RE: terminal services over https
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 14 Dec 2005 15:24:14 -0800
It is very much black & white; you can web-publish the TSWEB site all day long;
if you fail to server-publish the RDP server, you'll never connect.
Again; only the initial connection to the web site is HTTP.
The remote console session is RDP.
Not RDP over HTTP, just RDP.
Not HTTP wrapped around RDP, just RDP.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Dan Bartley [mailto:dan@xxxxxxxxxxxxxxx]
Sent: Wednesday, December 14, 2005 14:53
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: terminal services over https
I'll be more succinct then. It is NOT RDP when it comes to the publishing
requirements. TS over HTTP is a web publishing scenario, which is what the
original poster was asking a related question to. There is no need to publish
anything that has to do directly with RDP in any form to make the web interface
work and open a remote desktop session in it, only a http rule. However, other
issues will interfere with its usefulness that also have nothing to do with RDP
directly.
No arguing intended, just trying to be clear and point out it is not just black
and white. :-) Dan Bartley
________________________________
From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Wed 12/14/2005 5:37 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: terminal services over https
http://www.ISAserver.org
As I said, it's still RDP.
RDP with a web interface. All traffic is by RDP.
________________________________
From: Dan Bartley [mailto:dan@xxxxxxxxxxxxxxx]
Sent: Wednesday, December 14, 2005 6:03 PM
To: ISA Mailing List
Subject: RE: [isalist] RE: terminal services over https
Yes, but you access it with a web browser over http. I am just not sure how the
activex xontrol will work with naming. You would have to be able to resolve a
legitimate DNS or NetBIOS name or IP address that the client end knows how to
route in the web browser entry point for TS from where ever you are attempting.
I am also not sure that specifying SSL is an option for the web interface. Just
a curiousity since the question was posed.
I just wanted to clarify that it is not just simply RDP, there is an HTTP
interface for it built in to all Win2k and later servers which can access any
other RDP or TS enabled system through the web interface. However, I don't see
it as a suitable alternative for reaching many internal machines for remote
sessions. By using the web interface you move name resolution and IP routing
requirements to the accessing client and that won't work from outside if the
ISA network is properly configured.
The best solution is one system published for RDP and use that to piggyback to
others or use VPN, which I find works quite well. It does arouse my curiosity
though.
Dan Bartley
________________________________
From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Wed 12/14/2005 8:40 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: terminal services over https
http://www.ISAserver.org
Still rdp at the end of the day.
S
-----Original Message-----
From: Dan Bartley [mailto:dan@xxxxxxxxxxxxxxx]
Sent: Wednesday, December 14, 2005 7:45 AM
To: ISA Mailing List
Subject: [isalist] RE: terminal services over https
http://www.ISAserver.org
Could it not be done over a web enabled terminal services? Set up a
server for web enabled TS, then make that SSL only? Not sure if that
would work because of the name requirements to use it (DNS might prevent
it from working?). Think I'll see if it can be a published web site,
curiosity.
Best Regards,
Dan Bartley
-----Original Message-----
From: Ara Avvali [mailto:ara.avvali@xxxxxxxxxxxxx]
Sent: Wednesday, December 14, 2005 01:14
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: terminal services over https
http://www.ISAserver.org
Haha
Jim 25/8 :) I knew you answer in 5 minutes!
Man how come you are always here? I guess you are using a portable
device like blackberry.
Anyway, may I ask why?
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Tuesday, December 13, 2005 10:06 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: terminal services over https
http://www.ISAserver.org
You can't do it.
Now - wasn't that easy?
--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
--------------------------------------------
-----Original Message-----
From: Ara Avvali [mailto:ara.avvali@xxxxxxxxxxxxx]
Sent: Tuesday, December 13, 2005 10:04 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] terminal services over https
http://www.ISAserver.org
Good evening,
This idea is spinning in my head of publishing a terminal server using
https instead of remote desktop. Main reason I think I can only allow
remote terminal from machines that I install the certificate manually
(maybe I am wrong) also I think authentication happens in ISA instead of
backend server (Like OWA) so if client is not is legitimate user they
won't be hammering the back end server and won't pass through ISA before
proper user name and password is used.
Would someone clear this for me please?
Appreciated
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ara.avvali@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
dan@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
This email and its contents are intended as a private communication
between the sender and specified recipient(s). Any other use,
re-transmission, interception or alteration is prohibited by applicable
laws and will result in criminal and civil liability.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
dan@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
dan@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
