Solved

Configure TS/RD Web Access + TS/RD Gateway + OWA + TMG 2010

Posted on 2011-02-22
12
6,302 Views
Last Modified: 2012-05-11
Hi,

I have this scenario:

- Router 1 public IP address
- W2008 R2 + Exchange 2010 w/ OWA
- Windows Server 2008 + TS + TS Web Access + TS RemoteApp + TS Gateway (not W2008R2 RD Web)
- W2008 R2 + Forefront TMG 2010 + RD Web + RD gateway

All Internet connections are received by the router.

Router is forwarding TCP ports 80 and 443 to TMG.

I have third-party certificates for mymail.mydomain.com and ts.mydomain.com

Through HTTP listener, TMG redirects traffic from mymail.mydomain.com to  https://mymail.mydomain.com/owa through a rule in TMG and it connects to OWA using a HTTPS listener with FBA with AD and Basic Authenticaton in the rule. This is working fine.

I'm trying to configure TS Web Access or RD Web Access.

Through the same OWA HTTP listener, TMG redirects traffic from ts.mydomain.com to https://ts.mydomain.com/TS using the same HTTPS listener from OWA and with Basic Authenticaton in the rule. I published the paths /RPC/* and /TS/*

I could not configure TMG to forward these requests to RD Web Access in the same TMG server.

When I go to ts.mydomain.com I can see TMG authentication form, I enter my user and password and then it forwards me to the TS Web Access site. I can see the remote desktop and remote apps but when I try to use them... I just can't :(... It ask me for a password, I enter my user and passw but... nothing... just keep asking again...

In TS Gateway Manager, under SSL Bridging, the option "Use HTTPS_HTTP bridging (terminate SSL requests and initiate new HTTP requests" is checked.

In TS RemoteApp Manager, under TS Gateway, I have these options configured:
Use these TS Gateway server settings:
Server name: ts.mydomain.com
Logon method: Allow user to select during connection

Checked "Use the same user credential for TS Gateway and terminal server


What am I missing? What am I doing wrong?

Thanks in advance!
0
Comment
Question by:rafaeldemartin
  • 6
  • 6
12 Comments
 
LVL 4

Expert Comment

by:Llacy80
ID: 34954498
What client operating system are you trying to connect from? Xp, vista?
0
 
LVL 1

Author Comment

by:rafaeldemartin
ID: 34954528
I tried with XP and Win7.
0
 
LVL 4

Expert Comment

by:Llacy80
ID: 34954798
Go to IIS --> Click on TS under Default Web site --> Click Application settings --> What is the value for DefaultTsGateway?  ) (servername.domainname.local)?
Also what is the value for Gatewaycredentialsource?

When I set this up for my company a while back I had a heck of a time getting the gateway and remoteapps working properly.
0
 
LVL 1

Author Comment

by:rafaeldemartin
ID: 34961089
Under DefaultTSGateway, it was empty...Do I user ts.mydomain.com or servername.domainname.local?

Under GatewayCredentialsSource, the value is 4.
0
 
LVL 4

Expert Comment

by:Llacy80
ID: 34961366
Hi. You can try adding the fully qualified domain name (ts.mydomain.com)

Also for testing purposes.. On your LAN (internally), go to https://servername/rdweb and then try accessing the Icons from there. Does it still keep prompting for credentials?



0
 
LVL 1

Author Comment

by:rafaeldemartin
ID: 34961541
Hi and thanks in advance for your help!

Internally, I access TS WEB access, it asks me for credential (basic auth). I can access internally (basic auth) and externally (forms based through TMG 2010).
Internally, when I try to access to any app, it asks me for credentials, I enter my creds and then this error (image attached). I tryed internally using W2008R2, W2003 and WXP and the error is the same.

I can access internally this server through RDP without problems.


error.jpg
0
[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

 
LVL 4

Accepted Solution

by:
Llacy80 earned 500 total points
ID: 34962510
Hi. I am kind of thinking this error is certificate related. I had all sorts of issues even though we used third party certs.  Are you using a wildcard cert? See link below. I have seen this work for a few people. The only down side is you have to remove and re add the published apps from the remoteapp list

http://www.nicklloyd.it/blog/?p=36

0
 
LVL 1

Author Comment

by:rafaeldemartin
ID: 34963361
Thanks! It worked... internally.

Any idea about externally? It keeps asking me for credentials to connect to the app.
0
 
LVL 4

Expert Comment

by:Llacy80
ID: 34964415
What client operating system are you using to connect externally? Hopefully not Vista ... I could never get Vista to work correctly (it would just keep prompting for credentials)with it but thankfully none of the emloyees run that at home.

I know you mentioned you are also using TMG. I am not familiar with that product but if it is anything simliar to ISA (which I have used in the distant past) you will need to make sure that the certificate is imported and web listener configured (which I am sure you have probably already done?).

0
 
LVL 1

Author Comment

by:rafaeldemartin
ID: 34988665
I think that the problem is the "listener" in Forefront TMG.
I just can use one listener for port 443 and I have to use OWA and TS WEB + gateway... the problem is that the listener for OWA requires FBA authentication and the listener for TS gateway requieres "No Authentication"....

How can I resolve that?
0
 
LVL 4

Expert Comment

by:Llacy80
ID: 34988694
Hi there. Perhaps the link below will help out with that? How many Public IP's do you have?
http://social.technet.microsoft.com/Forums/en/ForefrontedgePub/thread/3ac5e8c0-0aeb-4544-be9f-06ed19a0333a

0
 
LVL 1

Author Comment

by:rafaeldemartin
ID: 34988880
Hi Llacy80,

I have just one public IP address but... I did it! It's working now!!!

I keep using the same listener for OWA with FBA with AD

But in the TS rule I changed:

Authentication Delegation: No delegation, but client may authenticate directly

Path: /TS/*
path: /Rpc/*

now... both OWA ant TS are working.

Thanks for your help!!!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
sccm report 1 40
People keep losing connection to file server 4 56
DNS Scavenging configuration 5 64
How to format PowerShell result and get it align by column. 9 45
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now