Terminal Services (With Originating Name Of Client PC) Within Terminal Services...
RaYvA@SWIFTEL
background: We are a small health insurance fund that, whether fortunate or
not, has a number of dependancies on outsourced IT service providers. Not
withstanding the Fund's desire to reduce their internal dependance on
technological knowledge and know how (whoo be to us!), none of the currently
selected partners quite appreciates what the other does, or how they operate
(yes it's quiet an interesting environment and yes there is a lot of work to
be done to create this awareness). But we currently have an opportunity
that may interest some...
Our core business systems are delivered to us via a Remote Desktop
Connection that is hosted at Technology Partner A (TPA). Currently, we use
a mixture of W2K & XP desktops, using whatever technology is available on
these platforms to create an RDP session into TPA (mstsc of varying versions
whatever was on the release of Windows @ the time the PC was installed is
used. There has been no harmonisation across the enterprise) where 90% of
our users spend 90% of their productive time. That is TPA deliveres a
BUSINESS CRITICAL service onto our desktops via Terminal Services sessions.
Technology Partner B (TPB) provides support and guidance of the
infrastructure used to access TPA's applications (including other misc
services such as Internet & Exchange management etc but these services are
periforary compared to TPA's services - although TPB would like to argue
otherwise!).
Oh, yeah, Technology Partner C (TPC) manages the security of our
infrastructure, including branch access to both the corporate network
(NETBIOS over TCP/IP only) and to the TPA partner (T/S sessions only port
3whatever) but they are unable to provide access to our Corporate Intranet
(because its on port 80! Go figure - well its not that difficult to setup
and misunderstand the value of your VPN hardwareis it, OH we have a lot of
VPN hardware too, just not configured correctly but thats another story! Oh
I digress, that's me wondering about the ineptitude of people behind the
reasoning for this happenstance) TPC is almost very peripharory at this
stage...
The application delivered by TPA REQUIRES the "Client Name" of the computer
connecting to TPA's services in order to determine where and what the Client
Computer (Not the user, the user is invariably restricted by the computer
they are using) is allowed to do, for example what printers are available
to them, whether they are allowed to print cheques, what cheque numbers
(which are preprinted) they are allowed too/should print on & @ what
printer, do they have a Till with cash in it, what is the float of the Till,
does the transaction affect the float in the Till etc etc...For those in the
retail financial services/retail banking/retail industries this may be
familiar.
TPB (ifrastructure) suggested that we host our corporate branch sessions (ie
to the Corporate Network) within Terminal Services due to difficulties with
the services that TPC provides (ie unable to access Intranet), that is our
branches have access to our corporate network and not the intranet as
previously informed). If we do that, then connecting to our Terminal
Services Farm which allows access to our intranet does not allow access to
the services (with mstsc at least) provided by TBA (our core systems)
because the originating client name is not passed onto the TBA systems, only
the Client name of our Terminal Server is passed which passes its own name
instead......confused, yeah no wonder.
That said...I want all of our organisation to be on Terminal Services, Head
Office/Branch/Partner/Remote/Whatever, but I am unable to use the Microsoft
RDP client because I am unable to use the Client Name of the originating PC
to masqurade as the the Client Name within a Terminal Services Session
(using mstsc that is).
I am able to us the name of the originating client passing an environment
variable called %ClientName% (I think but I am at home right now and am
somewhat invariable!) with a RDP client named properjavaRDP, which is an OSS
GNU GPL'd product using the switch " -n 'override the name of the client
machine'", so for example "javaw net.propero.rdp.Rdesktop -g 800x600 -l WARN
TPA -N %CLIENTNAME%. %CLIENTNAME% is a session variable that is created
when an RDP session is established to an W2KX server from a client. This
works! Great! Terrific! Horrah! Except....
TPB, who has successfully infultrated our organisations with the likes of
SQUID (because they are unable to get our licensed version of ISA Server
working) have no confidence in using an OSS GNU product!! Go figure!
So my question, is there a way to pass the originating Client Name, of the
Originating Session onto subsequest sessions of the Remote Desktop (RDP)
Chain, knowing that the %ClientName% session is passed to the first session!
Help!!!!!
Christian Lloyd
information. You can get a Terminal Server to pass-through the username
rather than the clientname to an application. This behaviour is designed for
this kind of situation where an application needs a unique identifier, and
normally uses clientname (which as you know doesn't work very well in a TS
environment).
In your situation though, the app is already using clientname, and it may
mean a re-jig of your critical apps, which is never nice. And TPA might not
like it either. Also it doesn't tie things to physical machines, which you
seem to need due to cash drawers etc. So it might not help at all.
Anyway, the info might be useful and you can find the details in this article
http://support.microsoft.com/?kbid=186499
RaYvA@SWIFTEL
When I first identified this issue a few months ago, I did a fair amount of
research into the number and providers of RDP clients available which is
where I found the OSS properjavaRDP client.
Notwithstanding a few minor problems with this client, and I did have to
rewrite a portion of it due to difficulties with its handling of Num & Caps
Lock (Ah the benefit of OSS!), it was the only one I could get to work to
pass thru the originating Client PC's name, as you picked up for cash draw
(Till's) cheques etc etc this is a very important point for both our company
and any other in the retail financial services industries.
During my time researching how I could achieve this, I did test a program
called HOBLINK JWT (amongst others), although I tested the Enterprise
version, not the standard version, and I did have numerous emails to/from
their tech support in relation to this matter in which they told me the
product could do what I required, but with no explanation as to how....
Anyway's, today, I installed their Standard product version 3.1, and within
30 minutes deciphered the manual and was able to pass the originating Client
PC name onto the session hosted by TPA!
Great! Now all I need to do is sort out the actual communications lines
between the technology partners and we may be able to move on!
Again, thanks for your mesage, it was appreciated.
Cheers & Thanks
"Christian Lloyd" <Christi...@discussions.microsoft.com> wrote in
message news:33AE3E0A-F7CC-4E42...@microsoft.com...