No worries- we're all here to learn. For whatever reason, many people
expect the operational mechanisms of the TSWeb component to work exactly as
you have described, so you are definitely not alone there ;)
t
----- "God is a comedian playing to an audience too afraid to laugh."
http://www.ISAserver.org
Best Regards,
Dan Bartley,
-----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Wednesday, December 14, 2005 18:38 To: [ISAserver.org Discussion List] Subject: [isalist] RE: terminal services over https
http://www.ISAserver.org
Hey Dan- that's not how it works, dude...
There absolutely IS a requirement to publish RDP if you are hosting the server the TSWeb asp file is configured to point to - the activeX control is just a control to allow the client to connect up VIA RDP to a server somewhere. There is no such thing as "TS over HTTP."
Here's the blow-by-blow.
A client somewhere on the Internet connects to your web server. This may or may not be a "published" server- It can be any server, anywhere. They load the TSWeb ActiveX control into memory from the server, just like they would load any other ActiveX control hosted on a web site.
In the case of the TSWeb client, once it is loaded, the control MAKES ITS OWN CONNECTION *DIRECTLY* to the specified server VIA RDP. At this point, no HTTP or HTTPS is involved at all.
All the TSWeb component does is deliver the RDP Client Control to the client itself over HTTP or HTTPS. Once the client loads the control, it must be able to make a direct RDP connection to the TS server in question. Once the control is loaded in memory, it is just like running MSTSC from any XP client and trying to connect to a Terminal Server/ Remote Desktop host somewhere.
The TSWeb component does not, in ANY WAY allow you to subsequently connect to a TS host via HTTP in any way, shape or form.
t
----- "God is a comedian playing to an audience too afraid to laugh."
http://www.ISAserver.org
This is a multi-part message in MIME format.
----------------------------------------------------------------------------- ---
I'll be more succinct then. It is NOT RDP when it comes to the publishing requirements. TS over HTTP is a web publishing scenario, which is what the original poster was asking a related question to. There is no need to publish anything that has to do directly with RDP in any form to make the web interface work and open a remote desktop session in it, only a http rule. However, other issues will interfere with its usefulness that also have nothing to do with RDP directly.
No arguing intended, just trying to be clear and point out it is not just black and white. :-) Dan Bartley
________________________________
From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Wed 12/14/2005 5:37 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: terminal services over https
http://www.ISAserver.org
As I said, it's still RDP.
RDP with a web interface. All traffic is by RDP.
________________________________
From: Dan Bartley [mailto:dan@xxxxxxxxxxxxxxx] Sent: Wednesday, December 14, 2005 6:03 PM To: ISA Mailing List Subject: RE: [isalist] RE: terminal services over https
Yes, but you access it with a web browser over http. I am just not sure how the activex xontrol will work with naming. You would have to be able to resolve a legitimate DNS or NetBIOS name or IP address that the client end knows how to route in the web browser entry point for TS from where ever you are attempting. I am also not sure that specifying SSL is an option for the web interface. Just a curiousity since the question was posed.
I just wanted to clarify that it is not just simply RDP, there is an HTTP interface for it built in to all Win2k and later servers which can access any other RDP or TS enabled system through the web interface. However, I don't see it as a suitable alternative for reaching many internal machines for remote sessions. By using the web interface you move name resolution and IP routing requirements to the accessing client and that won't work from outside if the ISA network is properly configured.
The best solution is one system published for RDP and use that to piggyback to others or use VPN, which I find works quite well. It does arouse my curiosity though.
Dan Bartley
________________________________
From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Wed 12/14/2005 8:40 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: terminal services over https
http://www.ISAserver.org
Still rdp at the end of the day.
S
-----Original Message----- From: Dan Bartley [mailto:dan@xxxxxxxxxxxxxxx] Sent: Wednesday, December 14, 2005 7:45 AM To: ISA Mailing List Subject: [isalist] RE: terminal services over https
http://www.ISAserver.org
Could it not be done over a web enabled terminal services? Set up a server for web enabled TS, then make that SSL only? Not sure if that would work because of the name requirements to use it (DNS might prevent it from working?). Think I'll see if it can be a published web site, curiosity.
Best Regards,
Dan Bartley
-----Original Message----- From: Ara Avvali [mailto:ara.avvali@xxxxxxxxxxxxx] Sent: Wednesday, December 14, 2005 01:14 To: [ISAserver.org Discussion List] Subject: [isalist] RE: terminal services over https
http://www.ISAserver.org
Haha Jim 25/8 :) I knew you answer in 5 minutes! Man how come you are always here? I guess you are using a portable device like blackberry.
Anyway, may I ask why?
-----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Tuesday, December 13, 2005 10:06 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: terminal services over https
http://www.ISAserver.org
You can't do it. Now - wasn't that easy?
-------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -------------------------------------------- -----Original Message----- From: Ara Avvali [mailto:ara.avvali@xxxxxxxxxxxxx] Sent: Tuesday, December 13, 2005 10:04 PM To: [ISAserver.org Discussion List] Subject: [isalist] terminal services over https
http://www.ISAserver.org
Good evening, This idea is spinning in my head of publishing a terminal server using https instead of remote desktop. Main reason I think I can only allow remote terminal from machines that I install the certificate manually (maybe I am wrong) also I think authentication happens in ISA instead of backend server (Like OWA) so if client is not is legitimate user they won't be hammering the back end server and won't pass through ISA before proper user name and password is used. Would someone clear this for me please? Appreciated
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ara.avvali@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: dan@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
This email and its contents are intended as a private communication between the sender and specified recipient(s). Any other use, re-transmission, interception or alteration is prohibited by applicable laws and will result in criminal and civil liability.
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: dan@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: dan@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
----------------------------------------------------------------------------- ---
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: dan@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
This email and its contents are intended as a private communication between the sender and specified recipient(s). Any other use, re-transmission, interception or alteration is prohibited by applicable laws and will result in criminal and civil liability.