RDP variable for Connections based on AD
-
Wednesday, February 09, 2011 3:55 PM
Hi,
based on this Tutorial (http://www.forefrontsecurity.org/ArticleViewer/tabid/131/ArticleId/22/How-to-open-different-Terminal-Servers-based-on-user-s-parameters-in-Active-Directory.aspx) i set up my UAG Configuration.
Unfortunately, this does not work for me. Does anyone have experience with the tutorial and running this setup on a UAG?
Has microsoft changed the variable 254.254.254.254 from IAG to UAG?
Everything else runs perfectly on my UAG Installation...
Thanks or any Hint
Regards
Patrick
All Replies
-
Wednesday, February 09, 2011 6:21 PM
Its working for me, what is the script are you using ?
This will only work for old XP/Vista RDP tunnel template only and nothing else. If you are thinking of using it for Remote Desktop (User defined) and (Pre defined) becuase they are very different.
Faisal :> -
Thursday, February 10, 2011 9:07 AM
Its working for me, what is the script are you using ?
This will only work for old XP/Vista RDP tunnel template only and nothing else. If you are thinking of using it for Remote Desktop (User defined) and (Pre defined) becuase they are very different.
Faisal :>Hi Faisal,
i use the script, regarding to my postet link:
<% set p1 = Server.CreateObject("UserMgrComLayer.Param") ' P1 holds the attribute name to retrieve from the active directory. p1.Name = "facsimileTelephoneNumber" ' Search for the value set in P1 above in the AD set user_information = GetUserInformation(repository,user_name,domain,Array(p1)) set p1 = Nothing if TypeName(user_information) = "Nothing" then LIGHT_TRACE "ERROR: Failed to get the user [" & user_name & "] domain [" & omain & "] repository [" & repository & "] information [mailserver,mailfile]" ClearSessionVariables response.redirect GetSiteErrorPage() & "?error_code=108" end if dim param_vec param_vec = user_information.ParamVec set user_information = Nothing RDPComputer = param_vec(0).Value ' sets the redirect value for the RDP application setSessionParam g_cookie,"RelayPort3389",RDPComputer %>My AD attribute "facsimileTelephoneNumber" is set with the IP for my Desktop Computer.
For my understanding, the postpostvalidate.inc must use now my ip for my RDP Session, right?Regards
Patrick
-
Thursday, February 10, 2011 12:15 PM
looks like you havent set the variables correctly in the script .
try this instead in your postpostvalidate.inc
...
==============
<%
repository = Session("repository1")
user_name = Session("user_name1")
set ADval = Server.CreateObject("UserMgrComLayer.Param")
' ADval holds the attribute name to retrieve from the active directory.
ADval.Name = "facsimileTelephoneNumber"
' Search for the value set in ADval above in the AD
set user_information = GetUserInformation(repository,user_name,domain,Array(ADval))
set ADval = Nothing
if TypeName(user_information) = "Nothing" then
LIGHT_TRACE "ERROR: Failed to get the user [" & user_name & "] domain [" & domain & "] repository [" & repository & "] information [mailserver,mailfile]"
ClearSessionVariables
response.redirect GetSiteErrorPage() & "?error_code=108"
end if
dim param_vec
param_vec = user_information.ParamVec
set user_information = Nothing
RDPComputer = param_vec(0).Value
' sets the redirect value for the RDP application
setSessionParam g_cookie,"RelayPort3389",RDPComputer
%>
=================
Yes your understanding is correct this AD attribute will have your IP address of the desktop .
Faisal :> -
Thursday, February 10, 2011 12:35 PM
Thanks for the Script Faisal.
Is this working with the TS Client Tunneling variables 254.254.254.254? I Setup it like here: http://www.forefrontsecurity.org/Portals/0/portals/0/DNNArticle/092910_1328_Howtoopendi3.png
but it didnt work.
-
Thursday, February 10, 2011 12:47 PM
Faisal,
my RDP APP or TS Tunneling always query the 254.254.254.254 IP if i want to connect to my Application, sure that 254.254.254.254 is the right variable in UAG? It works fine in my IAG Lab.. but i wont work in uag.
-
Thursday, February 10, 2011 2:01 PM
254.254.254.254.254 looks like a correct variable, working for me on UAG SP1 from win 7 64 bit and win XP as well. so its redirecting me to the desktop for the IP it pulls from AD attibute of the logged on user as per postpostvalidate.inc customization.
Faisal :> -
Thursday, February 10, 2011 2:04 PM
any ideas whats the problem?
is this the correct path for my postpostvalidate.inc
C:\Program Files\Microsoft Forefront Unified Access Gateway\von\InternalSite\inc\CustomUpdate ?
maybe i'm doing something wrong.. here are my steps.
1. create a appliacation (TS Client Tunneling)
2. Setup with 254.254.254.254 as Terminal Server and Initial Server
3. Standard Policies, Authorize all Users
4. create postpostvalidate.inc with your script, put it in \von\internalsite\inc\customupdate\
5. Safe configuration and activiate
6. Browse to my Portalpage, Login with my domaincredentials
7. Start RDP Application -
Friday, February 11, 2011 9:14 AM
anyone else have a hint?
Update - i think the hook postpostvalidate.inc is not working correctyl... if i set the varibale "RDPComputer" fix the UAG Appliacation does not respond to this..
-
Thursday, March 24, 2011 8:11 AM
Hi Patrick,
Are you sure that you have correctly named your postpostvalidate.inc file (like < portal name > + <0 or 1 (0 for HTTP trunk and 1 for HTTPS) > + <"PostPostValidate.inc"> ).
Can you see heavy trace in the logs file ? If not, that means that your .inc file is not applicated.
Olivier Detilleux - Service Line Manager | Core Infrastructure Department - vNext http://www.vnext.fr - http://myitforum.com/cs2/blogs/forefrontsecurity/- Marked As Answer by Ben AriMicrosoft Employee, Owner Thursday, May 05, 2011 4:46 PM
.png)
