Solved

Connecting to TS Web Access via TS Gateway

Posted on 2013-01-30
9
988 Views
Last Modified: 2013-02-06
Hi all,

I'm trying to find an article on how to configure TS Web Access so a domain user can authenticate to a TS Web server via TS Gateway from outside. I have configured two Windows server 2008 R2 Standard servers, 1 as a TS Gateway with external access (terminal.blabla.ca) and 1 as TS Server which has a few apps installed such as MS Office, Adobe Acrobat, etc. This all works fine when using a RDP file, the user connects to the remote server easily thru the Gateway but when trying with the web access I can't get it to work from outside. It works fine inside obviously when typing the URL, I get redirected to the TS web access on the TS Server with access to the apps.  I have installed Remote Desktop Web Access Role on both machines and Remote Desktop Gateway Role on only one with a 3rd party SSL Cert. The fact that everything works fine with a RDP file makes me think that I'm not far but still not there!

thanks
0
Comment
Question by:Comptrib
  • 5
  • 4
9 Comments
 
LVL 23

Expert Comment

by:Ayman Bakr
ID: 38837126
First see if your configuration is aligned to the checklist here:

http://technet.microsoft.com/en-us/library/cc772415.aspx

Moreover, if you deployed your RD Web Access and RD Gateway in DMZ, while your RD Session host was deployed internally, ensure you open WMI traffic on the firewall from the RD Web Access to the RD Session host.

Also ensure that your RD Web Access is configured to use Forms Authentication (it should by default).
0
 

Author Comment

by:Comptrib
ID: 38840502
Thanks for the reply,

Both of my servers are inside the domain. When typing "https://terminal.blabla.ca" in tnhe browser, the address gets translated at the Firewall level to the TS Gateway. After going thru the checklist you sent me, I created an RDP file within RemoteAppManager, took a copy and tried it outside my domain with a wifi connection. It worked perfectly. However, what I am looking for is the possibility for a user to type the "https://terminal.blabla.ca" in his browser and be redirected and authenticated to the TS Web server so he can select the application he wants to work on. Is this feasable?

thanks
0
 
LVL 23

Expert Comment

by:Ayman Bakr
ID: 38844724
To have SSL, and thus HTTPS, on your RD Web Access you need to setup SSL in IIS for your site and create an HTTPS binding for that site. Have you done it? Check this link on how to do it:

http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis

Moreover, have you configured the RemoteApp programs to be available through RD WebAccess? Please verify your configurations with this checklist:

http://technet.microsoft.com/en-us/library/cc730739.aspx
0
 

Author Comment

by:Comptrib
ID: 38845038
SSL is configured on RD Web Access and programs are available through RD Web access. I can access them in the browser from inside.

The problem seems to be at the Gateway. How can I set it up to have the user redirected to my RD Web Server? Actually when I type my address in the browser, I end up to the default web page of the TS Gateway server (iisstart.htm). Like I said, the address "terminal.blabla.ca" is translated to 192.168.x.x which is my TS Gateway. It stops there.

Thanks
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 23

Expert Comment

by:Ayman Bakr
ID: 38845381
Correct configuration should be as follows:

1. On RD Web Access the following should be configured:
    a. Source should be configured with the FQDN of your RD Session Hosts (have you configured this correctly?)

2. On Remote Desktop Session Host the following should be configured:
    a. Within the RemoteApp Manager settings you need to specify the RD Gateway settings including to 'Bypass RD Gateway Server for local addresses'
    b. Add your RDS User group to the TS Web Access Computers local group
    c. Publish the applications you want your users to run

How are your external users accessing your RD network - i.e. is terminal.blabla.ca the FQDN of your RD Gateway?
0
 

Author Comment

by:Comptrib
ID: 38852090
Yes, external users accessing the Gateway via the FQDN terminal.blabla.ca.

Here's what I tried; I enabled Directory Browsing in RDWeb on my Gateway and added RDWeb in my URL (https://terminal.blabla.ca/RDWeb) and I got a page showing the directory. I clicked on "Pages" and the Login page (RD Services Default Connection page) opened. I was able to log and run the applications on my Web Server. I changed the physical path of the RDWeb directory so it points to the default.aspx page but that generates an error.  I'm not far from what I want. Why I see the Directory and not the Login page?

G
0
 

Author Comment

by:Comptrib
ID: 38852300
Okay, I got it to work after reading this article on MS Forum http://social.technet.microsoft.com/Forums/en/winserverTS/thread/8d2af593-9f6f-4b5b-bf33-cfd29ad31db5. I simply redirected the default web site to "/RDWeb/Pages/default.aspx"

One more issue though, Once authentcated, I get the RD Web access page with the Apps available but to open one I have to authenticate again with Domain\username and also accept a "Unknow Publisher" warning. I need to do this for every App. Any idea how I can bypass this since I'm already authenticated as a domain user thru the Gateway.

Thanks
0
 
LVL 23

Accepted Solution

by:
Ayman Bakr earned 500 total points
ID: 38853904
For single-sign on (SSO) you need to ensure that:
1. Certificate used to sign your RemoteApps is trusted
2. RD Session host servers are 2008 R2.
3. Client connecting should have RDC 7.0 and is either Windows 7, Vista or XP SP3.

RD Session Hosts 2008 do not support SSO with RD Web Access and you will have to do with it. However if your RD Session Hosts 2008 R2 then it should be fine provided you had the above prerequisites and your environment setup correctly for SSO. For more info see this link:

http://blogs.msdn.com/b/rds/archive/2009/08/11/introducing-web-single-sign-on-for-remoteapp-and-desktop-connections.aspx
0
 

Author Closing Comment

by:Comptrib
ID: 38861246
THak you for the help. Greatly appreciated.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
A procedure for exporting installed hotfix details of remote computers using powershell
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now