Why do my installed SSL Client Certificates show up when I log into a profile locally but they do not when I log into the profile remotely through terminal services?

Posted on 2008-06-25
Last Modified: 2010-04-21
Here's the scoop: I just installed SSL Client Certificates for a profile on my server. When I log into the profile locally, the certificates show up. When I login remotely through terminal services, they don't.

To give some background, I have police laptops that remote into a server with locked down profiles using 3G air cards plugged into toughbooks. Once logged into the server, they access their database and are able to surf to a list of whitelisted websites in IE6.

One particular website uses SSL security certificates to verify client identities. When I go to this particular website, using the same profile, the certificates work fine when logged in locally but don't show up when logged in remotely.

Any guidance on what security settings are causing this and how to fix this?
Question by:malatex
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 21869433
When you say "when logged on locally," do you mean logging on to the terminal server directly using the user's name and password?  How do you have the profiles set up for TS users, using roaming profiles or just local profiles on the TS?

Author Comment

ID: 21869951
I'm almost positive they are just local profiles on the TS. Since we aren't running a VPN I'm not sure that roaming profiles would even work. I apologize for my ignorance as I'm a tech doing admin work that is kinda' outside of my current skill set.

Author Comment

ID: 21869958
Oops... I should add that yes, when I say "logged on locally" I mean physically sitting down at the server and logging on.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

LVL 38

Accepted Solution

Hypercat (Deb) earned 500 total points
ID: 21875082
If they log on to the TS using domain accounts, as opposed to local accounts on the TS, you need to check in the users' properties in Active Directory to see if they have roaming profiles set up.  If they're logging on locally with accounts that are created locally on the TS, then check out their local accounts to see if their profiles are using a different path than the local default (i.e., C:\Documents and Settings, etc.) path.  

Author Comment

ID: 21876911
The setup is actually using a workgroup as opposed to a domain, as lame as that is. Interestingly enough, while reading your post it occured to me what happened. I forgot that the Police Department is running a terminal server and a separate file server and the user installed the licenses on the file server. I had her remote into the TS using the same login and install a test certificate and it worked fine. Since we have the profiles locked down hardcore, I had to find a way to temporarily disable the group policy settings so I found a program that could do that:
Worked like a charm once we found a backdoor to run the program from her flash drive. From there we were able to get the licenses to show and although there are a few quirks still, I seem to have figured out what was going wrong. Thanks a lot for the help and for inspiring a resolution.

Author Closing Comment

ID: 31470735
I'm not sure what the proper protocol is for this since you didn't actually come up with the exact solution but I gave you partial ratings, A (Excellent) grade for your help.
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 21877496
Hey - glad you found the resolution, and thanks for awarding the points!

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Configuring Remote Assistance for use with SCCM
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question