One of our customers is using a Citrix NetScaler appliance for SSL VPN capabilities for remote users. I tried to start an application (RDP Client) through this SSL VPN solution, but I couldn’t succeed. I was able to login and I would see all the published applications, but when executing one, I received the following error message:
The remote session was disconnected because there are no Terminal Server License Servers available to provide a license. Please contact the server administrator.
So I did contact customers system engineers, because I thought the problem was related to the customers Terminal Server License Server environment. I thought this, because I was still able to use SSL VPN solutions from other customers. They couldn’t find any solution for my problem and that’s correct.
The solution for the problem is found on my own laptop. I stumbled upon this TechNet article. I opened my registry and deleted the following folder and subkey:
This did the trick. I was able to execute the published applications again without any problem after rebooting my laptop.
Today I tried to configure a JavaRDP as fallback Terminal Services method on the Juniper SA appliances. It took me some time and with help of my colleague, I finally got it working. Even with Single Sign On to the Terminal Server.
First of all, you need to upload a new Java applet. The Java applet I use can be downloaded here:
I use the JavaRDP provided by Elusiva. After uploading the JavaRDP applet I created a custom HTML page for the JavaRDP applet, like shown below:
<title>Booches RDP Applet</title>
<meta http-equiv=”Content-Type” content=”text/html; charset=iso-8859-1″>
1) << CODEBASE >> is a system value that will get replaced at the time the applet is launched. Please do not modify this value.
2) Please modify the remaining values as needed.
3) Please make sure all attribute names/values are enclosed in double quotes.
codebase=”<< CODEBASE >>”
name=”Booches RDP” align=”top”>
<param name=”code” value=”com.elusiva.rdp.applet.RdpApplet.class”>
<param name=”codebase” value=”<< CODEBASE >>”>
<param name=”archive” value=”JavaRDP14-1.1.jar”>
<param name=”cabbase” value=””>
<param name=”name” value=”Booches RDP”>
<param name=”width” value=”1024″>
<param name=”height” value=”768″>
<param name=”align” value=”top”>
Please specify additional params here after the comment.
<param name=”paramname” value=”paramvalue”>
<param name=”Server” value=”<<HOST>>”>
<param name=”Port” value=”<<PORT>>”>
<param name=”Username” value=”<<USER>>”>
<param name=”Password” value=”<<PASSWORD>>”>
The solution works like a charm!!!
Normally configuring SSO on a Terminal Server in conjunction with a Juniper SA isn’t that hard. On the Juniper you pass the user credentials to the Terminal Server. On a normal Terminal Server you have to check the following:
Disable Always prompt for password under:
Terminal Services Configuration –> Connections –> Properties of RDP-tcp –> Tabblad Logon Settings
On a Terminal Server, which is member of a Windows Domain, you have to check the following Group policy:
Disable Always prompt client for password upon connection under:
Computer Configuration –> Administrative Templates –> Windows Components –> Terminal Services –> Encryption and Security –> Policy “Always prompt client for password upon connection”
Now I had to configure Single Sign On to a Terminal Server where the Novell Client is installed. As soon as I pushed the user credentials to the Terminal Server, I noticed that the RDP session tries to logon as Workstation only. I found a nice thread on the Novell website to Enable TSClientAutoAdminLogon.
I added the following two registry keys to the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login Value Type=REG_SZ, Name=TSClientAutoAdminLogon, Data=1 Value Type=REG_SZ, Name=DefaultLoginProfile, Data=Default
I am able to logon to the Terminal Server using SSO after adding both registry keys to the registry. All registry entries under HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login are displayed in the picture below.