Re: win2k3 ent with sp2 : configure terminal server to use TLS for server authentication is not work!!
- From: "Anthony [MVP]" <anthony@xxxxxxxxxxxx>
- Date: Sat, 6 Jun 2009 12:18:28 +0100
Jiaqi,
What you are looking for is strong authentication to the server. This is where a username and password is not enough, and you want to restrict authentication to known computers, or some other restriction: client certificates, smartcard etc.
You can add third-party products to strengthen authentication.
Anthony
http://www.airdesk.com
"Jiaqi Li" <lijq82@xxxxxxxxx> wrote in message news:e641f8ac-9826-4827-8619-43a441bcaa19@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Anthony,.
If I can control the server's remote desktop access via the
certificate? or maybe I can make a client certificate to pair the
server certificate ?
In fact, I want to control the computers whose allowable can visit the
server's remote desktop and the computers whose unallowable can't
connect to the server's remote desktop port.
On Jun 4, 9:15 pm, "Anthony [MVP]" <anth...@xxxxxxxxxxxx> wrote:OK, that's good. It was just that previously you had a saved option to
connect without authenticating.
Your question about installing the certificate: this is just a standard
procedure when using private certificates. There is no certificate authority
so the client shows a warning. If you want to avoid the warning you need to
use public certificate authority, or else import the certificate chain. You
can find the details towards the end of that KB, but it is the same for any
certificate and not related to Terminal Services TLS.
Anthonyhttp://www.airdesk.com
"Jiaqi Li" <lij...@xxxxxxxxx> wrote in message
news:641d6682-7342-4db5-ba46-b9685b1eda82@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> when I changed the security option to "no authentication" in the
> remote desktop client, the remote desktop client said "the remote
> computer requires authentication for you to connect. verify the
> authentication settings and try again"
> And when I changed it to "attempt authentication" and " require
> authentication", it's both show a security alert for my win2k3's
> certificate information.
> Now I sure my remote desktop access is enabled SSL, and everything is
> ok.
> and if I can control the server's SSL certificate and just install it
> on the desktop pc which I allow to visit my server via remote
> desktop ?
> On Jun 3, 3:52 pm, "Anthony [MVP]" <anth...@xxxxxxxxxxxx> wrote:
>> Jiaqi,
>> Just assuming for a moment that everything is set up correctly, what
>> happens
>> if you change the Advanced option in the client to "Do not connect if
>> authentication fails"?
>> Anthonyhttp://www.airdesk.com
>> "Jiaqi Li" <lij...@xxxxxxxxx> wrote in message
>>news:18709866-bdc9-445a-8e5b-fd99dd343c3f@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> > Anthony,
>> > I want to protect my windows 2003 remote desktop access via SSL so
>> > configure all thins followed kb895433 and the windows server 2003 >> > ent
>> > with sp2 is a new installation. When I finished everything, I use
>> > remote desktop client to visit the windows 2003 server from a >> > windows
>> > xp pro sp3 without install the server's certificate, and I found
>> > everything is not change, I still can visit the remote desktop and
>> > nothing is different. As I know, if SSL is enable, the remote >> > desktop
>> > float bar will show a SSL lock icon but i found nothing except a >> > float
>> > icon.
>> > On Jun 3, 4:32 am, "Anthony [MVP]" <anth...@xxxxxxxxxxxx> wrote:
>> >> Jiaqi,
>> >> What do you see, and what were you expecting to see, when you >> >> connect
>> >> to
>> >> the
>> >> server?
>> >> Anthonyhttp://www.airdesk.com
>> >> "Jiaqi Li" <lij...@xxxxxxxxx> wrote in message
>> >>news:ad7c2782-58b5-4153-8877-0011c3667f56@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> >> > Dear all,
>> >> > I just finished a new install of a windows server 2003 ent with >> >> > sp2,
>> >> > and followed the kb895433 to configure my win2k3 server to use >> >> > TLS
>> >> > for
>> >> > remote desktop access. But when I finished the configure I found >> >> > I
>> >> > can
>> >> > still access the win2k3 server via remote desktop and no CA
>> >> > certificate is needed.
>> >> > so what's wrong with my server or myself?
>> >> > -Jiaqi
- Follow-Ups:
- References:
- win2k3 ent with sp2 : configure terminal server to use TLS for server authentication is not work!!
- From: Jiaqi Li
- Re: win2k3 ent with sp2 : configure terminal server to use TLS for server authentication is not work!!
- From: Anthony [MVP]
- Re: win2k3 ent with sp2 : configure terminal server to use TLS for server authentication is not work!!
- From: Jiaqi Li
- Re: win2k3 ent with sp2 : configure terminal server to use TLS for server authentication is not work!!
- From: Anthony [MVP]
- Re: win2k3 ent with sp2 : configure terminal server to use TLS for server authentication is not work!!
- From: Jiaqi Li
- Re: win2k3 ent with sp2 : configure terminal server to use TLS for server authentication is not work!!
- From: Anthony [MVP]
- Re: win2k3 ent with sp2 : configure terminal server to use TLS for server authentication is not work!!
- From: Jiaqi Li
- win2k3 ent with sp2 : configure terminal server to use TLS for server authentication is not work!!
- Prev by Date: Re: Outside access to limited data.
- Next by Date: Forcing Process to Run With Ordinary User Authority
- Previous by thread: Re: win2k3 ent with sp2 : configure terminal server to use TLS for server authentication is not work!!
- Next by thread: Re: win2k3 ent with sp2 : configure terminal server to use TLS for server authentication is not work!!
- Index(es):
Relevant Pages
|
