none
RDP variable for Connections based on AD

Answers

  • Hi Patrick,

    Are you sure that you have correctly named your postpostvalidate.inc file  (like < portal name > + <0 or 1 (0 for HTTP trunk and 1 for HTTPS) > + <"PostPostValidate.inc"> ).

    Can you see heavy trace in the logs file ? If not, that means that your .inc file is not applicated.


    Olivier Detilleux - Service Line Manager | Core Infrastructure Department - vNext http://www.vnext.fr - http://myitforum.com/cs2/blogs/forefrontsecurity/
    Thursday, March 24, 2011 8:11 AM

All replies

  • Its working for me, what is the script are you using ?

    This will only work for old XP/Vista RDP tunnel template only and nothing else. If you are thinking of using it for Remote Desktop (User defined) and (Pre defined) becuase they are very different.


    Faisal :>
    Wednesday, February 09, 2011 6:21 PM
  • Its working for me, what is the script are you using ?

    This will only work for old XP/Vista RDP tunnel template only and nothing else. If you are thinking of using it for Remote Desktop (User defined) and (Pre defined) becuase they are very different.


    Faisal :>

    Hi Faisal, 

    i use the script, regarding to my postet link: 

     

     

    <%
    
     set p1 = Server.CreateObject("UserMgrComLayer.Param")
    
     ' P1 holds the attribute name to retrieve from the active directory.
    
     p1.Name = "facsimileTelephoneNumber"
    
     ' Search for the value set in P1 above in the AD
    
     set user_information = GetUserInformation(repository,user_name,domain,Array(p1))
    
     set p1 = Nothing
    
      if TypeName(user_information) = "Nothing" then
    
       LIGHT_TRACE "ERROR: Failed to get the user [" & user_name & "] domain [" & omain & "] repository [" & repository & "] information [mailserver,mailfile]"
    
       ClearSessionVariables
    
       response.redirect GetSiteErrorPage() & "?error_code=108"
    
      end if
    
     dim param_vec
    
     param_vec = user_information.ParamVec
    
     set user_information = Nothing
    
     RDPComputer = param_vec(0).Value
    
    ' sets the redirect value for the RDP application
    
    setSessionParam g_cookie,"RelayPort3389",RDPComputer
    
    %>

     

    My AD attribute "facsimileTelephoneNumber" is set with the IP for my Desktop Computer.
    For my understanding, the postpostvalidate.inc must use now my ip for my RDP Session, right?

     

    Regards

    Patrick

     

    Thursday, February 10, 2011 9:07 AM
  • looks like you havent set the variables correctly in the script .

    try this instead in your postpostvalidate.inc

    ...

    ==============

    <%

    repository = Session("repository1")

    user_name = Session("user_name1")

    set ADval = Server.CreateObject("UserMgrComLayer.Param")

    ' ADval holds the attribute name to retrieve from the active directory.

    ADval.Name = "facsimileTelephoneNumber"

    ' Search for the value set in ADval above in the AD

    set user_information = GetUserInformation(repository,user_name,domain,Array(ADval))

    set ADval = Nothing

    if TypeName(user_information) = "Nothing" then

    LIGHT_TRACE "ERROR: Failed to get the user [" & user_name & "] domain [" & domain & "] repository [" & repository & "] information [mailserver,mailfile]"

    ClearSessionVariables

    response.redirect GetSiteErrorPage() & "?error_code=108"

    end if

    dim param_vec

    param_vec = user_information.ParamVec

    set user_information = Nothing

    RDPComputer = param_vec(0).Value

    ' sets the redirect value for the RDP application

    setSessionParam g_cookie,"RelayPort3389",RDPComputer

    %>

     

    =================

    Yes your understanding is correct this AD attribute will have your IP address of the desktop .

     

     


    Faisal :>
    Thursday, February 10, 2011 12:15 PM
  • Thanks for the Script Faisal. 

    Is this working with the TS Client Tunneling variables 254.254.254.254? I Setup it like here: http://www.forefrontsecurity.org/Portals/0/portals/0/DNNArticle/092910_1328_Howtoopendi3.png

    but it didnt work. 

     

     

    Thursday, February 10, 2011 12:35 PM
  • Faisal, 

    my RDP APP or TS Tunneling always query the 254.254.254.254 IP if i want to connect to my Application, sure that 254.254.254.254 is the right variable in UAG? It works fine in my IAG Lab.. but i wont work in uag.

    Thursday, February 10, 2011 12:47 PM
  • 254.254.254.254.254 looks like a correct variable, working for me on UAG SP1 from win 7 64 bit and win XP as well. so its redirecting me to the desktop for the IP it pulls from AD attibute of the logged on user as per postpostvalidate.inc customization.


    Faisal :>
    Thursday, February 10, 2011 2:01 PM
  • any ideas whats the problem? 

    is this the correct path for my postpostvalidate.inc

    C:\Program Files\Microsoft Forefront Unified Access Gateway\von\InternalSite\inc\CustomUpdate ? 

     

    maybe i'm doing something wrong.. here are my steps.

    1. create a appliacation (TS Client Tunneling)
    2. Setup with 254.254.254.254 as Terminal Server and Initial Server
    3. Standard Policies, Authorize all Users
    4. create postpostvalidate.inc with your script, put it in \von\internalsite\inc\customupdate\
    5. Safe configuration and activiate
    6. Browse to my Portalpage, Login with my domaincredentials
    7. Start RDP Application

    Thursday, February 10, 2011 2:04 PM
  • anyone else have a hint? 

    Update - i think the hook postpostvalidate.inc is not working correctyl... if i set the varibale "RDPComputer" fix the UAG Appliacation does not respond to this.. 

    Friday, February 11, 2011 9:14 AM
  • Hi Patrick,

    Are you sure that you have correctly named your postpostvalidate.inc file  (like < portal name > + <0 or 1 (0 for HTTP trunk and 1 for HTTPS) > + <"PostPostValidate.inc"> ).

    Can you see heavy trace in the logs file ? If not, that means that your .inc file is not applicated.


    Olivier Detilleux - Service Line Manager | Core Infrastructure Department - vNext http://www.vnext.fr - http://myitforum.com/cs2/blogs/forefrontsecurity/
    Thursday, March 24, 2011 8:11 AM