locked
Need help with Predefined RDP Applications. RRS feed

  • Question

  • Hello,

    We have a new UAG (SP1) installation that is used primarily to provide Remote Desktop access for a few users. The setup is as follows:

    • single UAG Server
    • local CA on the UAG server to support certified endpoints
    • several Predefined Remote Deskop published applications (each accessible to a particular remote user)
    • each user is RDP'ing into their own physical desktop machine

    This is working well, but the user experience is a poor one, and I'm hoping that something can be done to improve it. Here are the steps that each user has to perform to startup a session:

    1. Login to UAG portal as "DOMAIN\User" or just "User"
    2. Launch the published RDP application.
    3. Click "Connect" when prompted by "A website wants to run a RemoteApp program...". This msg show the publisher as the UAG server.
    4. Login to desktop machine as "DOMAIN\user". You cannot omit the domain.
    5. Click "Yes" in response to "The identity of the remote computer cannot be verified." This message allows you to view the certificate presented by the endpoint. It is self-signed. Adding this certificate to the Trusted CA store does not work.

    Ideally, I'd like to see SSO work for this process. Once the user is logged into the portal, it's the same identity that needs to be used. However, I've come across a few different threads that suggest SSO is not possible with RDP in UAG2010.

    The next best thing would be to at least eliminate steps 3 and 5, and provide a default domain for step 4. The documentation suggests that the RDP file can be signed in order to eliminate at least one of these prompts. However, all of the documentation assumes that you're connecting to an RDS server. I can't find a documented way to do this when RDP'ing into a desktop machine. Where is the RDP file with a desktop endpoint? How does one go about signing it and ensuring that it's used by UAG?

    I've read the documentation, Ben Ari's administrator's handbook, and more blog posts than I can count, yet I can't find a way to make this work smoother. Any guidance would be most appreciated.

    Tuesday, November 8, 2011 8:11 PM

All replies