RE: terminal services over https

• From: "Ara Avvali" <ara.avvali@xxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 14 Dec 2005 21:11:35 -0800

My appreciation to anyone who participated in this discussion. I guess I
got it. The http only load a small client to connect to server but it is
still RDP and can't be wrapped inside https as I was trying to do 

-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] 
Sent: Wednesday, December 14, 2005 3:38 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: terminal services over https

http://www.ISAserver.org

Hey Dan- that's not how it works, dude...

There absolutely IS a requirement to publish RDP if you are hosting the 
server the TSWeb asp file is configured to point to - the activeX
control is 
just a control to allow the client to connect up VIA RDP to a server 
somewhere.  There is no such thing as "TS over HTTP."

Here's the blow-by-blow.

A client somewhere on the Internet connects to your web server.  This
may or 
may not be a "published" server-  It can be any server, anywhere.  They
load 
the TSWeb ActiveX control into memory from the server, just like they
would 
load any other ActiveX control hosted on a web site.

In the case of the TSWeb client, once it is loaded, the control MAKES
ITS 
OWN CONNECTION *DIRECTLY* to the specified server VIA RDP.  At this
point, 
no HTTP or HTTPS is involved at all.

All the TSWeb component does is deliver the RDP Client Control to the
client 
itself over HTTP or HTTPS.  Once the client loads the control, it must
be 
able to make a direct RDP connection to the TS server in question.  Once
the 
control is loaded in memory, it is just like running MSTSC from any XP 
client and trying to connect to a Terminal Server/ Remote Desktop host 
somewhere.

The TSWeb component does not, in ANY WAY allow you to subsequently
connect 
to a TS host via HTTP in any way, shape or form.

t


-----
"God is a comedian playing to an
audience too afraid to laugh."


----- Original Message ----- 
From: "Dan Bartley" <dan@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, December 14, 2005 2:52 PM
Subject: [isalist] RE: terminal services over https


> http://www.ISAserver.org
>
>
> This is a multi-part message in MIME format.
>


------------------------------------------------------------------------
--------


I'll be more succinct then. It is NOT RDP when it comes to the
publishing
requirements. TS over HTTP is a web publishing scenario, which is what
the
original poster was asking a related question to. There is no need to 
publish
anything that has to do directly with RDP in any form to make the web
interface work and open a remote desktop session in it, only a http
rule.
However, other issues will interfere with its usefulness that also have
nothing to do with RDP directly.

No arguing intended, just trying to be clear and point out it is not
just
black and white. :-)
Dan Bartley


________________________________

From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Wed 12/14/2005 5:37 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: terminal services over https


http://www.ISAserver.org

As I said, it's still RDP.

RDP with a web interface. All traffic is by RDP.

________________________________

From: Dan Bartley [mailto:dan@xxxxxxxxxxxxxxx]
Sent: Wednesday, December 14, 2005 6:03 PM
To: ISA Mailing List
Subject: RE: [isalist] RE: terminal services over https


Yes, but you access it with a web browser over http. I am just not sure
how
the activex xontrol will work with naming. You would have to be able to
resolve a legitimate DNS or NetBIOS name or IP address that the client
end
knows how to route in the web browser entry point for TS from where ever
you
are attempting. I am also not sure that specifying SSL is an option for
the
web interface. Just a curiousity since the question was posed.

I just wanted to clarify that it is not just simply RDP, there is an
HTTP
interface for it built in to all Win2k and later servers which can
access 
any
other RDP or TS enabled system through the web interface. However, I
don't
see it as a suitable alternative for reaching many internal machines for
remote sessions. By using the web interface you move name resolution and
IP
routing requirements to the accessing client and that won't work from 
outside
if the ISA network is properly configured.

The best solution is one system published for RDP and use that to
piggyback
to others or use VPN, which I find works quite well. It does arouse my
curiosity though.

Dan Bartley


________________________________

From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Wed 12/14/2005 8:40 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: terminal services over https



http://www.ISAserver.org

Still rdp at the end of the day.

S

-----Original Message-----
From: Dan Bartley [mailto:dan@xxxxxxxxxxxxxxx]
Sent: Wednesday, December 14, 2005 7:45 AM
To: ISA Mailing List
Subject: [isalist] RE: terminal services over https

http://www.ISAserver.org

Could it not be done over a web enabled terminal services? Set up a
server for web enabled TS, then make that SSL only? Not sure if that
would work because of the name requirements to use it (DNS might prevent
it from working?). Think I'll see if it can be a published web site,
curiosity.


Best Regards,

Dan Bartley

-----Original Message-----
From: Ara Avvali [mailto:ara.avvali@xxxxxxxxxxxxx]
Sent: Wednesday, December 14, 2005 01:14
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: terminal services over https

http://www.ISAserver.org

Haha
Jim 25/8 :) I knew you answer in 5 minutes!
Man how come you are always here? I guess you are using a portable
device like blackberry.

Anyway, may I ask why?


-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Tuesday, December 13, 2005 10:06 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: terminal services over https

http://www.ISAserver.org

You can't do it.
Now - wasn't that easy?

--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
--------------------------------------------
-----Original Message-----
From: Ara Avvali [mailto:ara.avvali@xxxxxxxxxxxxx]
Sent: Tuesday, December 13, 2005 10:04 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] terminal services over https

http://www.ISAserver.org

Good evening,
This idea is spinning in my head of publishing a terminal server using
https instead of remote desktop. Main reason I think I can only allow
remote terminal from machines that I install the certificate manually
(maybe I am wrong) also I think authentication happens in ISA instead of
backend server (Like OWA) so if client is not is legitimate user they
won't be hammering the back end server and won't pass through ISA before
proper user name and password is used.
Would someone clear this for me please?
Appreciated


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ara.avvali@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
dan@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


This email and its contents are intended as a private communication
between the sender and specified recipient(s). Any other use,
re-transmission, interception or alteration is prohibited by applicable
laws and will result in criminal and civil liability.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
dan@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
dan@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------------------------
--------


> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:

> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ara.avvali@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » terminal services over https
• » RE: terminal services over https
• » RE: terminal services over https
• » RE: terminal services over https
• » RE: terminal services over https
• » RE: terminal services over https
• » RE: terminal services over https
• » RE: terminal services over https
• » RE: terminal services over https
• » RE: terminal services over https
• » RE: terminal services over https
• » RE: terminal services over https
• » RE: terminal services over https
• » RE: terminal services over https
• » RE: terminal services over https
• » RE: terminal services over https
• » RE: terminal services over https
• » RE: terminal services over https

1. Home
2. isalist
3. Archive
4. 12-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---