Hi all,
Single server 2012, session host, Web access, gateway solution.
Session host is set up with one collection, 6 published apps. RD Gateway is defined, same certificate has been defined and used for all 4 uses... of *.domain.com (external cert) - domain.com is domain name internally and externally.
Everything works fine internally.
I have followed this guide http://www.isaserver.org/tutorials/Microsoft-Forefront-TMG-Publishing-RD-Web-Access-RD-Gateway-Part2.html to publish via TMG 2010.
The guide in question using KCD auth.... in 2012, the IIS path RDWeb\Pages\en-us seems to be locked to Forms auth only - meaning that KCD cannot pass through.
Since i have not been able to find any official documentation on setting up RDGateway in 2012 - i have tried a few combinations.... FBA at TMG, but agaib, because forms based is locked at the back end - the user is prompted again - so the only remaining option is pass through, which seems to still prompt again when making to connection to the session host - which is what KCD was meant to avoid.
Additionally, if i bypass TMG and publish straight through (with "No delegation, but client may auth directly") - then because of the lack of 2 factor support within RD Web - i can no longer utilise any 2FA solutions (i remember that was a requirement in 2008R2 - i was hoping it would be done more like the OWA 2FA integration this time - but there's no doco around suggesting that)
What is the supported method of publishing this solution via TMG to ensure one logon only (even if that logon is a 2FA logon) ?