DNS is what I changed. I think because of OWA that I have, I couldn?t make it work in the form of www.mydomain.com/TSWeb, so I had to create new DNS host (A) with name ts. FQDN for it would be ts.mydomain.com, which is not an alias, like in www.mydomain.com. A record would have unique IP address, the one that you designated for your TSWeb on external ISA nic. Now to access the site you would enter ts.mydomain.com/tsweb. When connecting, you don?t need server name, just click on Connect. If you don?t have OWA (www.mydomain.com/exchange/) you may want to try playing with destination sets for make TSWeb work in form of alias. Alex Randjelovic IT Manager MagiTech Inc. -----Original Message----- From: Aleksander França Honma [mailto:aleks@xxxxxxxxxxxxxx] Sent: Monday, October 22, 2001 10:29 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TSWeb problem http://www.ISAserver.org HI Alex, This seems to be exactly what I did. Except for the DNS entry that I'm using an alias TS pointing to my www.mydomain.com, instead of a HOST entry. Another thing... should the TS DNS entry be pointing to a separate IP? I mean one Ext. ISA IP of it's own? Actually part of my original mail I copied from one that you sent on the beginning of this month. So let's think different. I'm believe to be in the same situation you were by that date. What exactly did you change to revert the situation? Many thanks for everyone's help up to now, ALeks -----Original Message----- From: Alex Randjelovic [mailto:alex@xxxxxxxx] Sent: segunda-feira, 22 de outubro de 2001 11:51 To: [ISAserver.org Discussion List] Subject: [isalist] RE: TSWeb problem http://www.ISAserver.org Ok, first under Incoming Web requests you need minimum of 2 IP addresses (for 2 web servers) with integrated authentication. You need Packet filter for Terminal service. Here is mine: Packet Filter Name : Terminal Server Access Enabled : True Filter Mode : Allow Filter Type : Custom Protocol : TCP Direction : Inbound Local Port : 3389 Remote Port : Any Port Local Computer Filter Applies to : Default External IP Remote Computer Filter Applies to : All Remote Computers You need Web Publishing rule for TSWeb. Here is mine with your IP address: Web Publishing Rule Name : TSAC Site Enabled : True Rule Applies to : Selected Destination Set Destination Set Used : TSWeb Action : Redirect to 192.168.1.5 Send Original Host Header : False HTTP Redirect Port : 80 SSL Redirect Port : 443 FTP Redirect Port : 21 Redirect HTTP requests as : HTTP Requests Redirect SSL requests as : SSL Requests Require SSL for Published Site : False Rule Applies to : Any Request You need Server publishing Rule. Here is mine, with your IP: Server Publishing Rule Name : TERMINAL terminal service Enabled : True IP Address of Internal Server : 192.168.1.5 External IP Address on ISA Server : (1 of 2 IP addresses under Incoming Web requests that you designated for TSWeb) Protocol Used : Inbound Terminal Server Primary Port Used by Protocol : 3389 Rule Applies to : Any Request Than destination set: Destination Set Name : TSWeb DomainName: ts.<your_domain>.com Make sure that you have entry in your DNS for ts.<your_domain>.com. IP address would be 1 of 2 IP addresses under Incoming Web requests that you designated for TSWeb. Last is protocol definition: Protocol Definition Name : Inbound Terminal Server Initial Connection Port Number : 3389 Initial Protocol Type : TCP Initial Direction : Inbound Let me know if this helps Alex Randjelovic IT Manager MagiTech Inc. -----Original Message----- From: Aleksander França Honma [mailto:aleks@xxxxxxxxxxxxxx] Sent: Monday, October 22, 2001 9:16 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TSWeb problem http://www.ISAserver.org I have two IIS servers... ISA config. Ext. NIC -> 222.222.222.130, 222.222.222.140~145 Int. NIC -> 192.168.1.4 IIS Server 1 -> 192.168.1.3 (hosting 5 Websites) IIS/TSWeb Server 2 -> 192.168.1.5 (hosting only TSWeb/Citrix Metaframe) What do I do??? Many thanks, Aleks -----Original Message----- From: Alex Randjelovic [mailto:alex@xxxxxxxx] Sent: segunda-feira, 22 de outubro de 2001 10:59 To: [ISAserver.org Discussion List] Subject: [isalist] RE: TSWeb problem http://www.ISAserver.org Do you have other web/iis server on your network? If you do, you need second IP address binded to external ISA interface. Same thing happened to me. Alex Randjelovic IT Manager MagiTech Inc. -----Original Message----- From: Aleksander França Honma [mailto:aleks@xxxxxxxxxxxxxx] Sent: Monday, October 22, 2001 8:46 AM To: [ISAserver.org Discussion List] Subject: [isalist] TSWeb problem http://www.ISAserver.org Hi All, I published Terminal Service Web Access according to Tom's instructions. My TSWeb Server is on separate machine from ISA. Accessing TS using Web client form the local network works. When I access TS using Web client from outside I get Terminal Services Web Connection page, but after entering server name and clicking on Connect, I get VBScript: Error connecting to terminal server: server_name. Does anybody knows what's happening. The inbound Protocol Definition was created and a Packet Filter was also created for Inbound on 3389. A thing that I found to be strange, the IIS/Terminal Server is doing socket pooling, so it's listening on 0.0.0.0:3389 instead of the private IP assigned to it. (is this OK?) Another thing, after Sniffering the network for the logon activity (from the LAN), it seems that the transport is as follows: MY machine TSWEb any port -> 3389 TSWeb My maching 3389 -> any port Now thinking on this, why did I create an INBOUND on the fixed port 3389 for ISA LOCAL machine? Any clues are more than welcome. Aleks ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: alex@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: Aleks@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: alex@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: Aleks@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: alex@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')