Hi fellows,
I am sorry.. I know the topic has been discussed here before and I have been reading the TS Step-by-step guide, the TS with OTP Scenario, TS 2008 and RSA (Scribd article) and many other resources but I am still confused as to what my next step would be and have questions that are not clearly explained in the guides. An ultimate, specific "TS/RDS with RSA Guide" just doesn't seem to exist.
I have a server called TS1 with the Terminal Server role only and I am publishing Notepad from it as a RemoteApp. I also have a server called GW1 with both TS WebAccess and TS Gateway installed. The GW1 server is behind a Cisco firewall (so no ISA available right now) that only allows connections in on 443 and NATs the public address to the local addess of GW1. The TS1 server sits on the same subnet as GW1 and there is no firewall (windows fw or any other) between them.
This set up works via the Gateway ok as I can see the connections appear in the Gateway Manager "monitoring" section. I am happy with this but need to add two-factor authentication in the loop now and it's not going well.
If I install and enable the RSA Web Agent for IIS on GW1, I have to mess around with the application pools assigments in IIS to get the RSA web page to show up. What I do is change all the applications "/WebID, /TS, /RPC, RPCwithCert" to use the TS WebAccess application pool and change the pool's identity to LocalSystem (away from its default of NetworkService). Is this technically correct? I'm not sure. None of the guides I found seem to mention this!
After making those changes I can see the RSA login page and authenticate through it. I can then see the TS Web page, click on Notepad on it and provide windows credentials but then get "Terminal Server gateway is temporarily unavailable." Without the RSA being enabled, it works fine though. I am at a loss! Any help or hints/tips would be very welcome. Thank you!
Regards
Azagoth