locked
Publish TS Web Access/TS Gateway trough IAG RRS feed

  • Question

  • Hi,

    My customer have a TS Web Access solution trough a TS Gateway. They would like to protect the TS Gateway with IAG.

    How do I publish this on the IAG? Should a threat TS Gateway like a Generic Web App or Client/Server application etc?

    Thanks!

    Marten
    • Moved by Keith Alabaster Tuesday, June 16, 2009 5:44 PM Wrong Forum (From:Forefront Edge Security - General)
    Monday, November 10, 2008 3:24 PM

Answers

  • HI Marten,

    we have published our TS Web Acces through our IAG with the "Terminal Services Web Client (Single Server)" Rule on IAG.

    We put the TSweb Directory in our IIS Directory "C:\Inetpub\wwwroot\TSWeb" and create a virtual Directory on the IIS Default Web Site.

    Our IAG Config:
    Web Servers Tab: Addresses: localhost
                                 Paths: /tsweb/
                                 HTTP Ports: Auto
                                 HTTPS Ports: -none-
    Server Settings Tab: Server: ts.domain.tld 
                                     Port: 3389
    On the Portal Link Tab we have confgured: http://localhost:Auto/tsweb/default.htm?AutoConnect=1&Server=localip

    At last we set a new line in the default.htm of the tsweb:
       MsRdpClient.AdvancedSettings2.RDPPort = 3390

    I hope this will help you.

    Kind regards
    Joerg
    • Marked as answer by Nathan Bigman Thursday, January 15, 2009 11:37 AM
    Wednesday, November 19, 2008 12:38 PM

All replies

  • Monday, November 10, 2008 3:45 PM
  • Hi,

    Thanks for your answer but I would like publish through my customer IAG portal not ISA Server!

    Marten
    Tuesday, November 11, 2008 8:56 AM
  • HI Marten,

    we have published our TS Web Acces through our IAG with the "Terminal Services Web Client (Single Server)" Rule on IAG.

    We put the TSweb Directory in our IIS Directory "C:\Inetpub\wwwroot\TSWeb" and create a virtual Directory on the IIS Default Web Site.

    Our IAG Config:
    Web Servers Tab: Addresses: localhost
                                 Paths: /tsweb/
                                 HTTP Ports: Auto
                                 HTTPS Ports: -none-
    Server Settings Tab: Server: ts.domain.tld 
                                     Port: 3389
    On the Portal Link Tab we have confgured: http://localhost:Auto/tsweb/default.htm?AutoConnect=1&Server=localip

    At last we set a new line in the default.htm of the tsweb:
       MsRdpClient.AdvancedSettings2.RDPPort = 3390

    I hope this will help you.

    Kind regards
    Joerg
    • Marked as answer by Nathan Bigman Thursday, January 15, 2009 11:37 AM
    Wednesday, November 19, 2008 12:38 PM
  • Sunday, November 23, 2008 5:11 PM
  • Marten,
    Short answer is that this cant be done with the IAG today. Believe me I have stuggled trying to do it. It is like the holy grail. ISA is the only way today. Most people that say it can be done only look at the TS Web part of the question and not the TS GATEWAY part. Publishing TS Web is easy. TS Gateway is something else entirely.

    You might be able to do some strange voodoo where you modify the web.config in TS Web 2008 so it uses ts gateway for all rdp connections and publish it with IAG  and then publish the TS Gateway with ISA. But I think we will have to wait till the next version of IAG before we get a shot at it.

    I would love for someone to prove me wrong because I am dying for this functionality

    This feature would be extremely valuable for organizations that allow users to remote to their xp or vista desktops in the office. You could just setup one published app and walk away and let the RAP policies manage the access and on top of it all you could actually have REAL smart card authentication and not the horrible thing that is passed off as smart card authentication that is with IAG today.
    Saturday, March 28, 2009 3:43 AM