Why do my installed SSL Client Certificates show up when I log into a profile locally but they do not when I log into the profile remotely through terminal services?

Posted on 2008-06-25
Last Modified: 2010-04-21
Here's the scoop: I just installed SSL Client Certificates for a profile on my server. When I log into the profile locally, the certificates show up. When I login remotely through terminal services, they don't.

To give some background, I have police laptops that remote into a server with locked down profiles using 3G air cards plugged into toughbooks. Once logged into the server, they access their database and are able to surf to a list of whitelisted websites in IE6.

One particular website uses SSL security certificates to verify client identities. When I go to this particular website, using the same profile, the certificates work fine when logged in locally but don't show up when logged in remotely.

Any guidance on what security settings are causing this and how to fix this?
Question by:malatex
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 21869433
When you say "when logged on locally," do you mean logging on to the terminal server directly using the user's name and password?  How do you have the profiles set up for TS users, using roaming profiles or just local profiles on the TS?

Author Comment

ID: 21869951
I'm almost positive they are just local profiles on the TS. Since we aren't running a VPN I'm not sure that roaming profiles would even work. I apologize for my ignorance as I'm a tech doing admin work that is kinda' outside of my current skill set.

Author Comment

ID: 21869958
Oops... I should add that yes, when I say "logged on locally" I mean physically sitting down at the server and logging on.
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

LVL 38

Accepted Solution

Hypercat (Deb) earned 500 total points
ID: 21875082
If they log on to the TS using domain accounts, as opposed to local accounts on the TS, you need to check in the users' properties in Active Directory to see if they have roaming profiles set up.  If they're logging on locally with accounts that are created locally on the TS, then check out their local accounts to see if their profiles are using a different path than the local default (i.e., C:\Documents and Settings, etc.) path.  

Author Comment

ID: 21876911
The setup is actually using a workgroup as opposed to a domain, as lame as that is. Interestingly enough, while reading your post it occured to me what happened. I forgot that the Police Department is running a terminal server and a separate file server and the user installed the licenses on the file server. I had her remote into the TS using the same login and install a test certificate and it worked fine. Since we have the profiles locked down hardcore, I had to find a way to temporarily disable the group policy settings so I found a program that could do that:
Worked like a charm once we found a backdoor to run the program from her flash drive. From there we were able to get the licenses to show and although there are a few quirks still, I seem to have figured out what was going wrong. Thanks a lot for the help and for inspiring a resolution.

Author Closing Comment

ID: 31470735
I'm not sure what the proper protocol is for this since you didn't actually come up with the exact solution but I gave you partial ratings, A (Excellent) grade for your help.
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 21877496
Hey - glad you found the resolution, and thanks for awarding the points!

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question