Inside the Remote Web Workplace - Part I
In this first part of a two-part series, Justin Crosby gives an overview of the SBS 2003 Remote Web Workplace (RWW). This article explores the functionality and basic workings of RWW, and is appropriate for both end users and new SBS admins. Part II will delve in-depth to look at the underlying architecture and advanced troubleshooting.
What is the Remote Web Workplace?
The Remote Web Workplace (RWW) is a dynamically updated web site that provides a single, simple, secure, and consolidated entry point for remote users to access SBS features. It empowers external SBS users by providing one place from which all relevant features of SBS, such as Outlook Web Access and the user’s desktop, can be accessed from outside the network firewall. This feature is only available in SBS 2003.
Remote Web Workplace – Logon Page
When users navigate their browsers to the Remote Web Workplaceweb site, they are first presented with a forms-based authentication logon page. Users are required to enter a valid domain user name and password. The page does not request the domain name; during the authentication process, the existing SBS domain name will be forwarded with the user’s log on credentials. The logon page also contains a connection speed drop-down menu that allows the user to configure the connection speed for the session, and subsequently set performance options within the site. This menu will be set to Broadband by default. The options available to the user are:
Modem (28.8 Kbps)
Modem (56 Kbps)
Broadband
Small Business Network
The connection speed drop down controls the following settings:
Connection Speed |
Terminal Server Performance Option |
Outlook Web Access Mode |
Modem (28.8k) |
Enable Bitmap Caching |
Basic |
Modem (56k) |
Enable Themes and Bitmap Caching |
Basic |
Broadband |
Enable Show contents of windows while dragging, Menu and window animation, Themes, and Bitmap caching |
Premium |
Small Business Network
|
Enable Desktop background, Show contents of windows while dragging, Menu and window animation, Themes, and Bitmap caching |
Premium |
During the rendering of the logon page, Internet Explorer’s credential cache is cleared. This is done to prevent conflicts with any existing cached credentials and sites on the server, such as OWA, which may use NTLM credentials.
Public or Shared Computer
On the logon page you will see a checkbox entitled “I’m using a public or shared computer”. This checkbox controls two settings, connection manager download and idle timeout value. If this box is checked you will receive the following error if you attempt to download connection manager.
Leaving this box checked will configure the idle timeout to 20 minutes. Un-checking this box will extend the timeout to 120 minutes. This box is checked by default. For more information on RWW idle timeout please read the next section.
Time Out
If there is no action from an external user after a set period of time (Default: 10 minutes), the session will time out and the user will have to log on again in order to use the site. On an internal SBS client computer (Uncheck I’m using a public or shared computer), the timeout is set to 20 minutes to allow for longer uninterrupted sessions in order to prevent losing established remote desktop connections or e-mail in progress. One minute before expiration, users are prompted to confirm to continue the session with a pop-up Yes/No window. This window appears above all others, and remains displayed for one minute.
If the user does not respond after one minute, the pop-up window will disappear, and the user will be signed out. If the user selects No, the user is signed out. If the user selects Yes, the timer is reset to its internal or external limit appropriately.
Loading Page
After logging on, the user is presented with a blank page that has the text Loading… centered on it until the appropriate page (Knowledge Worker or Administrator Web Page) is loaded. The page is chosen based on the user credential. Non-administrators are redirected to the Knowledge Worker Page, while Administrators are redirected to the Administrator Page.
Expired Password
If it is determined that the user must change his/her password upon logging on to the site (for example, the password has expired or set to User must change password at next logon), the logon page will present an error message to the user. It will be followed by four text boxes: User name, Old password, New password, and Confirm new password. By default, the user’s logon name is automatically entered in the User name field.
Knowledge Worker Page
Once a normal user (non-admin) has logged in they will be presented with the knowledge worker page. This page provides the user with a gateway to all of the resources of the SBS server. This page is dynamically built based on the server’s current configuration. This means that the list is tailored to your server and may not completely match the list below. In the RWW follow-up blog post we will go in-depth into what causes each link to appear.
Links:
Read my company e-mail Use Outlook Web Access to manage your company e-mail |
This link is only shown if Outlook Web Access (OWA) is installed and published. It opens OWA within the RWW frame. The logged on user’s credential is forwarded to the OWA site. This is implemented by sending a POST message directly to OWA that contains the logged on user’s user name and password, bypassing the OWA logon page. If the credential passed fails on the OWA authentication, the user is presented with the OWA logon page. |
Connect to my computer at work Work on your computer desktop just as you do in the office |
This link opens the Computer Selection page that is populated with a list of all client computers on the network that are running Windows XP or above. If there is a user-to-computer mapping (%systemroot%\Inetpub\ClientSetup\usermap.txt) available, the known user’s computer will be selected by default from the list. Otherwise the user will have to manually select his/her workstation from the list of available computers. Once a computer is selected, a terminal session to the computer will open in the same IE window. The credentials the user specified in the Connect as field will be used to establish connection with the selected workstation. The TS connection will be closed if the user clicks either the Main Menu or Log Off link. This link will only be displayed if there is at least one computer running Windows XP or above on the network. |
Connect to my company’s application-sharing server Use shared company software, such as an application specific to your type of business. |
If there is an additional Terminal Server on the network running in Application Sharing Mode, and the logged on user is a member of the TS Application Sharing group. Then the Remote Web Workplace page will display a link to the secondary Terminal Server. The credentials the user enters in the Connect as field will be used to establish the session with the Terminal Server. The functionality will be the same as the TS-to-client feature discussed in the previous section. |
Use my company’s internal Web site View, create, and edit documents and announcements on the site. |
This link is shown if SharePoint is installed and published. It opens Companyweb within the RWW frame. Users will always be prompted for user name and password if they are accessing SharePoint outside of the Small Business Server network. To determine if SharePoint is installed, the following registry key is checked: HKLM\Software\Microsoft\SmallBusinessServer\Intranet\STSVersion (REG_DWORD). |
View Server Usage Report Examine how server resources are being used in your business. |
If the user is a member of Usage Report Users group, and the Monitoring web site is published, the View server usage report link is shown. This link provides the business owner a way to monitor how the server is being used while away from the office. Upon clicking the link, the Usage Report is opened within an RWW frame. |
Download Connection Manager You can download Connection Manager and use it to remotely connect a computer to your company’s network. |
This link downloads sbspackage.exe to the computer accessing RWW. When you run this program it will automatically create a VPN connection object that the user can use to VPN into the SBS network. This link only appears if the RRAS wizard has been run on the SBS server. You must be logged in with a private computer to be able to use this link. |
Configure your computer to use Outlook via the Internet Learn how to configure Outlook on your remote computer to connect via the Internet to Windows Small Business Server. |
This link opens step-by-step instruction on how to configure RPC over HTTP in remote Outlook 2003 clients. This link is only available if you enabled the “Outlook via the Internet” option in the CEICW. |
View Remote Web Workplace Help Learn more about the Remote Web Workplace. |
This link opens Client Help within the same IE window and points to the Remote Access Chapter. |
Administrator Page
The Administrator Web Page is shown to all users belonging to the Domain Admins group. All possible links, grouped into Administrative Tasks and Additional Links, are available to administrators from this page.
Links:
Connect to Server Desktops Access server desktops within the network |
This link is always shown on the Administrators Page unless the administrator manually alters the registry to turn it off. It will link to the Computer Selection page populated with a list of servers in the SBS network, including the SBS server itself. The SBS server is selected from the list by default. This feature is similar to connecting to the client desktop as described earlier. |
Connect to Client Desktops Access client desktops within the network |
This link opens a Computer Selection page in the same IE window from which a client computer is selected. Once a computer is selected, a TS connection to the computer will open in the same IE window. Credentials are forwarded to open the TS connection for the user. If the user selects the Connect as check box, it will function in the same manner as the other TS connections described earlier. This link is only displayed if there is at least one computer running Windows XP and it is not a server. |
Monitor Help Desk View a current list of issues for the networks |
This link launches the SharePoint Help Desk in the same IE window so that the administrator can examine the issues on the network. User credentials will be forwarded to the SharePoint site. If SharePoint is not installed or published, the link is hidden. |
Administer the company’s internal Web site Edit, modify, and maintain the site |
This link launches the SharePoint Administration page in the same IE window so that administrators can make changes to the SharePoint sites. Users will always be prompted for user name and password if they are accessing the SharePoint outside of the Small Business Server network. |
View server performance report View the most recent list of critical alerts, event log messages, and performance counters |
This link allows the administrator to view the latest Performance Server Status Report (SSR) in the same IE window. User credentials will be forwarded to the Monitoring folder. |
View server usage report View how server resources are being used. |
This link allows the administrator to view the latest Usage Status Report in the same IE window. User credentials will be forwarded to the Monitoring folder. |
Additional Links
Use Outlook Web Access Use Outlook Web Access to manage your company e-mail |
Download Connection Manager This link begins a download of the Connection Manager software to the client. |
Provide Remote Assistance Learn how to offer your client desktops Remote Assistance. |
Configure your computer to use Outlook via the Internet Learn how to configure Outlook on your remote computer to connect via the Internet to Windows Small Business Server. |
View Client Help Learn more about the Remote Web Workplace. |
Ask the Community Redirects you to the SBS Community Web site at https://www.microsoft.com/windowsserver2003/sbs/community/default.mspx. |
Remote Computer Selection
After the users select to connect to their computer desktop, they will receive the Computer Selection page. Depending upon the link selected, the list on this page will contain a different set of computers:
· Connect to my computer at work/Connect to Client Desktops
All SBS client computers that are running Windows XP or above. This list does not include servers and the computer from which the RWW is being accessed.
· Connect to Server Desktops
All Windows 2000 or 2003 servers.
· Connect to my company’s application-sharing server
All Windows 2000 or 2003 servers that are running TS Application-Sharing mode.
Before the page loads, the browser attempts to download theMicrosoft Remote Desktop ActiveX Control, if it is not already present on the client. If the client cannot download the ActiveX Control, the user is returned to the main menu and presented with the following error message:
This portion of the Remote Web Workplace requires the Microsoft Remote Desktop ActiveX Control. Your browser’s security settings may be preventing you from downloading ActiveX controls. Adjust these settings, and try to connect again.
The Connect button will be unavailable (dimmed) until a client is selected.
As the TS session is established, the message Connecting… will be displayed in the center of the page. Unless full screen is used to connect to the remote desktop, it is rendered in the same IE window.
Users will need to install the following ActiveX control to use this feature of the RWW.
Once you successfully log onto your local client you screen will look similar to this:
TS Proxy
In order to allow a remote desktop connection to a client computer through Remote Web Workplace, TS Proxy is used to forward TS requests through a firewall on TCP port 4125, in essence keeping the connection alive. Once the connection is established on port 4125, the traffic is then redirected to another dynamically allocated port. All subsequence traffic will flow through the new port at the server to the client at port 3389.
TS Proxy Connection Flow:
- User initializes a remote desktop session to an internal server through the RWW.
- The ActiveX control on the user’s machine makes a connection to the SBS server on TCP port 4125
- The RDP Proxy on the SBS 2003 server makes a connection to the internal client on TCP port 3389
--- Justin Crosby
Comments
Anonymous
January 01, 2003
PingBack from http://www.alfaowner.com/Forum/way-off-topic/138032-calling-all-computer-geeks-2.html#post2098989Anonymous
January 01, 2003
PingBack from http://www.hilpers.it/2748568-chiarimento-su-rww-e-rdpAnonymous
January 01, 2003
PingBack from http://www.keyongtech.com/5001500-rww-password-expired-promptAnonymous
January 01, 2003
[Jim Martin weighs in this week with a deep technical dive of RWW. This is the second part of the series.Anonymous
January 01, 2003
I was browsing the Official SBS Blog when I came across this. If you do not understand what the settingsAnonymous
January 01, 2003
PingBack from http://gisselle.newscontentguide.info/vistamappingscripttojoinsbsdomain.htmlAnonymous
January 01, 2003
SBS Remote Desktop Connection at Rage on Omnipotent: http://www.raggett.net/wordpress/2008/05/21/sbsAnonymous
January 01, 2003
The SBS blog gives a deep dive (with pictures even) of the innards of the Remote Web Workplace.
If you...Anonymous
January 01, 2003
So "Sky in Falling" Susan is here with the risk of 06-040 KB921883 recap:
Here's what we know.. the...Anonymous
January 01, 2003
When you log onto your Remote Web Workplace, that screen at the bottom that says what connection speedAnonymous
January 01, 2003
PingBack from http://systemcenterforum.org/deja-vu-remote-web-workplace/Anonymous
January 01, 2003
SBS Remote Desktop Connection at Rage on Omnipotent: http://www.raggett.net/wordpress/2008/05/21/sbsAnonymous
January 01, 2003
In this first part of a two-part series, Justin Crosby gives an overview of the SBS 2003 Remote Web WorkplaceAnonymous
January 01, 2003
Na blogu The Official SBS Blog powstała pierwsza część obfitego materiału na temat Remote Web Workplace...Anonymous
January 01, 2003
When you log onto your Remote Web Workplace, that screen at the bottom that says what connection speedAnonymous
January 01, 2003
[Jim Martin weighs in this week with a deep technical dive of RWW. This is the second part of the series.Anonymous
January 01, 2003
PingBack from http://www.mcseboard.de/windows-forum-ms-backoffice-31/rww-server-2003-a-129389.html#post792952Anonymous
July 25, 2006
Great tutorial on RWW, looking forward to Part II.Anonymous
July 27, 2006
I don't know if you can point out what we're missing? I've noticed other people have blogged about the other features in RWW that I simply do not see.
At the moment using an admin account I get the option to connect to servers or desktops. Using a user account I can only see the option to connect to desktops, use OWA and download the connection manager.
Has there been an update for RWW? SBS SP1 has been applied to the server.Anonymous
July 27, 2006
Argh. Must learn to read posts... before asking silly questions.
Ignore the above post.Anonymous
July 27, 2006
This is a very good stuff on SBS 2003 RWW.
Looking forward for part-II of RWW.Anonymous
August 01, 2006
on sbs2003 sp1 premium "Connect to my company’s application-sharing server" and "Use my company’s internal Web site" is missing. ideas why?