RE: Remote Desktop Connection does not encrypt with ipsec

From: Rex Kremer (rex_at_news.postalias)
Date: 08/25/05 

Date: Thu, 25 Aug 2005 06:31:02 -0700

HI,

i found out that somebody promoted the server to a dc.
I know that authentication traffic during login can`t be secured (with
ipsec) but can i protect the rdc with the ruleset seen below?Or in another
way?
The client hangs when the ip filter (rdc) ist active during login.

regards

"Vincent Xu [MSFT]" wrote:

> Hello,
>
> Based on my test and experience, Your configuration steps are correct. So
> regarding this, please send me a scree shot to show the status on your
> ipsecmon.
>
> To take a screen shot:
> ---------------------
> 1) Press the Pr Scrn key once on the keyboard when the error message
> appears.
> 2) Click Start, go to Run, enter MSPAINT in the open dialog box, and then
> Click OK.
> 3) Use Ctrl + V to paste the screenshot to the canvas.
> 4) From the File menu, go to Save and save it as a JPG file.
> 5) Send the JPG file to me as an attachment.
> My mailbox: v-xuwen@microsoft.com
>
> To verify on the earch whether the data is encrypted, I suggest you use
> netmon to trace the data.
> Network Monitor:
> =======================
> 1. To obtain a time-bombed version of Network Monitor, visit the following
> Microsoft Web site:
> ftp://ftp.microsoft.com/PSS/Tools/NetMon/NETMON2.ZIP
> 2. Download the netmon2.zip file. The password for that zip is "trace" (no
> quotation marks).
> 3. Run the qfesetup.exe file to install Network Monitor on HSMain.
>
> Please send me the capture data. And don't forget the source MAC and Desc
> MAC.
>
> Best regards,
>
> Vincent Xu
> Microsoft Online Partner Support
>
> Get Secure! - www.microsoft.com/security
>
>
> --------------------
> >>Thread-Topic: Remote Desktop Connection does not encrypt with ipsec
> >>thread-index: AcWpTYOvY/isMYd6QP+TWjhgfrKSZw==
> >>X-WBNR-Posting-Host: 212.79.172.242
> >>From: "=?Utf-8?B?UmV4IEtyZW1lcg==?=" <rex@news.postalias>
> >>Subject: Remote Desktop Connection does not encrypt with ipsec
> >>Date: Thu, 25 Aug 2005 01:18:03 -0700
> >>Lines: 28
> >>Message-ID: <B94A3101-08C1-41E9-9986-21095901FA75@microsoft.com>
> >>MIME-Version: 1.0
> >>Content-Type: text/plain;
> >> charset="Utf-8"
> >>Content-Transfer-Encoding: 7bit
> >>X-Newsreader: Microsoft CDO for Windows 2000
> >>Content-Class: urn:content-classes:message
> >>Importance: normal
> >>Priority: normal
> >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >>Newsgroups: microsoft.public.win2000.security
> >>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.win2000.security:14984
> >>X-Tomcat-NG: microsoft.public.win2000.security
> >>
> >>Hi,
> >>
> >>I would like to encrypt the rdc connection for terminal services with an
> >>ipsec connection to make it more secure.
> >>
> >>I have set up a Policy on the terminal server (request security) with an
> ip
> >>filter
> >>my ip adress -> to any
> >>tcp -> port 3389 to any
> >>and the rule is mirrored.
> >>It uses Kerberos Authentication.
> >>The server is only a terminal server (Windows 2000) and not a domain
> >>controller.
> >>
> >>I have configured the client (WIn XP) with the client respond only
> security
> >>policy.
> >>When I am connecting from the client to the server ipsecmon shows no
> >>encryption at all.
> >>
> >>For testing i have configured the policy on the server that all traffic
> >>should be encypted and it works fine.
> >>
> >>What went wrong in my configuration?
> >>
> >>regards
> >>
> >>
> >>
> >>
>
>