Submitted by inder on Thu, 06/17/2010 - 07:04
By default, computers running Windows Vista and Windows XP operating systems cannot access RemoteApps and Remote Desktops published through Forefront Unified Access Gateway (UAG) 2010. However, by applying Update 1 for Microsoft UAG you can access these applications from Windows XP SP3, Windows Vista with Service Pack 1 and Windows Vista with Service Pack 2. What we found out from our initial research was that even with UP1 Windows XP SP3 machines will not be able to access these applications. Let’s figure out the ways by which we can make it to work with or without UP1.
Scenario 1: UAG without Update 1
- Let’s assume that we have already applied SP3 on a Windows XP machine and now we have logged in UAG portal that has Remote Desktop (Predefined OR User Defined) published. When you try to access RDC in portal, you will get error like this.
- The message is a bit confusing though. The URL http://go.microsoft.com/fwlink/?LinkId=56287 mentioned in the message above opens the Microsoft article which says “RDC client Requirements for Terminal Services Web Access in Windows Server 2008”. This will tell you to have RDC client 6.1 installed on Windows XP SP3 machine, which is by default in SP3.
- The problem is that it needs RDC client 7.0 to access Remote Desktop or RemoteApps that are published through UAG.( http://technet.microsoft.com/en-us/library/ff607468.aspx ).
- You may download the RDC client 7.0 from http://support.microsoft.com/kb/969084
- After installing RDC 7.0, we started getting the following error
- To be able to establish successful RDP connection we will need to modify the registry settings in Windows XP machine as per the KB article http://support.microsoft.com/kb/951608
- This enables the Network Level Authentication on Windows XP machine by turning on Credential Security Service Providers (CredSSP) to establish a RDP connection.
- Once we did it, It all seems to be working
Scenario 2: UAG with Update 1
As per the Microsoft website http://www.microsoft.com/downloads/details.aspx?FamilyID=a862c57f-5c27-4cd0-8528-91b3cc5cd758&displaylang=en#filelist it says;
"Remote Desktop access from Windows Vista and Windows XP: Client endpoints running Windows Vista and Windows XP can now access RemoteApps and Remote Desktops published through Forefront UAG"
Seems pretty easy, let’s see
After we installed the UP1 in UAG 2010 and tried to access RDP application using Windows XP SP3 machine using the RDC 7.0 installed (Minimum requirement), we got the following error.
This message is quite confusing. Particularly the last part which says “Then, in browser, enable the ActiveX control that is available in gold bar prompt”. There are chances that, we will not get any ActiveX prompt despite liberal ActiveX control settings in browser for the particular site zone. Even though if you have UAG portal in the Trusted Site Zone.
Microsoft Tech Net article http://technet.microsoft.com/en-us/library/dd772157.aspx says “Users accessing RDS published via Forefront UAG may receive a pop-up message that the Terminal Services ActiveX control must be installed, but the gold bar, that asks if they want to use the control, does not appear. To resolve this issue, after inputting credentials to access the portal, users should refresh the portal Web page (using Ctrl +F5).”
But despite that, it does not bring the golden bar in the browser. And, if you try to click RDP app in UAG portal, you get the following error.
To rectify this error we need to enable Network Level Authentication in XP machine by turning on CredSSP as per http://support.microsoft.com/kb/951608
Conclusion: So in both the cases, UAG without UP1 and UAG with UP1, we need to enable Network Level Authentication in XP machine by turning on CredSSP .
Cheers !!
Category: