2008 TS & Sonicwall VPN

[stratisphere]

Morning all,

We have a Sonicwall SSL-VPN 2000 which we use for remote access into file shares/webmail etc.

We're trying to implement remote access to SIMS.Net via Windows Server 2008 Terminal Services by using RemoteApps.

Now the terminal server is all configured and working fine. I can access it directly and launch the app and it all runs fine... however i've yet to really find a way to configure the SSL-VPN to do the same. I know ICT_NUT has done this (or something like this), but I cant seem to get hold of him. Anyone got any suggestions?

Cheers,

[FN-GM]

Morning all,

We have a Sonicwall SSL-VPN 2000 which we use for remote access into file shares/webmail etc.

We're trying to implement remote access to SIMS.Net via Windows Server 2008 Terminal Services by using RemoteApps.

Now the terminal server is all configured and working fine. I can access it directly and launch the app and it all runs fine... however i've yet to really find a way to configure the SSL-VPN to do the same. I know ICT_NUT has done this (or something like this), but I cant seem to get hold of him. Anyone got any suggestions?

Cheers,

Also having the same problem btu with a 4000 box, can you let me know how you resolve it when you do.

Thanks

Z

[stratisphere]

Yeh np.

[FN-GM]

Just out of Curiosity here are you based?

[stratisphere]

Where am I based?

Herefordshire, our county distributed the sonicwall boxes to all high schools (and i believe soon to all others aswell). It works great... but proving a real pain for 2k8 TS Remote Apps

[stratisphere]

Right, what i've learnt so far:

• Setting up an RDP bookmark directly to the server will work, but will give a traditional desktop connection (not wanted). Specifying an application only seems to start it, not run it in a remoteapp kinda way
• Doing a bookmark to the terminal server's TS Gateway works, right up till it launches RDP6.1... which needs direct connection to the TS server. In this case, defeating the point of using the SSL-VPN. Opening the firewall up to allow in to the TS server isnt an option
• There doesnt seem to be a way to define custom RDP options. ActiveX has fewer customising options than the java one. From what i've read, the java one is basically a wrapper to the RDP client on the client's machine? If thats the case, then all we need to do is define the remoteapp stuff in the generated RDP file and we're cooking... but there isnt a way AFAIK

I've logged a question with the service dept and also started a thread on their forums. I really hope there's a solution to this!

[techyphil]

I've also tried this with SSL-Explorer. I can do remote desktop, but remoteapp's doesnt work. I then set about using the IIS web interface and launching it that way. That also doesnt work.

[Oops_my_bad]

Out of curiosity, try using a test account that doesnt run any logon scripts/programs when they start up - we have a similar issue but with Citrix streamed apps, might be the startup scripts in the users AD properties causing it to invoke a full desktop as opposed to just the app

[Oops_my_bad]

Oh, I wish our LEA would dish out kit like the sonicwall - they give us a "broadband router" (as they call it) which is actually a 1990's alcatel switch to connect to their network

Not jealous much

[stratisphere]

Thanks for your reply.

The issue we have isnt that SIMS.Net isnt running when the user logs in, if the user logs in from the network its fine.

The issue is from sonicwall, there is no obvious way to make the java or activex client connect to terminal services in such a way that it starts a remoteapp session.

I'm starting to think i'll get the LEA to open up a single rule for us for RDP to the TS server...

Sonicwall boxes are great tho. Tbh they are just linux boxes but their management interface is pretty good.

Nothing you cant do with opensource and a little time tho! Our LEA paid for the boxes tho so i cant complain!

[box_l]

Hi Stratisphere, which school are you working in?

I am also in Hereford (Edutech Solutions) and have setup 5 of the high schools sonicwalls.

Just ran a test on one of the schools I support.

I set up an RDP link to the server (2003) running SIMS

I set the application path to

C:\Program Files\SIMS\SIMS .net\Pulsar.exe

and the start in folder to

C:\Program Files\SIMS\SIMS .net\

this ran the app without giving me access to the server itself. (remoteapp)

i do not have a SIMS user/pass so i clicked cancel and it ended my RDP session.

I know it is not server 2008 and is not set up as a proper TS, but it seemed to work okay for me.

Which firmware are you running on the sonicwall? I have 3.0.0.3-12sv on the one I just tested.

BoX

[stratisphere]

Hey box, think I know ya, you used to work at the tech?

I'm Adrian, i work at Weobley High.

Yeh doing it like that was the first way I tried... but something didnt work right... cant remember what now tho. I may go back to it and see if it's easier to resolve that.

And yup, im using 3.0 firmware (aka, the pretty admin ui)

[box_l]

Thats me!

I think i also spoke to you on the phone when I worked for the council network team.

I hope you have more success tomorrow (or whenever).

PM me if you need my number or email or anything.

BoX

[stratisphere]

Cool, will do but I think i'll persist with 2008 a little while longer

Ok, just an update from the sonicwall service dept and forums.

Service dept reported this:

Hi Adrian, As of now the current firmware 3.0.0.8 is not supported for Terminal Service RemoteApp, however if we have TS web access enabled for the RemoteApp then we can acess it like any other URL web resource.

...Sucks (Not quite sure what he meant by the accessing the remoteapp via URL's... enquiring!

The forums has this reply:

Need to do two things:

1)In Windows 2008, need to add programs to the RemoteApp Programs List:
- Start TS RemoteApp Manager. To do this, click Start, point to Administrative Tools, point to Terminal Services, and then click TS RemoteApp Manager.
- In the Actions pane, click Add RemoteApp Programs.
- On the Welcome to the RemoteApp Wizard page, click Next.
- On the Choose programs to add to the RemoteApp Programs list page, select the check box next to each program that you want to add to the list of RemoteApp programs. You can select multiple programs.

More info in: http://technet.microsoft.com/en-us/l.../cc753610.aspx

2) In SSLVPN portal bookmark, select RDP service (ActiveX or Java), and put your app in "Application and Path: " field. Such as notepad application, you should put: "C:\Windows\system32\notepad.exe". This way you invoke this application in remote host if it is registered in RemoteApp list.

Hope above help.

Now the first step is somewhat obvious (and done). The seconds step I did try at some point but I got an error, so i'll try again and report back.

(lol, i'm doing more detailed reports on here that on our helpdesk system.... thats annoying!)