Solved

Why do my installed SSL Client Certificates show up when I log into a profile locally but they do not when I log into the profile remotely through terminal services?

Posted on 2008-06-25
7
202 Views
Last Modified: 2010-04-21
Here's the scoop: I just installed SSL Client Certificates for a profile on my server. When I log into the profile locally, the certificates show up. When I login remotely through terminal services, they don't.

To give some background, I have police laptops that remote into a server with locked down profiles using 3G air cards plugged into toughbooks. Once logged into the server, they access their database and are able to surf to a list of whitelisted websites in IE6.

One particular website uses SSL security certificates to verify client identities. When I go to this particular website, using the same profile, the certificates work fine when logged in locally but don't show up when logged in remotely.

Any guidance on what security settings are causing this and how to fix this?
0
Comment
Question by:malatex
  • 4
  • 3
7 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 21869433
When you say "when logged on locally," do you mean logging on to the terminal server directly using the user's name and password?  How do you have the profiles set up for TS users, using roaming profiles or just local profiles on the TS?
0
 

Author Comment

by:malatex
ID: 21869951
I'm almost positive they are just local profiles on the TS. Since we aren't running a VPN I'm not sure that roaming profiles would even work. I apologize for my ignorance as I'm a tech doing admin work that is kinda' outside of my current skill set.
0
 

Author Comment

by:malatex
ID: 21869958
Oops... I should add that yes, when I say "logged on locally" I mean physically sitting down at the server and logging on.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 21875082
If they log on to the TS using domain accounts, as opposed to local accounts on the TS, you need to check in the users' properties in Active Directory to see if they have roaming profiles set up.  If they're logging on locally with accounts that are created locally on the TS, then check out their local accounts to see if their profiles are using a different path than the local default (i.e., C:\Documents and Settings, etc.) path.  
0
 

Author Comment

by:malatex
ID: 21876911
The setup is actually using a workgroup as opposed to a domain, as lame as that is. Interestingly enough, while reading your post it occured to me what happened. I forgot that the Police Department is running a terminal server and a separate file server and the user installed the licenses on the file server. I had her remote into the TS using the same login and install a test certificate and it worked fine. Since we have the profiles locked down hardcore, I had to find a way to temporarily disable the group policy settings so I found a program that could do that: http://www.petri.co.il/killpol.htm
Worked like a charm once we found a backdoor to run the program from her flash drive. From there we were able to get the licenses to show and although there are a few quirks still, I seem to have figured out what was going wrong. Thanks a lot for the help and for inspiring a resolution.
0
 

Author Closing Comment

by:malatex
ID: 31470735
I'm not sure what the proper protocol is for this since you didn't actually come up with the exact solution but I gave you partial ratings, A (Excellent) grade for your help.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 21877496
Hey - glad you found the resolution, and thanks for awarding the points!
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question