Announcement

Collapse
No announcement yet.

TS web access

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • TS web access

    hello.

    I have a windows 2008 std terminal server with a win sbs 2008 as the gateway. There are only 3 remote users who access office 2007 via remote web app.
    The problem is that typing in word and outlook speeds up and slows down. At times all is ok and then there is a delay of perhaps 30 secs before word responds. The connection at the TS end is 12mb down and 2mb up, and remote end is 8mb down and 800kb up.
    How can I diagnose where the problem is?

  • #2
    Re: TS web access

    Most of this issue is due bad certificate (usually commnon name issues) or MTU issu... You can use a sniifer to find for connection errors.
    Best Regards,

    Yuval Sinay

    LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

    Comment


    • #3
      Re: TS web access

      I have a go daddy ssl cert installed on the ts gateway and on the ts itself, when the clients connect, the correct ssl is identified.
      I connect via ts web access.
      can I bypass the ts gateway and connect direct to the ts to rule out the possibility that the gateway is causing the problem?

      Comment


      • #4
        Re: TS web access

        I hope that you use SAN certificate with all the servers names...
        You can open TCP 3389 (RDP) from the TS web to the TS server it self and then skipping the TS gateway.
        Best Regards,

        Yuval Sinay

        LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

        Comment


        • #5
          Re: TS web access

          the ts internal name is terminalserver.domain.local and the gateway is remote.domain.ie. I get a name mismatch with the cert when the client connects to ts web access, as the cert is for the external domain name.
          Could this be the cause of the lagging issue?

          Comment


          • #6
            Re: TS web access

            It may... But I never had this cert. problem...
            Best Regards,

            Yuval Sinay

            LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

            Comment


            • #7
              Re: TS web access

              I setup a wan to lan rule on the firewall to forward 3389 traffic directly to the ts.
              I setup an rdp connection directly to the TS from the same external pc that uses ts web access, and this appears to work ok without any lagging issue. This does not use the gateway on the sbs as the connection is not listed in gateway manager.
              It looks like the ts web access is causing the issue. From a security point of view, can I continue to use this rdp connection, or is ts web access more secure?

              Comment


              • #8
                Re: TS web access

                Its depands... Using TS gateway make the attacker life more hard (e.g. most of the free hacking tools planed to hack a direct RDP connection).
                Also, using TS Gateway allow you to use two factor authentication (e.g AD + OTP).

                bdw.. Why you didnt installed the TS Gateway on the TS server it self (usually its recommanded to install it on a seperate server in the DMZ)?! I guess that the SBS is under heavy load or using fax device, that may create some delay.
                Best Regards,

                Yuval Sinay

                LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

                Comment


                • #9
                  Re: TS web access

                  it was recommended in another post to install the ts gateway on the sbs server.
                  should I remove the role from the sbs and install on the ts?

                  Comment


                  • #10
                    Re: TS web access

                    You dont need to remove it... Just put it on the second server and redirect the users to it.
                    Best Regards,

                    Yuval Sinay

                    LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

                    Comment


                    • #11
                      Re: TS web access

                      at present the rd web access is available via https://remote.domain.ie/ts.
                      if i install the gateway on the ts itself, how do i direct external traffic to it, bypassing the gateway on the sbs?

                      Comment


                      • #12
                        Re: TS web access

                        Just point the Firewall Port Forward/NAT to the new TS...
                        Best Regards,

                        Yuval Sinay

                        LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

                        Comment


                        • #13
                          Re: TS web access

                          at prsesnt 443 points to the sbs for remote web workplace. If i nat 443 to the ts instead, rww won't work.

                          Comment


                          • #14
                            Re: TS web access

                            First, you can create NAT rule like:

                            https://server:444 -> localhost:443

                            Second, you can use a few public for the NAT.

                            Also, I dont like to idea to allow users to use RWW. It create a security issue.
                            Best Regards,

                            Yuval Sinay

                            LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

                            Comment


                            • #15
                              Re: TS web access

                              I use a zyxel 662 hw as a firewall. The sbs lan ip is 192.168.1.5. and the ts is 192.168.1.4.
                              Can you explain how I can create the rule - https://server:444 -> localhost:443

                              there is only 1 public wan IP.

                              Thanks,

                              Joe
                              Attached Files

                              Comment

                              Working...
                              X