Web access to servers

how does this normally work, if I have internal addresses on my servers, do these need to be natted to public ip's and let through my firewall ?

Web servers are a scary entity and can comprimise any production environment if they are not carefully implemented. Best practices include putting Web servers isolated in a DMZ. Depending on the structure of the network you can sandwhich them between firewalls, etc.
Typically in a web server farm, the servers themselves have public addresses on them.

Similar Messages

GW2012 Web Access Logging

GW2012SP1
GW2012SP2
SLES11SP3
SLES10SP3
We have two GW Web Access Linux servers. Neither one creates the log files
on startup. The WEBACC.CFG both have the path to the log file folder as
$(webapp.config.path)\logs. With the GW2012 Web Access installed and running
on a MS Windows 2K12 server the logs are created. I know, run MS....however
that is not an option. Linux is preferred.
What, if anything are we missing?
Any assistance is greatly appreciated.
JoeK

No the WebAccess Admin console shows no log files being created.
"kjhurni" <[email protected]> wrote in message
news:[email protected]...
>
> JKress;2329321 Wrote:
>> NORMAL
>>
>> "kjhurni" <[email protected]> wrote in message
>> news:[email protected]...
>> >
>> > JKress;2329051 Wrote:
>> >> Thanks for the responses, however the path is correct. The users and
>> >> temp
>> >> folders in the same path populate if the permissions are correct for
>> >> them. I
>> >> made the permissions the same on the logs folder, however no logs.
>> >>
>> >> Any other thoughts please?
>> >>
>> >> JoeK
>> >>
>> >> "kjhurni" <[email protected]> wrote in message
>> >> news:[email protected]...
>> >> >
>> >> > JKress;2328872 Wrote:
>> >> >> GW2012SP1
>> >> >> GW2012SP2
>> >> >> SLES11SP3
>> >> >> SLES10SP3
>> >> >>
>> >> >> We have two GW Web Access Linux servers. Neither one creates the
>> log
>> >> >> files
>> >> >> on startup. The WEBACC.CFG both have the path to the log file
>> folder
>> >> as
>> >> >> $(webapp.config.path)\logs. With the GW2012 Web Access installed
>> and
>> >> >> running
>> >> >> on a MS Windows 2K12 server the logs are created. I know, run
>> >> >> MS....however
>> >> >> that is not an option. Linux is preferred.
>> >> >>
>> >> >> What, if anything are we missing?
>> >> >>
>> >> >> Any assistance is greatly appreciated.
>> >> >>
>> >> >> JoeK
>> >> >
>> >> > Granted, mine is on OES2, but the webacc.cfg shows:
>> >> > Log.path=$(Webapp.Config.path)\logs
>> >> >
>> >> > It places the logs in the:
>> >> > /var/opt/novell/groupwise/webaccess/logs
>> >> > directory
>> >> >
>> >> > Does that help?
>> >> >
>> >> > --Kevin
>> >> >
>> >> >
>> >> > --
>> >> > The opinions expressed are my own.
>> >> > Check out my OES2 Guides:
>> >> > Installing OES2 SP2:
>> >> >
>> >>
>> http://www.novell.com/communities/no...allation-guide
>> >> > Upgrading to OES2 with ID Transfer:
>> >> >
>> >>
>> http://www.novell.com/communities/no...r-id-scenarios
>> >> > GroupWise Migration with OES2 ID Transfer:
>> >> >
>> >>
>> http://www.novell.com/communities/no...p2-transfer-id
>> >> >
>> >>
>> ------------------------------------------------------------------------
>> >> > kjhurni's Profile: https://forums.novell.com/member.php?userid=734
>> >> > View this thread:
>> https://forums.novell.com/showthread.php?t=478720
>> >> >
>> >
>> > This is going to sound dumb, but what's the log level set to in the
>> > webacc.cfg file?
>> > --Kevin
>> >
>> >
>> > --
>> > The opinions expressed are my own.
>> > Check out my OES2 Guides:
>> > Installing OES2 SP2:
>> >
>> http://www.novell.com/communities/no...allation-guide
>> > Upgrading to OES2 with ID Transfer:
>> >
>> http://www.novell.com/communities/no...r-id-scenarios
>> > GroupWise Migration with OES2 ID Transfer:
>> >
>> http://www.novell.com/communities/no...p2-transfer-id
>> >
>> ------------------------------------------------------------------------
>> > kjhurni's Profile: https://forums.novell.com/member.php?userid=734
>> > View this thread: https://forums.novell.com/showthread.php?t=478720
>> >
>
> Do you have the webconsole enabled (ie: like
> http://servername/gw/webacc?action=Admin.Open)?
>
> If so, does it show any log files being written?
>
> If it does, then we can use the Linux Find command to see where it's
> storing them.
>
> --Kevin
>
>
> --
> The opinions expressed are my own.
> Check out my OES2 Guides:
> Installing OES2 SP2:
> http://www.novell.com/communities/no...allation-guide
> Upgrading to OES2 with ID Transfer:
> http://www.novell.com/communities/no...r-id-scenarios
> GroupWise Migration with OES2 ID Transfer:
> http://www.novell.com/communities/no...p2-transfer-id
> ------------------------------------------------------------------------
> kjhurni's Profile: https://forums.novell.com/member.php?userid=734
> View this thread: https://forums.novell.com/showthread.php?t=478720
>

Cannot view OWA email - after upgrade to Firefox 5.0, Outlook Web Access displays ASCII characters (garbage) in message body. Same issue with multiple servers.

Email body of HTML or RTF messages are rendered in ASCII characters after upgrading to Firefox 5 when viewing email in MS Outlook Web Access (OWA) light from MS Exchange 2007 servers. Issue is repeatable with two entirely different Exchange systems.
Text email renders OK. Work around is to forward email (in use MS-IE).

You are welcome. I'm glad you got it back up.
(1) You say you did the symbolic link. I will assume this is set correctly; it's very important that it is.
(2) I don't know what you mean by "Been feeding the [email protected] for several weeks now, 700 emails each day at least." After the initial training period, SpamAssassin doesn't learn from mail it has already processed correctly. At this point, you only need to teach SpamAssassin when it is wrong. [email protected] should only be getting spam that is being passed as clean. Likewise, [email protected] should only be getting legitimate mail that is being flagged as junk. You are redirecting mail to both [email protected] and [email protected] ... right? SpamAssassin needs both.
(3) Next, as I said before, you need to implement those "Frontline spam defense for Mac OS X Server." Once you have that done and issue "postfix reload" you can look at your SMTP log in Server Admin and watch as Postfix blocks one piece of junk mail after another. It's kind of cool.
(4) Add some SARE rules:
Visit http://www.rulesemporium.com/rules.htm and download the following rules:
70sareadult.cf
70saregenlsubj0.cf
70sareheader0.cf
70sarehtml0.cf
70sareobfu0.cf
70sareoem.cf
70sarespoof.cf
70sarestocks.cf
70sareunsub.cf
72sare_redirectpost
Visit http://www.rulesemporium.com/other-rules.htm and download the following rules:
backhair.cf
bogus-virus-warnings.cf
chickenpox.cf
weeds.cf
Copy these rules to /etc/mail/spamassassin/
Then stop and restart mail services.
There are other things you can do, and you'll find differing opinions about such things. In general, I think implementing the "Frontline spam defense for Mac OS X Server" and adding the SARE rules will help a lot. Good luck!

RD Gateway and RD Web Access - better together or on different servers?

I am evaluating Remote Desktop Services with 2012 R2 and initially I had all the roles on 1 server for testing. I began thinking it would be a better setup to split the RD Gateway role and the RD Webaccess role into different servers for security purposes.
This way I could expose only the RD Gateway to the internet and the Web Access role would not be exposed. In all my reading and searching it seems that nearly every article I come upon has both RD Gateway and Web Access installed on the same system.
What is the ideal setup from a security standpoint to have the these two roles separate or does it not mater? If it does not mater then I will setup 1 server with Gateway and Web Access and I will then have other servers for licensing, broker, session
host, and visualization host once I move this into production.
If these roles are on the same system how do I know if the gateway role is doing anything? Is the FQDN\rdweb the correct URL to use even when the gateway is implemented?
If they are separate how do I tell the gateway and web access servers to use each other?

Hi,
As far as I know, it’s fine to have RD Gateway and RD Web Access roles installed on the same server.
“Normally external users would log on to RD Web Access via tcp port 443, click on a RemoteApp and connect to RD Gateway via
tcp 443/udp 3391, RDG connects them to RDCB on tcp 3389 which redirects them to a RDSH server, finally the RDG connects to the RDSH on tcp 3389/udp 3389.”
Quoted from TP in this post below:
RD Gateway and RD web issue
https://social.technet.microsoft.com/Forums/windowsserver/en-US/5ab40559-23f7-4ebc-b60d-87375cc55674/rd-gateway-and-rd-web-issue?forum=winserverTS
More links below for you:
RD Gateway deployment in a perimeter network & Firewall rules
http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
Remote Desktop Gateway/Web Server Placement
https://social.technet.microsoft.com/forums/windowsserver/en-US/b2970cf5-a5b5-494c-88b7-cd6e01f84bb6/remote-desktop-gatewayweb-server-placement
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]

Windows 2008 R2 + Remote Desktop Web Access + Single Sign-On + 2 servers

Hi
First sorry for my English. I have got problem with run SSO with RDWeb. I configured everything follow this instructions: http://blogs.msdn.com/b/rds/archive/2009/08/11/introducing-web-single-sign-on-for-remoteapp-and-desktop-connections.aspx
and http://blogs.technet.com/b/mrsnrub/archive/2010/03/22/remote-desktop-services-websso.aspx. After logon to RDWeb web page I click application icon. Then I see dialog box for credentials - SSO not working.
I have got 2 servers with Windows Server 2008 R2 Standard:
Server OL-AP1 with role Remote Desktop Session Host (RDSH) and certificate for digital sign RemoteApps
Server OL-AP04 with ONLY Remote Desktop Web Access (RD Web) with certificate for https
Client PC: Windows 7 SP1 with installing certificate for OL-AP01 witch I used for digital sign RemoteApps
All certificates created by enterprise domain CA - Active Directory Certificate Services (AD CS)

Hi,
Thank you for posting in Windows Server Forum.
Do you have RD Gateway setup in your environment?
Have you configure RD Connection Broker and set the Fully Qualified Domain Name (FQDN) of the RD Connection Broker server in case of RD Connection Broker mode. In RD Session mode, it is set to the FQDN of the RD Web Access server.
Client operating systems must trust the certificate with which the RemoteApp programs are signed. Suggest to install RDP 8.1 for client OS.
Do you have a trusted certificate with a matching name configured on your RDSH server in RD Session Host Configuration? (Means cert must match the name that clients use to connect to it for running the RemoteApp).
Hope it helps!
Thanks.
Dharmesh Solanki

Outlook Web Access is currently unavailable. If the problem continues, contact technical support for your organization and tell them the following: No Client Access servers of the appropriate version can be accessed from the Internet

Good Morning,
We are getting this error
Outlook Web Access is currently unavailable. If the problem continues, contact technical support for your organization and tell them the following: No Client Access servers
of the appropriate version can be accessed from the Internet
We installed a new Exchange 2007 CAS on Windows 2008R2. Got rid of old CAS on Exchange 2007. Now seeing this error. Does anyone have an idea??

Hi,
If the issue persists, I recommend you install Exchange 2007 SP3 RU7 and check the result. Also, ensure that Exchange 2010 SP2 RU1 or later version is installed. Old Exchange version may lead to the CAS-to-CAS proxy incompatibility.
What's more, here are some helpful blogs for your reference.
Exchange 2010 SP2 RU1 and CAS-to-CAS Proxy Incompatibility
http://blogs.technet.com/b/exchange/archive/2012/02/17/exchange-2010-sp2-ru1-and-cas-to-cas-proxy-incompatibility.aspx
OWA Coexistence With Legacy Versions
http://blogs.technet.com/b/sjimmie/archive/2010/07/09/owa-coexistence-with-legacy-versions.aspx
Hope this can be helpful to you.
Best regards,
Amy Wang
TechNet Community Support

Can't Access Internal Servers From Behind An ASA 5505

Hi all.
I am having some trouble accessing some backup Email (Outlook Web Access) and Citrix servers located behind an ASA 5505 firewall at a remote datacentre. Simply put, when I go to the specific URL (e.g. https://citrixdr.xxx.co.uk) I do not arrive at the splash page, I just get a message saying that the server took too long to respond in the web browser. I'm wondering whether I have missed something on the configuraiton or the firewall itself is not letting my requests through.
The remote servers are located at a remote Disaster Recovery site and use the subnet 192.168.4.0/24. I am at head office which is connected to the DR site via a VPN using 192.168.1.0/24.
My running configuration is below, if anyone could have a browse through it it would be much appreciated.
LM-DR-ASA5505# show run
: Saved
ASA Version 8.2(5)
hostname xxx
domain-name xxx.local
enable password 9tc.bMMQOdcEzWlK encrypted
passwd zh5kKKD1zRf47kwr encrypted
names
name 216.82.240.0 MLT1
name 67.219.240.0 MLT2
name 85.158.136.0 MLT3
name 95.131.104.0 MLT4
name 46.226.48.0 MLT5
name 117.120.16.0 MLT6
name 193.109.254.0 MLT7
name 194.106.220.0 MLT8
name 195.245.230.0 MLT9
name 103.3.96.0 MLT10
name xxx.xxx.xxx.xxx citrixdr.xxx.co.uk
name xxx.xxx.xxx.xxx maildr.xxx.co.uk
name xxx.xxx.xxx.xxx webmaildr.xxx.co.uk
name 192.168.4.23 LON-EXCH-03
name 192.168.4.30 Citrix-Access-Gateway
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.4.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address xxx.xxx.xxx.xxx 255.255.255.248
ftp mode passive
dns server-group DefaultDNS
domain-name xxx.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service DM-INLINE-SERVICE
service-object icmp
service-object tcp eq www
service-object tcp eq https
object-group network VPN-REMOTE
network-object 192.168.1.0 255.255.255.0
object-group protocol PROTOCOL-LIST
protocol-object ip
protocol-object icmp
protocol-object pim
protocol-object pcp
protocol-object snp
protocol-object udp
protocol-object igmp
protocol-object ipinip
protocol-object gre
protocol-object esp
protocol-object ah
protocol-object tcp
protocol-object eigrp
protocol-object ospf
protocol-object igrp
protocol-object nos
object-group service DM-INLINE-TCP-1 tcp
port-object eq https
port-object eq smtp
object-group service DM-INLINE-TCP-2 tcp
port-object eq www
port-object eq https
object-group network MESSAGE-LABS-TOWERS
network-object MLT1 255.255.240.0
network-object MLT2 255.255.240.0
network-object MLT3 255.255.248.0
network-object MLT4 255.255.248.0
network-object MLT5 255.255.248.0
network-object MLT6 255.255.248.0
network-object MLT7 255.255.254.0
network-object MLT8 255.255.254.0
network-object MLT9 255.255.254.0
network-object MLT10 255.255.252.0
access-list inside-access-in extended permit ip 192.168.4.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside-access-in extended permit ip any any
access-list inside-access-in extended permit ip 192.168.4.0 255.255.255.0 any
access-list inside-access-in extended permit icmp any any
access-list outside-access-in extended permit object-group DM-INLINE-SERVICE any any
access-list outside-access-in extended permit ip 192.168.4.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside-access-in extended permit icmp 192.168.4.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside-access-in extended permit tcp any host webmaildr.xxx.co.uk object-group DM-INLINE-TCP-2
access-list outside-access-in extended permit tcp any host maildr.xxx.co.uk object-group DM-INLINE-TCP-1
access-list outside-access-in extended permit tcp any host citrixdr.xxx.co.uk eq https
access-list outside-access-in extended permit tcp object-group MESSAGE-LABS-TOWERS host LON-EXCH-03 eq smtp
access-list outside-1-cryptomap extended permit ip 192.168.4.0 255.255.255.0 host xxx.xxx.xxx.xxx
access-list outside-1-cryptomap extended permit ip 192.168.4.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 101 extended permit ip 192.168.4.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside-nat0-outbound extended permit ip 192.168.4.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list testcap extended permit icmp host 192.168.1.11 host 192.168.4.1
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside-nat0-outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp citrixdr.xxx.co.uk https Citrix-Access-Gateway https netmask 255.255.255.255
static (inside,outside) tcp maildr.xxx.co.uk smtp LON-EXCH-03 smtp netmask 255.255.255.255
static (inside,outside) tcp webmaildr.xxx.co.uk https LON-EXCH-03 https netmask 255.255.255.255
access-group inside-access-in in interface inside
access-group outside-access-in in interface outside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
route outside 192.168.1.0 255.255.255.0 xxx.xxx.xxx.xxx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http xxx.xxx.xxx.xxx 255.255.255.255 outside
http 192.168.4.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside-map 1 match address outside-1-cryptomap
crypto map outside-map 1 set peer xxx.xxx.xxx.xxx
crypto map outside-map 1 set transform-set ESP-3DES-SHA
crypto map outside-map interface outside
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet 192.168.4.0 255.255.255.0 inside
telnet 0.0.0.0 0.0.0.0 inside
telnet xxx.xxx.xxx.xxx 255.255.255.255 outside
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh 192.168.4.0 255.255.255.0 inside
ssh xxx.xxx.xxx.xxx 255.255.255.255 outside
ssh xxx.xxx.xxx.xxx 255.255.255.255 outside
ssh xxx.xxx.xxx.xxx 255.255.255.255 outside
ssh timeout 5
ssh version 2
console timeout 0
management-access inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username xxx password LUZB8j2zj03xvSeF encrypted
username xxx password RxEDmrZ7KCRzPu4T encrypted
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *****
class-map inspection_default
policy-map global_policy
class inspection_default
inspect icmp
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:61e54b16fb87f1e6fa3b8d520e87ddc0
: end

Hi Jouni, thanks for your response.
Turns out that the Citrix Access Gateway wasn't set up until yesterday evening and by then I had stopped trying for the day. It is now set up and external access is available.
Further to this, my colleague forgot to inform me of the change of I.P. address of the Exchange server. This meant that Webmail requests were pointing to an I.P. address that didn't exist.
I have reconfigured the firewall this morning and external access for Webmail is also working correctly.

How do I change the URL to the Remote Web Access server in Windows Server 2012?

Hallo!
I have set up a Remote Dexktop Service using the "Quick" deployment method in Server Manager and everything is working greate internally, but I cannot start an app published in Remote Web Access from outside our network.
The problem is that it wants to start the using the internal URL, for example, server.domain.local, instead of the external one, for example remote.server.com.
I therefore want to know how I can change the default URL for the Remote Web Access server and all the Remote Web Apps in Windows Server 2012?
I have allready looked in Server Manager and I can change some of the deployment settings in server manager, but there is no way to alter the URL of the Remote Web Access server. See below images:
Pressing the internal URL only results in opening the internal URL.
This was very simple to do in Windows Server 2008 R2 using the tsconfig tool, but it does not seam to be any way of solving this in server manager.
A possible sollution would be to alter the registry someware in HKLM->Software->Microsoft->Windows NT->Terminal Services. But this can easaly lead to problems due to wrong format, etc. and is probably not supported.
Is there a simpler and supported way?

That option can be used to connect to any machine that you want. The error message indicates that the client machine cannot resolve the name "server.domain.local" to an IP address that it can connect to.
You have several options for configuring that tab on the RDweb site. You can even remove it entirely.
Customization of RD Web Site
RD Web provides a number of customization options for the RD Web interface, including the ability to control default Gateway server settings and redirection settings. These settings
are controlled by editing the web.config file located in %SYSTEMROOT%\Web\RDWeb\Pages.
Displaying Local Help
To display local help for users instead of the web-based help, edit the LocalHelp value and change the value from false to true.

<add key="LocalHelp" value="false" />
When this value is changed, a user that clicks on Help in the upper right corner of the RD Web login page will open the local help file instead of web-based help.
Hiding the Connect to a Remote PC Tab
The RDWeb page
Connect to a Remote PC tab can be hidden from users to prevent connections to any servers through RD Web other than the servers configured in a collection. By default, this setting is set to true and the
Remote Desktops tab is displayed. To hide the tab, set the value to false.

<add key="ShowDesktops" value="true" />
When the value is set to false, a user will not see the Connect to a Remote PC tab when logged on to the RD Web page
RD Gateway Settings
If the Connect to a Remote PC tab is enabled, an administrator can configure RD Web to use a Gateway server when connecting to remote computers. To specify a gateway, edit the below
value with the name of the RD Gateway server:

<add key="DefaultTSGateway" value="" />
The default authentication method for the RD Gateway server can also be configured by editing the following section of the web.config:

<add key="GatewayCredentialsSource" value="0" />
Devices and Resources
By default, only Printers and Clipboard are redirected on connections made using the Connect to a Remote PC tab. If the user clicks the
Options << button, the redirection settings for a specific connection can be modified
To configure each specified redirection option to be enabled or disabled by default, edit the following section in the web.config file:

<add key="xPrinterRedirection" value="true" />
<add key="xClipboard" value="true" />
<add key="xDriveRedirection" value="false" />
<add key="xPnPRedirection" value="false" />
<add key="xPortRedirection" value="false" />
LAN Experience Defaults
Windows Server 2012 RD Web Access can display a new user selectable option for optimizing the connection for a LAN experience. This option is displayed at the bottom of the RD Web
page and can be controlled by the administrator using the following section of the web.config file:

<add key="ShowOptimizeExperience" value="false" />
<add key="OptimizeExperienceState" value="false" />
This value is set to false by default, but when changed to true, the following checkbox will display at the bottom of the webpage. The LAN experience
checkbox can also be set as enabled by default.
Each setting can also be modified using the IIS Manager user interface:
Don Geddes - SR Support Escalation Engineer - Remote Desktop Services - Printing and Imaging

RD Web access SSO - remote desktop doesn't work

Hi,
This is my first post in here, and I hope you gays can help me out.
I am currently experiencing some issues with RD Web SSO not working as I would like it to work. I have found countless articles and guides describing how to get it to work, but no guide have yet helped me.
The problem is that when I log in on the web access and open a published application everything works fine I wait 5 sec and the application pups up, but when I try to open "Remote Desktop" then I get a new log in box where I must enter my log in credentials
again (after entering my credentials everything work great.)
The problems I am currently facing is produced in a demo environment configured as follows:
1x DC server (DC01) also the lic server
2x RDS server (RDS01/02)
1x RDS Connection broker (RDCM01) I have created a farm named "farm01.mydomain.com"
1x RDS Web access server (RDWA01)
1x RDS Gateway (RDSGW01)
(All the Servers are installed with Windows server 2008 (R2) SP1, and have the latest update.)
I am publishing my demo environment on the internet, i have created a domain name for my gateway and my web access and they are both accessible from the web (rdwa.mydomain.com and rdsgw.mydomaim,com). I also have secured everything with an SSL wildcard certificate
( my external and intern domain names are the same so I am using one SSl certificate) that is trusted on the web.
when I log in on the web access server trough (IE9 or IE8 ) from another network(wan) and I open a published application (calculator), it pop ups in just a few seconds. But when I try to open my Remote desktop I get a login box where I must enter my
username and password one more time.. after that remote desktop opens and everything works great.
My laptop is a Windows 7 professional with RDP 7 and IE 9, and is not member of a domain (just a workstation), I have tested it from multiple workstations and networks(Also win 7 and RDP7) but even there I have the same problem.
Thinks that I have tried tell now:
I have created a kerberos account as mentioned on
MSDN
I have checked my group permissions as mentioned
here
And many more blogs and forums
I have tried multiple settings on RDCM, RDWA, RDSGW and RDS server
Right now I am out of ideas, and I hope you gays can help me out..
thanks in advance,
Pouyan

Thnx for you advise,
Did you go into your RemoteApp Deployment settings and change the server name to the farm name "farm01.mydomain.com?"
Yes
Also in the Session Broker's RemoteApp and Desktop Connection Properties window change the Connection ID to the farm name as well.
actually I couldn't find out what to put on the connection ID so I had left it just default, but after changing it to the farm name it still doesn't work
Did you sign you apps with the cert used on your RDS servers?
yes, I am using a wildcard ssl certificate to sign all the servers/apps with.
there is
something that
strikes me, when I log on the web access and click on a published application (that is hosted from the same RDS servers) then I get a information box. when I click on the "details" button I see on the bottom "use the following credentials to connect" and my
domain and username are published there. But when I click on the "Remote desktop" icon and do the same I can't see this information!!
Also I don't think that its an SSL problem, because after log in again it works perfect without any warning.

Error in Remote Web Access - "An unexpected error occurred. Please try again. If the problem continues, contact the person who manages your server."

I have set up the RWA and I can log in to the web console with my server account. However when I click on any of the shared folders I get this error:
An unexpected error occurred. Please try again. If the problem continues, contact the person who manages your server.
Does anyone know how to troubleshoot this?
Regards,
Maciek

I had this very same issue with one of our customer's servers that was running Windows Server Essentials. I ended up calling Microsoft about the issue. I hope this helps someone. This originally appeared on my blog: http://techspeeder.com/2014/01/14/remote-web-access-error-an-unexpected-error-occurred/
Troubleshooting Steps:
1. We were getting unexpected errors while accessing shared folders remotely
2. The tech found IIS handlers were missing
3. She went to IIS > server level ( parent level) and added managed handler mapping :
Name: svc-Integrated-4.0
Request path: *.svc
Executable: System.ServiceModel.Activation.ServiceHttpHandlerFactory, System.ServiceModel.Activation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
4. Added script mapping:
Name: svc-ISAPI-4.0_64bit
Request path: *.svc
Executable: windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll
Name: svc-ISAPI-4.0_32bit
Request path: *.svc
Executable: windir%\Microsoft.NET\Framework32\v4.0.30319\aspnet_isapi.dll
5. Ran IISreset.
6. We were able to access resources in Remote access, then.

Fix many web access problems with IFS 9.0.1 on Solaris (and other OS's)...

When the installation is done according to the documentation,
web access does not work because the scripts that add entries to
the jserv.properties file add duplicate references to
wrapper.env and wrapper.classpath. Look at the jserv.properties
file below and look at the remarked-out (#) lines of the
duplicate references. For example, look at the references to the
wrapper.env=LD_LIBRARY_PATH
Oracle, please note this bug so the web access problems are
minimized when the product is intstalled.
Thank you,
William T.
# Apache JServ Configuration
File #
################################ W A R N I N G
# Unlike normal Java properties, JServ configurations have some
important
# extensions:
# 1) commas are used as token separators
# 2) multiple definitions of the same key are concatenated in
a
# comma separated list.
# Execution parameters
# The Java Virtual Machine interpreter.
# Syntax: wrapper.bin=[filename] (String)
# Note: specify a full path if the interpreter is not visible in
your path.
wrapper.bin=/d3/Apache/jdk/bin/java
# Arguments passed to Java interpreter (optional)
# Syntax: wrapper.bin.parameters=[parameters] (String)
# Default: NONE
wrapper.bin.parameters=-Xms64m
wrapper.bin.parameters=-Xmx128m
# Apache JServ entry point class (should not be changed)
# Syntax: wrapper.class=[classname] (String)
# Default: "org.apache.jserv.JServ"
# Arguments passed to main class after the properties filename
(not used)
# Syntax: wrapper.class.parameters=[parameters] (String)
# Default: NONE
# Note: currently not used
# PATH environment value passed to the JVM
# Syntax: wrapper.path=[path] (String)
# Default: "/bin:/usr/bin:/usr/local/bin" for Unix systems
# "c:\(windows-dir);c:\(windows-system-dir)" for Win32
systems
# Notes: if more than one line is supplied these will be
concatenated using
# ":" or ";" (depending wether Unix or Win32) characters
# Under Win32 (windows-dir) and (windows-system-dir) will
be
# automatically evaluated to match your system
requirements
# CLASSPATH environment value passed to the JVM
# Syntax: wrapper.classpath=[path] (String)
# Default: NONE (Sun's JDK/JRE already have a default classpath)
# Note: if more than one line is supplied these will be
concatenated using
# ":" or ";" (depending wether Unix or Win32) characters.
JVM must be
# able to find JSDK and JServ classes and any utility
classes used by
# your servlets.
# Note: the classes you want to be automatically reloaded upon
modification
# MUST NOT be in this classpath or the classpath of the
shell
# you start the Apache from.
wrapper.classpath=/d3/Apache/jdk/lib/tools.jar
wrapper.classpath=/d3/Apache/Jserv/libexec/ApacheJServ.jar
wrapper.classpath=/d3/Apache/Jsdk/lib/jsdk.jar
# An environment name with value passed to the JVM
# Syntax: wrapper.env=[name]=[value] (String)
# Default: NONE on Unix Systems
# SystemDrive and SystemRoot with appropriate values on
Win32 systems
wrapper.env=PATH=/d3/bin
# An environment name with value copied from caller to Java
Virtual Machine
# Syntax: wrapper.env.copy=[name] (String)
# Default: NONE
# Uncomment the following lines to set the default locale and
NLS_LANG
# setting based on the environment variables.
# wrapper.env.copy=LANG
# wrapper.env.copy=NLS_LANG
# Copies all environment from caller to Java Virtual Machine
# Syntax: wrapper.env.copyall=true (boolean)
# Default: false
# Protocol used for signal handling
# Syntax: wrapper.protocol=[name] (String)
# Default: ajpv12
# General parameters
# Set the default IP address or hostname Apache JServ binds (or
listens) to.
# If you have a machine with multiple IP addresses, this address
# will be the one used. If you set the value to localhost, it
# will be resolved to the IP address configured for the locahost
# on your system (generally this is 127.0.0.1). This feature is
so
# that one can have multiple instances of Apache JServ listening
on
# the same port number, but different IP addresses on the same
machine.
# Use bindaddress=* only if you know exactly what you are doing
here,
# as it could let JServ wide open to the internet.
# You must understand that JServ has to answer only to Apache,
and should not
# be reachable by nobody but mod_jserv. So localhost is usually a
# good option. The second best choice would be an internal
network address
# (protected by a firewall) if JServ is running on another
machine than Apache.
# Ask your network admin.
# "*" may be used on boxes where some of the clients get
connected using
# "localhost"and others using another IP addr.
# Syntax: bindaddress=[ipaddress] or [localhost] or [*]
# Default: localhost
bindaddress=localhost
# Set the port Apache JServ listens to.
# Syntax: port=[1024,65535] (int)
# Default: 8007
port=8007
# Servlet Zones parameters
# List of servlet zones Apache JServ manages
# Syntax: zones=[servlet zone],[servlet zone]... (Comma
separated list of String)
# Default: NONE
zones=root
# Configuration file for each servlet zone (one per servlet zone)
# Syntax: [servlet zone name as on the zones list].properties=
[full path to configFile]
(String)
# Default: NONE
# Note: if the file could not be opened, try using absolute
paths.
root.properties=/d3/Apache/Jserv/etc/zone.properties
# Thread Pool parameters
# Enables or disables the use of the thread pool.
# Syntax: pool=true (boolean)
# Default: false
# WARNING: the pool has not been extensively tested and may
generate
deadlocks.
# For this reason, we advise against using this code in
production environments.
pool=false
# Indicates the number of idle threads that the pool may contain.
# Syntax: pool.capacity=(int)>0
# Default: 10
# NOTE: depending on your system load, this number should be low
for contantly
# loaded servers and should be increased depending on load
bursts.
pool.capacity=10
# Indicates the pool controller that should be used to control
the
# level of the recycled threads.
# Syntax: pool.controller=[full class of controller] (String)
# Default: org.apache.java.recycle.DefaultController
# NOTE: it is safe to leave this unchanged unless special
recycle behavior
# is needed. Look at the "org.apache.java.recycle" package
javadocs for more
# info on other pool controllers and their behavior.
pool.controller=org.apache.java.recycle.DefaultController
# Security parameters
# Enable/disable the execution of org.apache.jserv.JServ as a
servlet.
# This is disabled by default because it may give informations
that should
# be restricted.
# Note that the execution of Apache JServ as a servlet is
filtered by the web
# server modules by default so that both sides should be enabled
to let this
# service work.
# This service is useful for installation and configuration
since it gives
# feedback about the exact configurations Apache JServ is using,
but it should
# be disabled when both installation and configuration processes
are done.
# Syntax: security.selfservlet=true (boolean)
# Default: false
# WARNING: disable this in a production environment since may
give reserved
# information to untrusted users.
security.selfservlet=true
# Set the maximum number of socket connections Apache JServ may
handle
# simultaneously. Make sure your operating environment has
enough file
# descriptors to allow this number.
# Syntax: security.maxConnections=(int)>1
# Default: 50
security.maxConnections=50
# Backlog setting for very fine performance tunning of JServ.
# Unless you are familiar to sockets leave this value commented
out.
# security.backlog=5
# List of IP addresses allowed to connect to Apache JServ. This
is a first
# security filtering to reject possibly unsecure connections and
avoid the
# overhead of connection authentication.
# <warning>
# (please don't use the following one unless you know what you
are doing :
# security.allowedAddresses=DISABLED
# allows connections on JServ'port from entire internet.)
# You do need only to allow YOUR Apache to talk to JServ.
# </warning>
# Default: 127.0.0.1
# Syntax: security.allowedAddresses=[IP address],[IP Address]...
(Comma
separated list of IP addresses)
#security.allowedAddresses=127.0.0.1
# Enable/disable connection authentication.
# NOTE: unauthenticated connections are a little faster since
authentication
# handshake is not performed at connection creation.
# WARNING: authentication is disabled by default because we
believe that
# connection restriction from all IP addresses but localhost
reduces your
# time to get Apache JServ to run. If you allow other addresses
to connect and
# you don't trust it, you should enable authentication to
prevent untrusted
# execution of your servlets. Beware: if authentication is
disabled and the
# IP address is allowed, everyone on that machine can execute
your servlets!
# Syntax: security.authentication=[true,false] (boolean)
# Default: true
security.authentication=false
# Authentication secret key.
# The secret key is passed as a file that must be kept secure
and must
# be exactly the same of those used by clients to authenticate
themselves.
# Syntax: security.secretKey=[secret key path and filename]
(String)
# Default: NONE
# Note: if the file could not be opened, try using absolute
paths.
#security.secretKey=./etc/jserv.secret.key
# Length of the randomly generated challenge string (in bytes)
used to
# authenticate connections. 5 is the lowest possible choice to
force a safe
# level of security and reduce connection creation overhead.
# Syntax: security.challengeSize=(int)>5
# Default: 5
#security.challengeSize=5
# Logging parameters
# Enable/disable Apache JServ logging.
# WARNING: logging is a very expensive operation in terms of
performance. You
# should reduced the generated log to a minumum or even disable
it if fast
# execution is an issue. Note that if all log channels (see
below) are
# enabled, the log may become really big since each servlet
request may
# generate many Kb of log. Some log channels are mainly for
debugging
# purposes and should be disabled in a production environment.
# Syntax: log=[true,false] (boolean)
# Default: true
log=true
# Set the name of the trace/log file. To avoid possible
confusion about
# the location of this file, an absolute pathname is recommended.
# This log file is different than the log file that is in the
# jserv.conf file. This is the log file for the Java portion of
Apache
# JServ.
# On Unix, this file must have write permissions by the owner of
the JVM
# process. In other words, if you are running Apache JServ in
manual mode
# and Apache is running as user nobody, then the file must have
its
# permissions set so that that user can write to it.
# Syntax: log.file=[log path and filename] (String)
# Default: NONE
# Note: if the file could not be opened, try using absolute
paths.
log.file=/d3/Apache/Jserv/logs/jserv.log
# Enable the timestamp before the log message
# Syntax: log.timestamp=[true,false] (boolean)
# Default: true
log.timestamp=true
# Use the given string as a data format
# (see java.text.SimpleDateFormat for the list of options)
# Syntax: log.dateFormat=(String)
# Default: [dd/MM/yyyy HH:mm:ss:SSS zz]
log.dateFormat=[dd/MM/yyyy HH:mm:ss:SSS zz]
# Since all the messages logged are processed by a thread
running with
# minimum priority, it's of vital importance that this thread
gets a chance
# to run once in a while. If it doesn't, the log queue overflow
occurs,
# usually resulting in the OutOfMemoryError.
# To prevent this from happening, two parameters are used:
log.queue.maxage
# and log.queue.maxsize. The former defines the maximum time for
the logged
# message to stay in the queue, the latter defines maximum
number of
# messages in the queue.
# If one of those conditions becomes true (age > maxage || size
maxsize),# the log message stating that fact is generated and the log
queue is
# flushed in the separate thread.
# If you ever see such a message, either your system doesn't
live up to its
# expectations or you have a runaway loop (probably, but not
necessarily,
# generating a lot of log messages).
# WARNING: Default values are lousy, you probably want to tweak
them and
# report the results back to the development team.
# Syntax: log.queue.maxage = [milliseconds]
# Default: 5000
log.queue.maxage = 5000
# Syntax: log.queue.maxsize = [integer]
# Default: 1000
log.queue.maxsize = 1000
# Enable/disable logging the channel name
# Default: false
# log.channel=false
# Enable/disable channels, each logging different actions.
# Syntax: log.channel.[channel name]=[true,false] (boolean)
# Default: false
# Info channel - quite a lot of informational messages
# hopefully you don't need them under normal circumstances
# log.channel.info=true
# Servlets exception, i.e. exception caught during
# servlet.service() processing are monitored here
# you probably want to have this one switched on
log.channel.servletException=true
# JServ exception, caught internally in jserv
# we suggest to leave it on
log.channel.jservException=true
# Warning channel, it catches all the important
# messages that don't cause JServ to stop, leave it on
log.channel.warning=true
# Servlet log
# All messages logged by servlets. Probably you want
# this one to be switched on.
log.channel.servletLog=true
# Critical errors
# Messages produced by critical events causing jserv to stop
log.channel.critical=true
# Debug channel
# Only for internal debugging purposes
# log.channel.debug=true
#wrapper.classpath=/d3/ord/jlib/ordim.zip
#wrapper.classpath=/d3/ord/jlib/ordhttp.zip
# Oracle XSQL Servlet
wrapper.classpath=/d3/lib/oraclexsql.jar
# Oracle JDBC
wrapper.classpath=/d3/jdbc/lib/classes12.zip
# Oracle XML Parser V2 (with XSLT Engine)
wrapper.classpath=/d3/lib/xmlparserv2.jar
# Oracle XML SQL Components for Java
wrapper.classpath=/d3/rdbms/jlib/xsu12.jar
# XSQLConfig.xml File location
wrapper.classpath=/d3/xdk/admin
# Oracle BC4J
wrapper.classpath=/d3/ord/jlib/ordim.zip
wrapper.classpath=/d3/ord/jlib/ordvir.zip
wrapper.classpath=/d3/ord/jlib/ordhttp.zip
wrapper.classpath=/d3/BC4J/lib/jndi.jar
wrapper.classpath=/d3/BC4J/lib/jbomt.zip
wrapper.classpath=/d3/BC4J/lib/javax_ejb.zip
wrapper.classpath=/d3/BC4J/lib/jdev-rt.jar
wrapper.classpath=/d3/BC4J/lib/jbohtml.zip
wrapper.classpath=/d3/BC4J/lib/jboremote.zip
wrapper.classpath=/d3/BC4J/lib/jdev-cm.jar
wrapper.classpath=/d3/BC4J/lib/jbodomorcl.zip
wrapper.classpath=/d3/BC4J/lib/jboimdomains.zip
wrapper.classpath=/d3/BC4J/lib/collections.jar
wrapper.classpath=/d3/Apache/Apache/htdocs/onlineorders_html
#wrapper.classpath=/d3/Apache/Apache/htdocs/OnlineOrders_html/Onl
ineOrders.jar
# The following classpath entries are necessary for EJBs to run
in IAS or DB when
present
wrapper.classpath=/d3/lib/aurora_client.jar
wrapper.classpath=/d3/lib/vbjorb.jar
wrapper.classpath=/d3/lib/vbjapp.jar
# Oracle Servlet
wrapper.classpath=/d3/lib/servlet.jar
# Oracle Java Server Pages
wrapper.classpath=/d3/jsp/lib/ojsp.jar
# Oracle Util
wrapper.classpath=/d3/jsp/lib/ojsputil.jar
# Oracle Java SQL
wrapper.classpath=/d3/sqlj/lib/translator.zip
# Oracle JDBC
#wrapper.classpath=/d3/jdbc/lib/classes12.zip
# SQLJ runtime
wrapper.classpath=/d3/sqlj/lib/runtime12.zip
# Oracle Messaging
wrapper.classpath=/d3/rdbms/jlib/aqapi.jar
wrapper.classpath=/d3/rdbms/jlib/jmscommon.jar
# OJSP environment settings
#wrapper.env=ORACLE_HOME=/d3
# The next line should be modified to reflect the value of the
SID for your
webserver.
#wrapper.env=ORACLE_SID=cmpdb
#wrapper.env=LD_LIBRARY_PATH=/d3/lib
## Enable the flag below if you are using jdk 1.2.2_05a or above
#wrapper.env=JAVA_COMPILER=NONE
# Advanced Queuing - AQXML
wrapper.classpath=/d3/rdbms/jlib/aqxml.jar
#wrapper.classpath=/d3/rdbms/jlib/xsu12.jar
#wrapper.classpath=/d3/lib/xmlparserv2.jar
wrapper.classpath=/d3/lib/xschema.jar
#wrapper.classpath=/d3/jlib/jndi.jar
wrapper.classpath=/d3/jlib/jta.jar
oemreporting.properties=/d3/Apache/Jserv/oemreporting/oemreportin
g.properties
zones = root, oemreporting
wrapper.classpath=/d3/jlib/share-opt-1_1_9.zip
wrapper.classpath=/d3/jlib/caboshare-opt-1_0_3.zip
wrapper.classpath=/d3/jlib/marlin-opt-1_0_7.zip
wrapper.classpath=/d3/jlib/tecate-opt-1_0_4.zip
wrapper.classpath=/d3/jlib/ocelot-opt-1_0_2.zip
wrapper.classpath=/d3/jlib/regexp.jar
wrapper.classpath=/d3/jlib/sax2.jar
#wrapper.classpath=/d3/jlib/servlet.jar
wrapper.bin.parameters= -DORACLE_HOME=/d3
#wrapper.env=LD_LIBRARY_PATH=/d3/lib32
wrapper.env.copy=DISPLAY
wrapper.bin.parameters=-DORACLE_HOME=/d3
#wrapper.classpath=/d3/lib/vbjorb.jar
#wrapper.classpath=/d3/lib/vbjapp.jar
wrapper.classpath=/d3/classes/classesFromIDLVisi
wrapper.classpath=/d3/jlib/swingall-1_1_1.jar
wrapper.classpath=/d3/jlib/ewtcompat3_3_15.jar
wrapper.classpath=/d3/jlib/ewt-3_3_18.jar
wrapper.classpath=/d3/jlib/share-1_1_9.jar
wrapper.classpath=/d3/jlib/help-3_2_9.jar
wrapper.classpath=/d3/jlib/ice-5_06_3.jar
wrapper.classpath=/d3/jdbc/lib/classes111.zip
wrapper.classpath=/d3/classes
wrapper.classpath=/d3/jlib/oembase-9_0_1.jar
wrapper.classpath=/d3/jlib/oemtools-9_0_1.jar
wrapper.classpath=/d3/jlib
wrapper.classpath=/d3/jlib/javax-ssl-1_1.jar
wrapper.classpath=/d3/jlib/jssl-1_1.jar
wrapper.classpath=/d3/jlib/netcfg.jar
wrapper.classpath=/d3/jlib/dbui-2_1_2.jar
#wrapper.classpath=/d3/lib/aurora_client.jar
#wrapper.classpath=/d3/lib/xmlparserv2.jar
wrapper.classpath=/d3/network/jlib/netmgrm.jar
wrapper.classpath=/d3/network/jlib/netmgr.jar
wrapper.classpath=/d3/network/tools
wrapper.classpath=/d3/jlib/kodiak-1_2_1.jar
wrapper.classpath=/d3/sysman/jlib/netchart360.jar
wrapper.classpath=/d3/jlib/pfjbean.jar
wrapper.env=SHLIB_PATH=/d3/lib32
wrapper.env=LIBPATH=/d3/lib32
wrapper.classpath=/d3/ultrasearch/lib/isearch_midtier.jar
wrapper.classpath=/d3/ultrasearch/lib/isearch_query.jar
wrapper.classpath=/d3/ultrasearch/lib/jgl3.1.0.jar
wrapper.classpath=/d3/lib/mail.jar
wrapper.classpath=/d3/lib/activation.jar
wrapper.classpath=/d3/ultrasearch/jsp/admin/config
# Additions for iFS
## DO NOT REMOVE OR ALTER THE FOLLOWING LINE ....
# iFS true
# Uncomment if you want to use the same Jserv as other
applications
wrapper.classpath=/d3/9ifs/custom_classes
wrapper.classpath=/d3/9ifs/settings
wrapper.classpath=/d3/9ifs/lib/adk.jar
wrapper.classpath=/d3/9ifs/lib/email.jar
wrapper.classpath=/d3/9ifs/lib/http.jar
wrapper.classpath=/d3/9ifs/lib/release.jar
wrapper.classpath=/d3/9ifs/lib/repos.jar
wrapper.classpath=/d3/9ifs/lib/utils.jar
wrapper.classpath=/d3/9ifs/lib/webui.jar
wrapper.classpath=/d3/9ifs/lib/provider.jar
wrapper.classpath=/d3/jlib/javax-ssl-1_2.jar
wrapper.classpath=/d3/jlib/jssl-1_2.jar
wrapper.env=ORACLE_HOME=/d3
wrapper.env=ORACLE_SID=cmpdb
wrapper.env=LD_LIBRARY_PATH=/d3/lib:/d3/ctx/lib:/d3/lib32
wrapper.env=NLS_LANG=.US7ASCII
## Additions for the iFS zone
# Uncomment if you want to use the same Jserv as other
applications
zones=ifs
ifs.properties=/d3/Apache/Jserv/etc/ifs.properties
# End iFS section

About your home page; Manually set up Firefox with the window(s) and tab(s)
the way you want them to be. Then;
'''''Firefox Options > General > Homepage'''''.
Press the button labeled ''''Use Current'''.'
=====================================
Open a new window or tab. In the address bar, type '''''about:config'''''.
If a warning screen comes up, press the '''''Be Careful''''' button.
This is where Firefox finds information it needs to run.
At the top of the screen is a search bar. Enter '''''browser.newtab.url'''''
and press enter. '''''browser.newtab.url'''''
tells Firefox what to show when a new tab is opened.
If you want, right click and select '''''Modify'''''. You can change the
setting to; about:home (Firefox default home page), 
about:newtab (shows the sites most visited), 
about:blank (a blank page), 
or you can enter any web page you want. 
The same instructions are used for the new window setting, listed as
'''''browser.startup.homepage'''''.

Very slow reponse times in 2012 Remote Web Access

Hi all,
I am having an issue on one of our customers 2012 servers.
All of a sudden logging into RWA is taking around 2 minutes. It takes even longer once you have logged in to wait for the rdp links to download for the end user's PCs.
I have tested this internally and get the same issue. So far I have tried:
- Trying locally
- Created a new test user with no assigned policies or anywhere access to documents and PCs (no result)
- Rebooted the server
- Restarted IIS services
- DisableTaskOffload DWORD value in the registry (as seen on another post)
- Their internet lines are fine
- No apparent performance issues on the box (physical server)
- Only event logs issue I am seeing seems to be
Remote Desktop Services has taken too long to load the user configuration from server \\server.domain.local for user USERNAME
- Could this be related?
Any further suggestions would be greatly appreciated as the home users cannot currently connect onto their PC's.

Hi Matt,
What’s the client OS and RDP version you are using?
I suggest here to update the client RDP v8.1 and check the result.
Does web access run smoothly after getting successful logon? Or facing delay in that part also?
Have you check the ping to the server successful without any delay?
For more troubleshooting you can check with NetMon or Perfmon tools to check the internal part and see the result.
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Deploy web application to multiple web front end servers

Hi,
I have a SharePoint farm that include 8 web front end servers and 2 application servers. I have created web application from central administration and during creation I added the public URL to refer to one of the web front end servers.
Now I want to be able to access the same web application from the other web front end servers what shall be done. I have tried to add alternate access mapping but i found that i only have 5 alternatives (Default, Intranet, Extranet,Internet and Custom) while
I need to access it from 8 different sites with the IP or name.
Can anyone tell me what is the best practice for that.
I appreciate the quick response.
Regards,
Ehab
Ehab

I have create my web application under the default port "80" I provided the URL for one of the web frontend servers machine name "http://Machine Name:80/"
For the AAMs that I have created I added some of the machines names of the web frontend servers
Internal URL Zone
Public URL for Zone
http://Machine-Name-01 Default
http://Machine-Name-01
http://Machine-Name-02 Intranet
http://Machine-Name-02
http://Machine-Name-03 Extranet
http://Machine-Name-03
http://Machine-Name-04 Internet
http://Machine-Name-04
http://Machine-Name-05 Custom
http://Machine-Name-05
Ehab

A problem with Win 7 Pro, Outlook Web Access based on Exchange Server 2003, and two different domains

Dear Microsoft Support,
As mentioned in the title,
I have two domains. One is Domain A at HQ. The other one is Domain A at branch office. A laptop having Win 7 Pro OS is a client of Domain A. The Domain A has Exchange Server 2003. Users of Domain B get connected to Exchange Server for email services. In
all clients of the Domain B, IP address of the email server added in C:\Windows\System 32\drivers\etc\host file.
Whereas in the clients of Domain A it was not done, because all the servers including the email server belong to the Domain A.
Now, a user with Domain A's client (it is a laptop) came to Branch office and wanted to access the Outlook (using Outlook Web Access). since there is no IP address added in the Host file of the laptop, connectivity to email is not possible. When I try to
add the IP address, I was not able to do so due to Domain A's security reasons.
So, let me know, is there a way out to add the IP address in the host file of the Domain A's client.
Thanks in advance.
Ravi Sekhar Modukuru

I would suggest adding the mailserver address in Domain B's DNS. Would that be possible?
I agree. The correct solution in this case (since it appears you already have a two-way Domain Trust in place) is to properly configure DNS in Domain 'B' to be a secondary of Domain 'A' and completely eliminate the need to maintain the HOSTS file.
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

Can't download files on Android from Server 2012 Essentials Remote Web Access

I have two servers, one with Windows Server 2012 Essentials, and the other SBS 2011. Employees like using Remote Web Access to log in from anywhere and have access to shared folders. It works perfect on a Desktop computer, but when they try to
use their Android tablets or phones, and want to download a file (e.g. a PDF) from one of the shared folders on the server, the download fails. When Microsoft was pushing 2012 they said RWA worked great on mobile devices, do I have to set up something
separately to make this happen?
I've completely disabled the firewall, and have ports 80,443,987, and 1723(just to be safe) all forwarded to the server.
I can log into the RWA site on the android, browse files and folders, but when I select a PDF to download, the download shows as if it's starting, shows in my android notification as if its going to start downloading (Shows MobileDownload www.mydomain.com)
but eventually after a few minutes, will time out and show "Download Unsuccessful".
Network connectivity is fine as I can do this on a Windows Desktop PC using any browser (Chrome, Firefox, IE) and successfully download anything I want.
UPDATE: I found this in the event handler when I tried to download something from a mobile device...
- System
- Provider
[ Name] ASP.NET 4.0.30319.0
- EventID 1309
[ Qualifiers] 32768
Level 3
Task 3
Keywords 0x80000000000000
- TimeCreated
[ SystemTime] 2014-01-12T16:49:12.000000000Z
EventRecordID 72818
Channel Application
Computer MYSERVER.MYDOMAIN.local
Security
- EventData
3005
An unhandled exception has occurred.
1/12/2014 11:49:12 AM
1/12/2014 4:49:12 PM
953eedf1ad414391a193e5f98a281da5
263
3
0
/LM/W3SVC/1/ROOT/Remote-1-130340167702975633
Full
/Remote
C:\Program Files\Windows Server\Bin\WebApps\RemoteAccess\
MYSERVER
2592
w3wp.exe
NT AUTHORITY\NETWORK SERVICE
HttpException
Server cannot set content type after HTTP headers have been sent. at System.Web.HttpResponse.set_ContentType(String value) at System.Web.UI.Page.SetIntrinsics(HttpContext context, Boolean allowAsync) at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at Microsoft.WindowsServerSolutions.Web.RemoteAccessSite.RealPageHandler.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
https://remote.MYDOMAIN.com:443/Remote/fs/MobileDownload.aspx?path=\\MYSERVER\PICTURES\2013603.jpg
/Remote/fs/MobileDownload.aspx
MY.IP.ADDRESS.141
MYDOMAIN\user
True
Forms
NT AUTHORITY\NETWORK SERVICE
31
NT AUTHORITY\NETWORK SERVICE
False
at System.Web.HttpResponse.set_ContentType(String value) at System.Web.UI.Page.SetIntrinsics(HttpContext context, Boolean allowAsync) at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at Microsoft.WindowsServerSolutions.Web.RemoteAccessSite.RealPageHandler.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Hi,
Before going further, would you please let me confirm something firstly?
Would you please let me know if all Android devices
encounter this same issue? If you download different type files, will still this issue persists? You can upload a small file (such as a text file) to the share folder, then check if Android device can’t download it.
Based on your description, when logon a desktop computer, you will download files via RWA successfully. Please use the user account which logon computer to logon
the Android device, will still fail to download?
Please check if there has enough free space in Android devices that be used to save download.
When this issue occurred, please check the state of Android device in Dashboard. Besides, I suggest you should run the Best Practices Analyzer (BPA) and fix all
it can find. Then monitor the result.
Run the Windows Server 2012 Essentials Best Practices Analyzer
http://technet.microsoft.com/en-us/library/jj200181.aspx
In addition, regarding to the Event ID 1309, please refer to the following articles.
Event ID: 1309 Source: ASP.NET 4.0.30319.0
http://www.eventid.net/display-eventid-1309-source-ASP.NET%204.0.30319.0-eventno-11022-phase-1.htm
Hope this helps.
Best regards,
Justin Gu

Web access to servers

Similar Messages

Maybe you are looking for