Terminal Server via Web Browser

I have been asked to set up a 2003 TS w/ web connectivity for TSWEB.

I installed the TS web connectivity feature and WWW Service. Then added new rules to allow http/https to the server on the firewall.

still cannot connect. Any ideas would be really appreciates. I do not know IIS at all.

THanks - SJMP
sparkisAsked:
Who is Participating?
 
Tony MassaCommented:
You have to install the cert on the web directory where the TSWeb app is installed.  You can use a cert from a CA on your domain, use OpenSSL, or the IIS Resource Kit from MS has a utility called SELFSSL that you can use to create a certificate:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en

http://mystyleit.com/blogs/mystyleit/archive/2008/01/14/creating-a-ssl-certificate-with-selfssl.aspx

Users will get a warning every time unless you add the web cert to the "Trusted Root Certification Authorities" store.
0
 
sparkisAuthor Commented:
Actually. I can access it via the web internally so the server is not the issue just the firewall.

I have a sonciwall tz170 in place. Logs say that it dropped the request due to rule 10 - which is default deny al. But I have rules 5,6 which say allow http/https to the TSWEB server
0
 
sparkisAuthor Commented:
How can I enable HTTPS on here, assume it is in IIS. At default site level or at tsweb level?

And do I need a new cert or can I use a local created one
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
Tony MassaCommented:
My post wasn't clear...install the SSL cert on the site, then make the TSWeb app require SSL
0
 
sparkisAuthor Commented:
I installed the IIS Resource Kit - can you just help me with the switches - will this work for what I want to do:

selfssl.exe /N:CN=LOCALCOMPUTER /K:1024 /V:7 /S:1 /P:443
0
 
sparkisAuthor Commented:
i see on the other post it says NOT to install / run SelfSSL on the IIS server. Is that the case
0
 
ZombieAutopsyCommented:
Check out this thread. Ive used it in the past. works everytime. it also says XP but i have used it on others.

http://www.microsoft.com/windowsxp/using/networking/expert/northrup_03may16.mspx
0
 
sparkisAuthor Commented:
tmassa99

If I want this to be a permanent trusted cert for the local TSWEB server would this work>

selfssl.exe /T /N:CN=localmachinename /K:1024 /V:3600 /S:1 /P:443

I am adding the /T trusted switch and chaning the validity to much longer than the defualt 7 - is that going to be ok. Then export it and import it on the IIS/TSWEB server?

Thanks,
0
 
Tony MassaCommented:
The author says not to do this because he wants to control the installation of the certificates himself, and not have SELFSSL do it for him automatically.  I can see this if he has multiple websites on a server.  If you have only this "Default" IIS site on your server, then there shouldn't be an issue.

You shouldn't use it, generally, for production systems.  The reason why is simple.  Users that would connect to this site will get a certificate warning because the certificate is self-signed, and therefore cannot be validated.  A potential problem is that a malicious hacker could simply redirect users to a site of their own, and get users to enter username/passwords for your domain.  Since they could use any certificate (users will ignore the warning anyway), the users wouldn't expect anything different.

It's a risk, but is it as big a risk as passing creds in clear text?  Probably not.

As for the command itself, you can run.  Just change the CN= to the URL of your site:
selfssl.exe /N:CN=tsweb.yourdomain.com /K:1024 /V:1825
0
 
Tony MassaCommented:
If you are running the SELFSSL on the machine with IIS, it should try to install it automatically for you.  Then go to IIS and change the SSL settings.
0
 
sparkisAuthor Commented:
Great.

And RE: security once I want to use this in production. I should just purchased a real CERT that can be added to root cert's?

Thanks,
0
 
Tony MassaCommented:
Correct.
0
 
sparkisAuthor Commented:
thanks
0
 
sparkisAuthor Commented:
rock on man. Thanks for sharing the knowledge
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.