RE: Securing Remote access for RDP (Terminal Services)

• From: "Thor \(Hammer of God\)" <thor@xxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 22 Nov 2005 17:31:05 -0800

I know Doc already replied, but to specifically answer the last question, Yes, the TSAC client will use the server publishing RDP rule to communicate with the terminal server. The client is (apparently) using the Web Publishing rule to access the TSAC itself, then, once the TSAC is loaded into the client's memory, the client will connect to the server using RDP.

A couple of Q's-

1) You don't have RDP bound to the external interface on the ISA server itself, right? By default, in Terminal Server Configuration, any server with Remote Desktop enabled will bind RDP to all available interfaces. If you are publishing RDP on the ISA Box, the external interface of the ISA itself can't be bound to RDP. If you do indeed have Remote Desktop enabled on the ISA box, go into Terminal Server Configuration, right click on the RDP protocol, go to properties, select the Network Adapters tab, and select the internal adapter you wish to use to bind RDP to. Then you can publish RDP from the external interface to the internal box while still allowing RDP connections on the ISA's internal interface.

2) The TSAC client can directly hit the external interface of the ISA box with RDP (3389) right? Some people tend to think that the TSAC does some sort of RDP proxying - it provides the client with the ActiveX control- the client must still be able to hit the ISA box directly... Can you connect with the default RDP client on the client box? (mstsc.exe)

t

----- Original Message ----- From: "Raji Arulambalam" <rajia@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, November 22, 2005 3:52 PM
Subject: [isalist] RE: Securing Remote access for RDP (Terminal Services)

http://www.ISAserver.org

Hi

I followed as described in article KB895433 for using certificate based
authentication for RDP clients.
This worked fine, but I came to grief when I tried to access the
Terminal Server via the TSAC web client. I got the error message that
the server was unavailable giving 3 different reasons.
I have both Web and Server publishing rules for the IIS and terminal
servers.
Does the TSAC client use the server published (RDP)rule to communicate
with the Terminal server?

The ISA server 2000 was setup as using To's article
http://www.isaserver.org/tutorials/Publishing_Terminal_Services_and_the_
TSAC_Client__Updated.html

How do I get both working?

RajiA

-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
Sent: Tuesday, 22 November 2005 11:41 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Securing Remote access for RDP
(Terminal Services)

http://www.ISAserver.org

To be specific, one can indeed use SSL for RDP connections.
Win2k3 allows specifying certificate-based TLS authentication
at the server by installing a valid cert, specifying SSL as
the security layer, and then choosing what encryption level
you want, all the way to 140 bit FIPS as described in
KB895433.  But this, as you pointed out, has nothing to do
with ISA other than publishing RDP.

t

Email disclaimer: This email and any attachments are confidential. If you are not the intended recipient, do not copy, disclose or use the contents in any way. If you receive this message in error, please let us know by return email and then destroy the message. Environment Bay of Plenty is not responsible for any changes made to this message and/or any attachments after sending.
******************************************************
This e-mail has been checked for viruses and no viruses were detected.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)
• » RE: Securing Remote access for RDP (Terminal Services)

1. Home
2. isalist
3. Archive
4. 11-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---