How to require SSL connection via RDC

Posted on 2009-12-20
Last Modified: 2013-11-21
I edited the terminal services on a remote Windows Server version 2003 SP2.
It says to use a SSL certificate at High level.
I can connect using the RDC (Windows 7) client using the domain and the lock occurs on the taskbar at the top. What is not working is I am also able to connect using RDC and just a IP address and no SSL. I want to require the domain being used so that the SSL will have to be used. Any ideas (please be specific)?

Question by:TrueBlue
    LVL 18

    Expert Comment

    by:Andrew Davis
    RDP has built in encryption.
    see 128-bit encryption, using the RC4 encryption algorithm, as of Version 6.[15] Older implementations suffer from a man-in-the-middle vulnerability, which can allow an attacker to decrypt the encrypted streams by recording the encryption key as it is transmitted.[16]


    Author Comment

    I am able to connect with the remote server securely by using
    The problem I can also connect using the IP address with no https required and no lock icon on the taskbar.
    Any ideas how I can force a secure connection using ssl?
    LVL 18

    Accepted Solution

    unsure what you are trying to do.
    are you using a browser (IE, Firefox,...) to goto the web site that allows connection to the server.
    or are you running mstsc and putting in the (although this should not work.

    if it is the first then all you are doing is securely launching the mstsc client software. all RDP connections are encrypted as per my first post.


    Author Comment

    Trying to eliminate Remote Desktop Man in the Middle from the list of Non PCI compliant issues with our server. As I said I can not connect using RDC / browser to our server using a domain / SSL, but so can anyone else using the static IP address and no SSL. So I would imagine the scanner is going to try this method and fail. Is this more clear? TIA
    P.S. I apparentlyly haver version 5.2 in Windows Server 2003?
    LVL 7

    Assisted Solution

    follow this guide .I'm assuming you have a valid certificate from verisign or another CA store,

    Author Comment

    I have already done this :)
    My problem is that the two IP addresses that are assigned to the VPS allow a person to access the control panel without using the SSL certificate. It only is enforced when using a domain to access the control panel. Any ideas?

    Featured Post

    Why spend so long doing email signature updates?

    Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

    Join & Write a Comment

    Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
    Know what services you can and cannot, should and should not combine on your server.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now