Secure RDWeb using Azure Multi-Factor Authentication

1. Change RDWeb authentication mode from "Forms" to "Windows"
Edit C:\Windows\Web\RDWeb\Pages\web.config
    <authentication mode="Windows"/>
<!--
    <authentication mode="Forms">
        <forms loginUrl="default.aspx" name="TSWAAuthHttpOnlyCookie" protection="All" requireSSL="true" />
    </authentication>
-->.
.
.
<system.webServer>
<!--    <modules runAllManagedModulesForAllRequests="true">
      <remove name="FormsAuthentication" />
      <add name="RDWAFormsAuthenticationModule" type="Microsoft.TerminalServices.Publishing.Portal.FormAuthentication.TSDomainFormsAuthentication" />
    </modules>
    <security>
        <authentication>
            <windowsAuthentication enabled="false" />
            <anonymousAuthentication enabled="true" />
        </authentication>
   </security>
-->
2. Add URL for RDWeb access in Azure MFA server

3. Browse RDWeb page on the client and enter credential

Comments

Post a Comment

Popular posts from this blog

ADFS WAP: How to configure SSO with RDWeb

Image
1.  System Deploy ADFS : th-adfs2012.mfalab3.com ADFS WAP : th-adfs2012wap.mfalab3.com RDWeb : th-rds.mfalab3.com A public IP for ADFS WAP points to ADFS/RDS as well 2.  Setting on ADFS Create a Relying Parth Trust 3.  Setting on ADFS WAP Create WAP Application, Add-WebApplicationProxyApplication -Name 'rdweb' -ExternalUrl 'https://th-rds.mfalab3.com/rdweb/' -BackendServerURL 'https://th-rds.mfalab3.com/rdweb/' -ExternalPreAuthentication ADFS -ADFSRelyingPartyName rdweb1 -ExternalCertificateThumbprint '67D438BDDBB455E53CA83D6F5DEC34CC546F711A' 4.  Setting on RDS Important : Change authentication method to “Windows” https://social.technet.microsoft.com/Forums/office/en-US/999f56fa-a218-41b0-86ee-2845269d93ef/rdweb-authentication?forum=winserverTS 5.  Setting on the Client Computers 6. See how it works
Read more

Collect AzureStack Update Verbose log

Image
The following commands will collect "UpdateVerboseLog". 1. Create a PEP session, in this example $pepsession is the name of established PEP session $pepsession = New-PSSession -ComputerName ercs_ip -ConfigurationName PrivilegedEndpoint -Credential (get-credential) 2. Collect verbose log $log = Invoke-Command -Session $pepsession -ScriptBlock { Get-AzureStackUpdateVerboseLog } 3. Save it to local folder $log > “c:\temp\UpdateVerboseLog.txt” 4. Example
Read more