IMPORTANT ANNOUNCEMENT FOR OUR READERS!
AskPFEPlat is in the process of a transformation to the new Core Infrastructure and Security TechCommunity, and will be moving by the end of March 2019 to our new home at https://aka.ms/CISTechComm (hosted at https://techcommunity.microsoft.com). Please bear with us while we are still under construction!
We will continue bringing you the same great content, from the same great contributors, on our new platform. Until then, you can access our new content on either https://aka.ms/askpfeplat as you do today, or at our new site https://aka.ms/CISTechComm. Please feel free to update your bookmarks accordingly!
Why are we doing this? Simple really; we are looking to expand our team internally in order to provide you even more great content, as well as take on a more proactive role in the future with our readers (more to come on that later)! Since our team encompasses many more roles than Premier Field Engineers these days, we felt it was also time we reflected that initial expansion.
If you have never visited the TechCommunity site, it can be found at https://techcommunity.microsoft.com. On the TechCommunity site, you will find numerous technical communities across many topics, which include discussion areas, along with blog content.
NOTE: In addition to the AskPFEPlat-to-Core Infrastructure and Security transformation, Premier Field Engineers from all technology areas will be working together to expand the TechCommunity site even further, joining together in the technology agnostic Premier Field Engineering TechCommunity (along with Core Infrastructure and Security), which can be found at https://aka.ms/PFETechComm!
As always, thank you for continuing to read the Core Infrastructure and Security (AskPFEPlat) blog, and we look forward to providing you more great content well into the future!
Recently I was asked by one of my customers to assist in a project to replace TMG with UAG, specifically for their Remote Desktop RemoteApp publishing portal. I’m not an expert with UAG, but I can usually get it to do what I need it to do, and I have the secret weapon: I work for Microsoft, and I knew I COULD collaborate with the experts when and if I needed to!
The UAG portal gives them a quick, easy way to manage and handle user credentials, including password expiration, alongside the familiar RDWeb view of the published applications. Add to that the ability to extend the portal to Federated Applications, and it piqued my interest.
Unfortunately, there was one caveat, we had to be able to handle the existing documented and saved favorite URL for https://RemoteApp.Contoso.com/RDWeb. At first glance, I thought of a few different ways to do this, but it turned out that it wasn’t quite as straightforward as I had envisioned. After some research via http://www.bing.com I read several posts that said this can’t be done with various reasons why. It happens to early in the ISAPI handling from the UAG application was the one that stuck in my mind. This seemed like something that would have been thought about with UAG, and I felt that there must be a way to accomplish something as rudimentary as redirecting an inbound request to the main portal page.
I made a few calls, and white boarded a few ideas, even spent time testing and configuring different options in my lab. My range of failures included exposing another website through UAG that hosted a simple RDWeb / Default.htm that redirected back to the main UAG portal. Needless to say, I was having a much harder time getting this to work than I envisioned.
Finally, after stumbling for a little while, I came across a way to do this using the Manual URL Replacement on the UAG Trunk configuration. Now, this was also one of my first theories to make this work, but I just couldn’t seem to get the syntax right. Through trial and error, I finally discovered the proper configuration, and it was much simpler than anything I had been trying to make it.
As you can see, my configuration was pretty simple. I started with a basic UAG portal and then added the RemoteApp and Remote Desktop applications through the Add Application wizard.
Just to be clear, I’m sure there are other, and potentially better, ways to accomplish this URL redirection.
I did state that I’m not a UAG expert, right? In fact, I work with Active Directory as my specialty. This isn’t intended to be the official “THIS IS HOW YOU DO IT” post. I just know the effort that it took for me to find this workaround, and wanted to get it out there in hopes of making someone else’s job a little easier.
I configured the Manual URL replacement policy a few different ways at first and received various error messages when testing from the client portal. The errors ranged from “The URL you have requested is not associated with any application” to “You are not authorized to use this application”. The latter was because I placed “LocalHost” somewhere it wasn’t supposed to be in a redirection rule.
Now for the process I used to actually make the saved Favorites URL redirect back to the main portal page.
The first step was to edit the properties of the Portal application. I needed two things here. The first was to add my public hostname to the list of Web Servers. The second was to copy the Path listed for the portal so I could use it in the manual URL replacement rule later.
Next, I selected Configure on the Trunk.
And in the Manual URL Replacement rules, I added a new rule:
I placed /rdweb/* in the URL: box, I used /rdweb/* because I wanted to make sure that I covered any request coming in with /RDWeb/ in the URL. Then I pasted the Portal Path I copied from the Portal configuration in the To URL:. In my case this is /SecureOutsideAppsPortalHomePage/.
Next I select the Type of action I want to perform, I chose Rerouting for this because I wanted the request rerouted to the main portal page.
Finally in the Server Name box, I used the Public Hostname that I placed in the Web Servers section of the Portal and selected the checkbox for Use SSL.
Now, when my client clicks their saved RDWeb favorite link, it is redirected to the main UAG Portal page without any errors!