Clientless VPN - ActiveX Problem.

Soeren Rosiak · ‎05-30-2012

Hi there.

We got a problem with our ASA 5500 series(In this case 5510). ASA Version 8.4(4)1.

Using Internet Explorer(IE8, 9 10, all fully updated) the users can connect to the SSL VPN and connect to some specific bookmarks(Server 2003 RDP).

However they cannot connect to some of the other bookmarks(Server 2008 & R2).

When we add the portal to the "Trusted Sites" in IE suddenly the user can RDP to every bookmark? If we remove the site from trusted sites after you have been connected it still works?

Or if we turn the UAC off, connect to the portal we can access all bookmarks, and even when we turn it off again we still can access the booksmarks?(Without adding the sites to "Trusted Sites")

I'm aware of this:

https://supportforums.cisco.com/thread/2148408

And have faced this problem too, but that got fixed after we updated the ASA version.

We'r not using JAVA cause of the lack of fullscreen.

It is a big problem if we have to guide every user to add the site to the trusted sites.

Just tested this post, https://supportforums.cisco.com/message/3649326#3649326 still doesn't work.

/Thanks for your time.

Soeren Rosiak · ‎09-24-2012

This problem has not been resovled yet, any help is much appreciated.

Javier Portuguez · ‎09-24-2012

Hi Soeren,

Just curious, does your ASA have the latest RDP plug-in?

Terminal Service client plugin for ASA.

rdp-plugin.120424.jar

http://tools.cisco.com/squish/82238

Thanks.

Portu

Soeren Rosiak · ‎09-25-2012

Hi Portu.

Thanks for your input.

Yup the RDP plug-in is up-to-date!

I'm suspecting some kind of setting in the Server 2008.

/Søren

Javier Portuguez · ‎09-25-2012

Hi Soeren,

I appreciate the input.

Is there any sort of load-balancing or Remote Desktop Connection Broker?

Does the direct client work?

Does it work on other Web browsers?

Thanks.

Portu.

Please rate any helpful posts.

Message was edited by: Javier Portuguez

Soeren Rosiak · ‎09-26-2012

I have tryed a setup with a LB in front of the system and without the LB, the result is the same.

Works perfect with Java but doesnt have the fullscreen as in Active X.

I get the same results with IE 8, 9, 10. Using a Windows 7 Client(And Windows 8).

Just tested it from a Windows XP Pro problem does NOT appear here(IE8, IE9).

Javier Portuguez · ‎09-26-2012

Hi,

Just to recap, if you add the ASA to the "Trusted" sites, everything works as expected?

Thanks in advance.

Soeren Rosiak · ‎09-27-2012

Correct.

A have a dozen of 2008 R2 servers i have tested it with. Without "Trusted Site" the client cant rdp to them, with "Trusted Site" it works right away. RDP to 2003 servers works right away even Without "Trusted Site". For sure it does not sound logical.

Somehow this problem seem to have effect on Server 2008R2 with "Remote Desktop Services" installed. I just tryed with some "normal" Server 2008R2 servers with "normal" roles installed, Print, DC, File etc. Here i can connect to the server without "Trusted Site".

jharris2006 · ‎01-17-2013

Soeren,

I have the same exact issue you've listed here. I have a few server 2008 R2 servers and the only one with terminal services role installed wont allow me to connect with the active x plug-in without adding the sslvpn url to the trusted sites list.

I'm able to connect fine to all the windows 2008 R2 servers without remote terminal services installed.

Testing from a windows 8 box.

Have you been able to find a resolution?

Soeren Rosiak · ‎09-05-2013

Hi jharris.

Nope, still haven't found a resoloution have you?

We'r still running 8.4(4) so i don't know if this issue have been adressed.