none
UAG - is it possible to automatically disconnect session when browser is closed? RRS feed

  • Question

  • Using UAG 2010 SP1 (with Update 1)

    We have trunk on our UAG deployment publishing various RemoteApps and full desktop RDP sessions using Remote Desktop (Predefined).    We have come across an issue where Remote App and RDP sessions remain open if you close the web browser & portal without logging off.

    problem:

    You log into UAG and open a RemoteApp, and an RDP Session as well for another application, then your browser crashes or you close it with the 'X' in the top right hand corner the Remote Apps/RDP stay open.   Then if you open the web browser and connect to UAG again, you are prompted to authenticate which creates a new Session ID according to Web Monitor, and the previous Session ID is still showing as active and authenticated.     If you then click Log Off on the portal on the new Session, the Remote Apps will disconnect ok, but the full RDP Session is still active.   This is different behavior if you log off from the original Session - a connected RDP session should say "The Remote Desktop Gateway server administrator has ended the connect".

    This could pose a security risk if someone thinks they have logged off, but hasn't noticed they still have an Remote Desktop session open, for example on a public/shared machine.

    any thoughts/ideas?


    Andy
    Monday, November 14, 2011 4:57 PM

All replies

  • Look at the session tab in teh advanced trunk configuration and look into checking both of the following checkboxes:

     

    Prompt user to disconnect if the portal closes without logging off─Select to specify that client endpoints should be prompted to disconnect the session when the portal Web site closes without a logoff. If this check box is selected, select the Reopen the portal if the user does not disconnect check box to ensure that when the portal window closes without logoff, and a user selects not to close the open SSL wrapper channel, the portal window is reopened. This prevents SSL wrapper applications from running outside the browser environment. A portal may close without the user logging off when a browser crashes or when a user accesses a non-portal page from within the portal, but the portal remains open to enable connections to applications. Note that this option is applicable for portals publishing SSL wrapper applications (client/server applications, legacy applications, and browser-embedded applications). Configure the same setting for privileged sessions in the Privileged Session Settings area.

    Monday, November 14, 2011 10:00 PM
  • Hi Mark, 

    thank you for your reply.  I have tried as you suggest but unfortunately it doesn't make any difference.   the RDP or RemoteApp sessions still remain connected as before.

    The "Prompt user to disconnect if the portal closes without logging off" was already ticked, but when you close the browser window there is no prompt.   we have tested this from Windows 7 with IE8 and IE9, and from XP with IE7.

    Andy 


    Andy
    Monday, November 14, 2011 10:08 PM
  • yeah, you may be right that those options only apply when you are using the UAG SSLwrapper, which is used if you publish RDP the old way (or publish most any other non-http app), but is not used when you publish RDP the new (RDGateway) way or RemoteApp.  When doing that the RDC makes it own SSL connection to UAG and there is no need for SSLWrapper.   

    The feature I mentioned in UAG is there exactly for the purpose you mention so that someone can't forget they have a non-http tunnel when they close the browser, but I'm guessing MSFT did not come up with a way to engage the same feature if doing the new RDG publishing when SSLwrapper is not used..

    Monday, November 14, 2011 10:16 PM
  • can you provide any details on how I can publish RDP the "old way" using the UAG SSLWrapper so I can test if this makes any difference to the problem we have.

    thanks

    Andy


    Andy
    Monday, November 14, 2011 10:21 PM
  • Don't have a UAG in front of me and don't see a screenshot of it online at first glance.   But its one of the other options in the Terminal Services (TS)/Remote Desktop Services (RDS) section on the first screen of the add application wizard.   
    Monday, November 14, 2011 10:38 PM
  • might be labelled:  TS Client Tunneling
    Monday, November 14, 2011 10:40 PM
  • I've published an RDP session using TS client tunneling however it doesn't connect from my test PC (Windows XP 64 bit).   it just says that the RDP client can't connect to the remote computer.   I've tried configuring the server by IP and FQDN but no luck.

    What does work is the popup that appears if you close the portal browser, the SSL Tunnel client pops up a message asking if you want to close or reopen the portal.

    I've read somewhere that XP x64 doesn't support TS Client Tunneling which may explain why it doesn't work, but I need to test from a 32 bit client to make sure.


    Andy
    Tuesday, November 15, 2011 3:50 PM
  • The TS client tunnelling feature does seem to work OK from Windows 7 32bit clients.     any idea if 64bit support will be added to a future release?
    Andy
    Wednesday, November 16, 2011 2:15 PM