I have just configured a ASA5505 running 8.2.2 as a webvpn server for clientless VPN connections.
I need to setup a particular bookmark for a RDP session which forces the use of the java client for those who can't seem to get the ActiveX control working for some reason or another (virus scanners/firewalls/scerutiy policies etc).
I created a bookmark as follows, but it always tries to connect with the ActiveX control first when logging on from an IE client.
Is anyone able to shed some light on this for me.
Which rpd plugin did you use? There are two flavors ... rpd and rdp2 AFAIR. Both behave differently.
Also which versions.
I would like to know this as well.. the activex control almost never works.. it crashes or hangs. The java one seems to always work.. We would like to disable the activex part for all connections, not just something in a special bookmark.
The plugins can be ancient. I will run it by management tomorrow I should normally be able to post the latest plugin versions we have on the forums ... no guarantee.
The RDP plugin is based of of the properJavaRDP project http://sourceforge.net/projects/properjavardp/files/ which appears to have not been updated since 2007.. This probably has something to do with it.
I understand that the plugin is quite old and may not have been updated in a while, but in the scenario I am setting the
ASA up for, we need the option to force the use of the java client only.
The documentation says the following in the Cisco ASA 5500 SSL VPN Deployment Guide, Version 8.x
The parameters available for the ActiveX client used by Microsoft Internet Explorer include:
•RedirectDrives—Set to true to map remote drives locally.
•RedirectPrinters—Set to true to map remote printers locally.
•FullScreen— Set to true to start in FullScreen mode.
•force_java—Set to yes to force the Java client.
An intermediate window opens, then a client popup window. Please don't close the intermediate window, or return to the main page until your work is finished, otherwise the popup window closes.
Step 4 Enter the user credentials if they are required, and ensure the plug-in connects to the terminal server.
The plug-in supports both Microsoft ActiveX control and Java modes. The security appliance first tries to start the plug-in using ActiveX, used by Microsoft Internet Explorer. If ActiveX fails, Java, used by Mozilla Firefox, starts the plug-in.
I have tested with both RDP and RDP2 and I still get the same results.
The plugins were downloaded from the Cisco website monday this week, so they are release 1.1.1
Has anyone been able to bypass the activex control and force the use of the java version?
Dale and David,
Well those are the latest RPD plugins I have access to.
It looks to me like this functionality is beyond what Cisco can do - ie. we only create a wrapper for native plugin.
With all due respect Marcin that is like saying you can't support Anyconnect and WebVPN because they are based on OpenVPN.
Cisco bundles the properRDP plugin and even hosts wrapped files.. When you have finnaly updated the rest of the WebVPN and AnyConnect to support Windows 7 and 64bit platforms I can't understand how you can still bundle a RDP plugin that barely works with Vista and 2003 server and rarely works with anything newer.
You might want to talk to your sales reps since they bill these as Features and now most of your documentation states you support modern OS like windows 7 which comes with IE 8 and does not work at all with the activex part of that plugin.
AC's and Webvpn's functionality is based on openssl and RSA toolkit and yes we support it to full extend, including bugs that are not in our code.
If you have problems with getting some of the plugins to work please open a TAC case - that's why you do have the support contract in the end :-)
We will definetly check if the fault is on our side or if there is something that can be done on our side.
As noted the plugins have been updated ages ago, I'm not even sure if windows 7 or IE 8 was out then, maybe there's already something new brewing.
Just thought I would update this thread.
I have figured out how to force the java client. I found the fix whilst trawling google for some other info and came across the following webpage
This has the correct syntax for forcing the java client.
The correct option should be
Instead the cisco website and all Cisco documentation lists it incorrectly as
I hope this helps some other people who were having issues with the activeX client and wanted to force the use of the JavaClient.
It was correct on the on screen help in my device.. however it depends on the user adding that to their URL, when activeX is always failing it would be much better to be able to disable it for all connections.
I am having the same problem. Also having screen size issue. Annoying that they advertise a product that in reality is useless. The Java window is SMALL. What RDP pluging did you get this to work with? I have TAC case open but the engineer is "getting back to me". Thanks in advance.
Given the massive amount of user confusion this plugin causes I would suggest just using smart tunnel and the REAL RDP Client.. You can create application specific client filters for both the Windows RDP client and Microsofts Official Client on Mac, it works rather well..
If you have to support Linux, I guess you are going to need this plugin...
I have had this same issue and it is related to an Active X update that Microsoft released. The number is KB2695962. If you uninstall this update, the Active X component should work. At least it has with the 5 or so vendors that I have, that have tried it. Also, if you use Chrome or Firefox, it works without any issues. It is related to a security issue that Microsoft found with Active X.