RE: TSWeb problem

• From: "Alex Randjelovic" <alex@xxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 22 Oct 2001 10:30:50 -0400

DNS is what I changed. I think because of OWA that I have, I couldn?t make it 
work in the form of www.mydomain.com/TSWeb, so I had to create new DNS host (A) 
with name ts. FQDN for it would be ts.mydomain.com, which is not an alias, like 
in www.mydomain.com. A record would have unique IP address, the one that you 
designated for your TSWeb on external ISA nic.
Now to access the site you would enter ts.mydomain.com/tsweb. When connecting, 
you don?t need server name, just click on Connect.

If you don?t have OWA (www.mydomain.com/exchange/) you may want to try playing 
with destination sets for make TSWeb work in form of alias. 

Alex Randjelovic
IT Manager
MagiTech Inc.


-----Original Message-----
From: Aleksander França Honma [mailto:aleks@xxxxxxxxxxxxxx] 
Sent: Monday, October 22, 2001 10:29 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: TSWeb problem

http://www.ISAserver.org


HI Alex,

        This seems to be exactly what I did. Except for the DNS entry that I'm
using an alias TS pointing to my www.mydomain.com, instead of a HOST entry.
        Another thing... should the TS DNS entry be pointing to a separate IP? I
mean one Ext. ISA IP of it's own?

        Actually part of my original mail I copied from one that you sent on the
beginning of this month. So let's think different. I'm believe to be in the
same situation you were by that date. What exactly did you change to revert
the situation?

Many thanks for everyone's help up to now,
ALeks

-----Original Message-----
From: Alex Randjelovic [mailto:alex@xxxxxxxx]
Sent: segunda-feira, 22 de outubro de 2001 11:51
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: TSWeb problem


http://www.ISAserver.org


Ok, first under Incoming Web requests you need minimum of 2 IP addresses
(for 2 web servers) with integrated authentication.

You need Packet filter for Terminal service. Here is mine:
Packet Filter Name : Terminal Server Access
        Enabled : True
        Filter Mode : Allow
        Filter Type : Custom
        Protocol : TCP
        Direction : Inbound
        Local Port : 3389
        Remote Port : Any Port
        Local Computer Filter Applies to : Default External IP
        Remote Computer Filter Applies to : All Remote Computers

You need Web Publishing rule for TSWeb. Here is mine with your IP address:
Web Publishing Rule Name : TSAC Site
        Enabled : True
        Rule Applies to : Selected Destination Set
        Destination Set Used : TSWeb
        Action : Redirect to 192.168.1.5
          Send Original Host Header : False
          HTTP Redirect Port : 80
          SSL Redirect Port : 443
          FTP Redirect Port : 21
        Redirect HTTP requests as : HTTP Requests
        Redirect SSL requests as : SSL Requests
        Require SSL for Published Site : False
        Rule Applies to : Any Request

You need Server publishing Rule. Here is mine, with your IP:
Server Publishing Rule Name : TERMINAL terminal service
        Enabled : True
        IP Address of Internal Server : 192.168.1.5
        External IP Address on ISA Server : (1 of 2 IP addresses under Incoming 
Web
requests that you designated for TSWeb)
        Protocol Used : Inbound Terminal Server
        Primary Port Used by Protocol : 3389
        Rule Applies to : Any Request

Than destination set:
Destination Set Name : TSWeb
        DomainName: ts.<your_domain>.com

Make sure that you have entry in your DNS for ts.<your_domain>.com. IP
address would be 1 of 2 IP addresses under Incoming Web requests that you
designated for TSWeb.

Last is protocol definition:
Protocol Definition Name : Inbound Terminal Server
        Initial Connection Port Number : 3389
        Initial Protocol Type : TCP
        Initial Direction : Inbound


Let me know if this helps


Alex Randjelovic
IT Manager
MagiTech Inc.


-----Original Message-----
From: Aleksander França Honma [mailto:aleks@xxxxxxxxxxxxxx]
Sent: Monday, October 22, 2001 9:16 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: TSWeb problem

http://www.ISAserver.org


I have two IIS servers...

ISA config.
Ext. NIC -> 222.222.222.130, 222.222.222.140~145
Int. NIC -> 192.168.1.4

IIS Server 1 -> 192.168.1.3 (hosting 5 Websites)

IIS/TSWeb Server 2 -> 192.168.1.5 (hosting only TSWeb/Citrix Metaframe)

What do I do???

Many thanks,
Aleks

-----Original Message-----
From: Alex Randjelovic [mailto:alex@xxxxxxxx]
Sent: segunda-feira, 22 de outubro de 2001 10:59
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: TSWeb problem


http://www.ISAserver.org


Do you have other web/iis server on your network? If you do, you need second
IP address binded to external ISA interface. Same thing happened to me.

Alex Randjelovic
IT Manager
MagiTech Inc.


-----Original Message-----
From: Aleksander França Honma [mailto:aleks@xxxxxxxxxxxxxx]
Sent: Monday, October 22, 2001 8:46 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] TSWeb problem

http://www.ISAserver.org


Hi All,

    I published Terminal Service Web Access according to Tom's instructions.
My TSWeb Server is on separate machine from ISA.
    Accessing TS using Web client form the local network works. When I
access TS using Web client from outside I get Terminal Services Web
Connection page, but after entering server name and clicking on Connect, I
get VBScript: Error connecting to terminal server: server_name.

Does anybody knows what's happening.

The inbound Protocol Definition was created and a Packet Filter was also
created for Inbound on 3389.

A thing that I found to be strange, the IIS/Terminal Server is doing socket
pooling, so it's listening on 0.0.0.0:3389 instead of the private IP
assigned to it. (is this OK?)

Another thing, after Sniffering the network for the logon activity (from the
LAN), it seems that the transport is as follows:

MY machine              TSWEb
any port        ->      3389

TSWeb                   My maching
3389            ->      any port

Now thinking on this, why did I create an INBOUND on the fixed port 3389 for
ISA LOCAL machine?

Any clues are more than welcome.

Aleks


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
alex@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')




------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Aleks@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
alex@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')




------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Aleks@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
alex@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » TSWeb problem
• » RE: TSWeb problem
• » RE: TSWeb problem
• » RE: TSWeb problem
• » RE: TSWeb problem
• » RE: TSWeb problem
• » RE: TSWeb problem
• » RE: TSWeb problem
• » RE: TSWeb problem
• » RE: TSWeb problem
• » RE: TSWeb problem
• » RE: TSWeb problem

1. Home
2. isalist
3. Archive
4. 10-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---