The official blog for Windows Server Essentials and Small Business Server support and product group communications.
The Remote Web Workplace (RWW) is a dynamically updated web site that provides a single, simple, secure, and consolidated entry point for remote users to access SBS features. It empowers external SBS users by providing one place from which all relevant features of SBS, such as Outlook Web Access and the user’s desktop, can be accessed from outside the network firewall. This feature is only available in SBS 2003.
When users navigate their browsers to the Remote Web Workplace web site, they are first presented with a forms-based authentication logon page. Users are required to enter a valid domain user name and password. The page does not request the domain name; during the authentication process, the existing SBS domain name will be forwarded with the user’s log on credentials. The logon page also contains a connection speed drop-down menu that allows the user to configure the connection speed for the session, and subsequently set performance options within the site. This menu will be set to Broadband by default. The options available to the user are:
Modem (28.8 Kbps)
Modem (56 Kbps)
Small Business Network
The connection speed drop down controls the following settings:
Terminal Server Performance Option
Outlook Web Access Mode
Enable Bitmap Caching
Enable Themes and Bitmap Caching
Enable Show contents of windows while dragging, Menu and window animation, Themes, and Bitmap caching
Enable Desktop background, Show contents of windows while dragging, Menu and window animation, Themes, and Bitmap caching
During the rendering of the logon page, Internet Explorer’s credential cache is cleared. This is done to prevent conflicts with any existing cached credentials and sites on the server, such as OWA, which may use NTLM credentials.
On the logon page you will see a checkbox entitled “I’m using a public or shared computer”. This checkbox controls two settings, connection manager download and idle timeout value. If this box is checked you will receive the following error if you attempt to download connection manager.
Leaving this box checked will configure the idle timeout to 20 minutes. Un-checking this box will extend the timeout to 120 minutes. This box is checked by default. For more information on RWW idle timeout please read the next section.
If there is no action from an external user after a set period of time (Default: 10 minutes), the session will time out and the user will have to log on again in order to use the site. On an internal SBS client computer (Uncheck I’m using a public or shared computer), the timeout is set to 20 minutes to allow for longer uninterrupted sessions in order to prevent losing established remote desktop connections or e-mail in progress. One minute before expiration, users are prompted to confirm to continue the session with a pop-up Yes/No window. This window appears above all others, and remains displayed for one minute.
If the user does not respond after one minute, the pop-up window will disappear, and the user will be signed out. If the user selects No, the user is signed out. If the user selects Yes, the timer is reset to its internal or external limit appropriately.
After logging on, the user is presented with a blank page that has the text Loading… centered on it until the appropriate page (Knowledge Worker or Administrator Web Page) is loaded. The page is chosen based on the user credential. Non-administrators are redirected to the Knowledge Worker Page, while Administrators are redirected to the Administrator Page.
If it is determined that the user must change his/her password upon logging on to the site (for example, the password has expired or set to User must change password at next logon), the logon page will present an error message to the user. It will be followed by four text boxes: User name, Old password, New password, and Confirm new password. By default, the user’s logon name is automatically entered in the User name field.
Once a normal user (non-admin) has logged in they will be presented with the knowledge worker page. This page provides the user with a gateway to all of the resources of the SBS server. This page is dynamically built based on the server’s current configuration. This means that the list is tailored to your server and may not completely match the list below. In the RWW follow-up blog post we will go in-depth into what causes each link to appear.
Read my company e-mail
Use Outlook Web Access to manage your company e-mail
This link is only shown if Outlook Web Access (OWA) is installed and published. It opens OWA within the RWW frame. The logged on user’s credential is forwarded to the OWA site. This is implemented by sending a POST message directly to OWA that contains the logged on user’s user name and password, bypassing the OWA logon page. If the credential passed fails on the OWA authentication, the user is presented with the OWA logon page.
Connect to my computer at work
Work on your computer desktop just as you do in the office
This link opens the Computer Selection page that is populated with a list of all client computers on the network that are running Windows XP or above. If there is a user-to-computer mapping (%systemroot%\Inetpub\ClientSetup\usermap.txt) available, the known user’s computer will be selected by default from the list. Otherwise the user will have to manually select his/her workstation from the list of available computers.
Once a computer is selected, a terminal session to the computer will open in the same IE window. The credentials the user specified in the Connect as field will be used to establish connection with the selected workstation. The TS connection will be closed if the user clicks either the Main Menu or Log Off link.
This link will only be displayed if there is at least one computer running Windows XP or above on the network.
Connect to my company’s application-sharing server
Use shared company software, such as an application specific to your type of business.
If there is an additional Terminal Server on the network running in Application Sharing Mode, and the logged on user is a member of the TS Application Sharing group. Then the Remote Web Workplace page will display a link to the secondary Terminal Server. The credentials the user enters in the Connect as field will be used to establish the session with the Terminal Server. The functionality will be the same as the TS-to-client feature discussed in the previous section.
Use my company’s internal Web site
View, create, and edit documents and announcements on the site.
This link is shown if SharePoint is installed and published. It opens Companyweb within the RWW frame. Users will always be prompted for user name and password if they are accessing SharePoint outside of the Small Business Server network.
To determine if SharePoint is installed, the following registry key is checked:
View Server Usage Report
Examine how server resources are being used in your business.
If the user is a member of Usage Report Users group, and the Monitoring web site is published, the View server usage report link is shown. This link provides the business owner a way to monitor how the server is being used while away from the office. Upon clicking the link, the Usage Report is opened within an RWW frame.
Download Connection Manager
You can download Connection Manager and use it to remotely connect a computer to your company’s network.
This link downloads sbspackage.exe to the computer accessing RWW. When you run this program it will automatically create a VPN connection object that the user can use to VPN into the SBS network. This link only appears if the RRAS wizard has been run on the SBS server. You must be logged in with a private computer to be able to use this link.
Configure your computer to use Outlook via the Internet
Learn how to configure Outlook on your remote computer to connect via the Internet to Windows Small Business Server.
This link opens step-by-step instruction on how to configure RPC over HTTP in remote Outlook 2003 clients. This link is only available if you enabled the “Outlook via the Internet” option in the CEICW.
View Remote Web Workplace Help
Learn more about the Remote Web Workplace.
This link opens Client Help within the same IE window and points to the Remote Access Chapter.
The Administrator Web Page is shown to all users belonging to the Domain Admins group. All possible links, grouped into Administrative Tasks and Additional Links, are available to administrators from this page.
Connect to Server Desktops
Access server desktops within the network
This link is always shown on the Administrators Page unless the administrator manually alters the registry to turn it off. It will link to the Computer Selection page populated with a list of servers in the SBS network, including the SBS server itself. The SBS server is selected from the list by default. This feature is similar to connecting to the client desktop as described earlier.
Connect to Client Desktops
Access client desktops within the network
This link opens a Computer Selection page in the same IE window from which a client computer is selected. Once a computer is selected, a TS connection to the computer will open in the same IE window. Credentials are forwarded to open the TS connection for the user. If the user selects the Connect as check box, it will function in the same manner as the other TS connections described earlier. This link is only displayed if there is at least one computer running Windows XP and it is not a server.
Monitor Help Desk
View a current list of issues for the networks
This link launches the SharePoint Help Desk in the same IE window so that the administrator can examine the issues on the network. User credentials will be forwarded to the SharePoint site. If SharePoint is not installed or published, the link is hidden.
Administer the company’s internal Web site
Edit, modify, and maintain the site
This link launches the SharePoint Administration page in the same IE window so that administrators can make changes to the SharePoint sites. Users will always be prompted for user name and password if they are accessing the SharePoint outside of the Small Business Server network.
View server performance report
View the most recent list of critical alerts, event log messages, and performance counters
This link allows the administrator to view the latest Performance Server Status Report (SSR) in the same IE window. User credentials will be forwarded to the Monitoring folder.
View server usage report
View how server resources are being used.
This link allows the administrator to view the latest Usage Status Report in the same IE window. User credentials will be forwarded to the Monitoring folder.
Use Outlook Web Access
This link begins a download of the Connection Manager software to the client.
Provide Remote Assistance
Learn how to offer your client desktops Remote Assistance.
View Client Help
Ask the Community
Redirects you to the SBS Community Web site at http://www.microsoft.com/windowsserver2003/sbs/community/default.mspx.
After the users select to connect to their computer desktop, they will receive the Computer Selection page. Depending upon the link selected, the list on this page will contain a different set of computers:
· Connect to my computer at work/Connect to Client DesktopsAll SBS client computers that are running Windows XP or above. This list does not include servers and the computer from which the RWW is being accessed.
· Connect to Server DesktopsAll Windows 2000 or 2003 servers.
· Connect to my company’s application-sharing serverAll Windows 2000 or 2003 servers that are running TS Application-Sharing mode.
Before the page loads, the browser attempts to download the Microsoft Remote Desktop ActiveX Control, if it is not already present on the client. If the client cannot download the ActiveX Control, the user is returned to the main menu and presented with the following error message:
This portion of the Remote Web Workplace requires the Microsoft Remote Desktop ActiveX Control. Your browser’s security settings may be preventing you from downloading ActiveX controls. Adjust these settings, and try to connect again.
The Connect button will be unavailable (dimmed) until a client is selected.
As the TS session is established, the message Connecting… will be displayed in the center of the page. Unless full screen is used to connect to the remote desktop, it is rendered in the same IE window.
Users will need to install the following ActiveX control to use this feature of the RWW.
Once you successfully log onto your local client you screen will look similar to this:
In order to allow a remote desktop connection to a client computer through Remote Web Workplace, TS Proxy is used to forward TS requests through a firewall on TCP port 4125, in essence keeping the connection alive. Once the connection is established on port 4125, the traffic is then redirected to another dynamically allocated port. All subsequence traffic will flow through the new port at the server to the client at port 3389.
--- Justin Crosby
[Jim Martin weighs in this week with a deep technical dive of RWW. This is the second part of the series.
PingBack from http://systemcenterforum.org/deja-vu-remote-web-workplace/
PingBack from http://www.mcseboard.de/windows-forum-ms-backoffice-31/rww-server-2003-a-129389.html#post792952
When you log onto your Remote Web Workplace, that screen at the bottom that says what connection speed