

Denied Connection SECSERVER 4/26/2010 4:55:00 PM
Log type: Web Proxy (Reverse)
Status: 12202 The Forefront TMG denied the specified Uniform Resource Locator (URL).  
Rule: Default rule
Source: External (174.x.x.x)
Destination: Local Host (192.168.2.101:443)
Request: RPC_IN_DATA http://remote.MYDOMAIN.com/rpc/rpcproxy.dll?localhost:3388 
Filter information: Req ID: 0c4d86b0; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes
Protocol: https
User: anonymous
 Additional information
Client agent: MSRPC
Object source: (No source information is available.)
Cache info: 0x8 (Request includes the AUTHORIZATION header.)
Processing time: 1 MIME type:  

Any help with this will be greatly appreciated.

Thanks,
Greg
NSI-GregAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
how are you entering the credentials? it should be domain\username

Have you installed the certificate onto the client machine that you are making the connection from?
You can see by the error message that the access is blocked becuase it is being seen as an anonymous access attempt.
0
NSI-GregAuthor Commented:
Thanks for the response.  I do enter username as domain\username and I have loaded the certificate on the client machine....BUT....I'm not sure if the same certificate was loaded on the server.  I took over the IT responsibilities about two months ago and have had all kinds of strange problems.  I actually had to call Microsoft for the first time in over 20 years of working IT.

OK....I just checked the certificates that they bought from digicert.com and found a number of dublicate certificates with different thumbprints.  I've checked the servers and found a mess of certificates.  So I've got new questions now:

What should be my next move, maybe get rid of the remote.MYDOMAIN.com certificates on the message server and install one from digicert?

Is the message server in EBS the only server that needs public certificates?

Thanks for your comments Keith.  Any other help will be appreciated.
0
Keith AlabasterEnterprise ArchitectCommented:
no - as I recall there is a folder on the EBS box (at least there is on an SBS 2008/2008 R2 box) that contains the certificate that RWW is using. Copy this off to a memory stick or get it emailed to an outside machine and get the cert installed.
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

NSI-GregAuthor Commented:
OK....I'll try that tonight or more likely tomorrow.  I've been up for a few days now working on this and other problems.
0
NSI-GregAuthor Commented:
I went to TS Gateway properties and it didn't have any allowed computers selected or a SSL certificate.
I created both but I'm not sure which certificate to use because when I use the remote.MYDOMAIN.com certificate then remote web workplace and owa does not work.  We don't have a certificate from our provider that shows msgserver.MYDOMAIN.com certificates.  It only have mail.xxx.com, remote.xxx.com, sp.xxx.com, and xxxUCCertificate certificates.  When I tried to make a self signed certificate and exported it to the client then I could get the Forefront TMG login but can get the RWW or OWA page.  Any suggestions?
0
NSI-GregAuthor Commented:
last comment should say I can not get the RWW or OWA page.
0
bbaoIT ConsultantCommented:
seems to be a problem with the ISA server. have you ever checked MSKB 947124?

Error message when a user visits Web site that is published by using Microsoft ISA Server together with client certificate authentication:
Error Code: 403 Forbidden.
The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)
http://support.microsoft.com/kb/947124
0
NSI-GregAuthor Commented:
bbao thanks for the comment.  I followed the instructions but I'm still having the same problem.  Thanks for the try though.
0
NSI-GregAuthor Commented:
Opened a case with Microsoft yesterday to resolve this problem.  Turned out that the RWW publishing rule had two public names listed.  Once we deleted the public name not needed it corrected the problem.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bbaoIT ConsultantCommented:
> Turned out that the RWW publishing rule had two public names listed

could you please explain a bit more about the PUBLIC NAMES? what's that?

BTW, i have no problem regarding the close request, though i would recommend you PAQ this question by accepting your own comment (explanation) as the answer. this would benefit other members who might have the similar problem.

regards,
bbao
0
NSI-GregAuthor Commented:
bboao:  The Forefront TMG server publishing rule for Remote Web Workplace has a tab called "Public Names" under properties.  That is where we found the two names:  remoter.domain.com and mail.domain.com

I have no idea how mail.domain.com got there but we removed it and RWW started working.
0
bbaoIT ConsultantCommented:
it seemed to be a DNS issue because the deleted item was not a valid domain name that could be resolved by remote computers.
0
NSI-GregAuthor Commented:
I requested the resolution notes from the Microsoft tech and this is what he said:

Resolution - We verified RWW working fine internally External users were getting continues login prompt after selecting the computer from RWW list We disabled a costumed RWW publishing rule We found that on the RWW default publishing rule we have two public name. Mail.domain.com remote.domain.com the certificate is issued to remote.domain.com Hence removed the entries for Mail.domain.com even though we connect using tsgateway to Mail.domain.com Still we getting prompted for authentication We found in the Outlook Anywhere & Terminal server publishing rule The name remote.domain.com misspelled We changed that RWW working fine now We monitored the case for a day"

So looks more like a typo in the Outlook Anywhere & Terminal server publishing rule.  That makes more sense
0
bbaoIT ConsultantCommented:
outcome relies on details...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.