?
Solved

Securing RDP and TS Web connections to server

Posted on 2010-01-03
8
Medium Priority
?
530 Views
Last Modified: 2013-11-21
I have a newly installed Windows Server 2003 Enterprise server running terminal server in application server mode.  I have all the apps installed and working fine.  I now want to secure connections to this server so I can provide access from the internet.  I ran MMC and added the "certificates" snap-in so I could run the CRW.  The certificates MMC on local computer shows the "personal" folder but no certificates appear under personal.  When I right-click on "personal" and go to all tasks-request new certificate, I get the following message:

The wizard cannot be started because of one or more of the following conditions:  
1)  There are no trusted CA's available  
2)  you do not have the permissions to request certs from the available CA's  
3)  The available CA's issue certs for which you do not have permissions.

How can I generate a certificate request to secure RDP?  I'm going to use Thawte certs so I don't have to worry about trusted roots CA's on various remote clients.  Do I get a standard SSL cert and will that support TLS?  Finally, is it overkill if I'm not worried about server verification?  In other words, will the standard RDP encryption be sufficient to secure client communications without exposing sensitive data to interception?

Thanks so much for your help!!
0
Comment
Question by:JDBTech
  • 4
  • 3
8 Comments
 
LVL 37

Accepted Solution

by:
Jian An Lim earned 750 total points
ID: 26170209
the encryption always secure but annoying if it is not trusted.

it do not compromise your encryption.


i have used a wildcard certificate and it works.

personally, you can turn it off, but its up to you.

0
 
LVL 31

Assisted Solution

by:Cláudio Rodrigues
Cláudio Rodrigues earned 750 total points
ID: 26171925
Honestly in over 15 years doing Citrix/TS installations worldwide for environments ranging from 2 users to 50,000 concurrent users, I am still to see a single case where RDP was hacked in an environment that took the minimum security steps to lock it down propertly (i.e. renaming the administrator account, having strong passwords and so on).
I never bothered using certificates with RDP, unless the client for some personal/obscure/mystical reason demanded it.
If you still want to do it, the step-by-step guide from Microsoft is listed here:
http://support.microsoft.com/kb/895433

Cláudio Rodrigues
Citrix CTP
0
 

Author Comment

by:JDBTech
ID: 26173051
Thanks for the responses.  

One follow-up, with regard to the CRW, when I right-click on "personal" and go to all tasks-request new certificate, I get the following message:

The wizard cannot be started because of one or more of the following conditions:  
1)  There are no trusted CA's available  
2)  you do not have the permissions to request certs from the available CA's  
3)  The available CA's issue certs for which you do not have permissions.

I'm not sure what could be causing this error and my research on this error didn't produce any results.  Does anyone have a suggestion?
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 26173057
Did you try adding the Root Certificate from your CA to the computer where you are requesting the certificate from?

Cláudio Rodrigues
Citrix CTP
0
 

Author Comment

by:JDBTech
ID: 26173197
I don't even get far enough to do a request.  As soon as I click on "request certificate" it displays the error.
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 26173240
Regardless, did you get the Root Certificate loaded on that computer?

Cláudio Rodrigues
Citrix CTP
0
 

Author Comment

by:JDBTech
ID: 26173303
I was going to load a Thawte SSL cert so the Thawte root CA should already be loaded, correct?
0
 

Author Closing Comment

by:JDBTech
ID: 31672205
Question was partially answered.  Problem with CRW is unresolved.  However, advice on terminal server security was what I was looking for.  Thanks!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question