Forum Discussion
Remote Desktop Web Access and Remote Desktop Gateway SSO Through APM
- Sep 16, 2014
If you are going to 11.6, we are going to be publishing an iApp template that uses the new VDI profile to replace the RDG functionality. I've tested with RDWA publishing resources that go through this new proxy and it seems to work fine.
As far as trying to pre-auth connections to the RDG servers, I wouldn't recommend disabling APM for requests for the RPC proxy, as that leaves a giant security hole that defeats the purpose of using APM. Although I haven't tested it, it should be possible to pre-auth the RDP clients by creating an NTLM machine account (aka, joining the BIG-IP to the domain), creating an NTLM auth config that references that machine account, manually attaching an ECA profile to the APM virtual server, and creating an iRule to enable clientless mode for the RD client connections. You wouldn't be getting SSO with the credentials used in RDWA, however you shouldn't get prompted for credentials either as long as the client machines are joined to the domain.
Basically, if you are going to 11.6 anyway, I recommend going with the new VDI profile iApp, since it will take care of all the configuration for you.
Side topic: One bug I found, when tring to use an existing SSL client profile, I get the following error. If I have it create a new SSL profile using the same key, it works fine:
script did not successfully complete: (can't read "::apm_ssl__key": no such variable
while executing
"iapp_conf create $cssl_cmd key $::apm_ssl__key cert $::apm_ssl__cert chain none"
invoked from within
"subst $substa_out"
invoked from within
"if { [info exists [set substa_in]] } {
set substa_out [subst $$substa_in]
set substa_out [subst $substa_out]
} else {
..."
("uplevel" body line 3)
invoked from within
"uplevel {
append ::substa_debug "\n$substa_in"
if { [info exists [set substa_in]] } {
set substa_out [subst $$substa_in]
..."
(procedure "iapp_substa" line 9)
invoked from within
"iapp_substa apm_clientssl_arr($new_client_ssl,$do_chain_cert)"
(procedure "configure_apm_deployment" line 365)
invoked from within
"configure_apm_deployment" line:1)
- mikeshimkus_111Nov 21, 2014Historic F5 AccountI don't get that error, but there have been a couple of updates to the iApp since this thread started: https://clouddocs.f5.com/api/iapps/Microsoft-Remote-Desktop-Gateway-APM-Gateway-iApp.html?NoRedirect=1&NS=iApp
- Lyonell_165736Nov 21, 2014NimbostratusI'm using RC3; it also happens with RC1. I'll compare the two client SSL profiles and see if there's something in the one I already have it didn't like. Not a huge deal.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com