Solved

Terminal Server via Web Browser

Posted on 2010-09-14
14
536 Views
Last Modified: 2012-08-13
I have been asked to set up a 2003 TS w/ web connectivity for TSWEB.

I installed the TS web connectivity feature and WWW Service. Then added new rules to allow http/https to the server on the firewall.

still cannot connect. Any ideas would be really appreciates. I do not know IIS at all.

THanks - SJMP
0
Comment
Question by:sparkis
  • 8
  • 5
14 Comments
 

Author Comment

by:sparkis
ID: 33674196
Actually. I can access it via the web internally so the server is not the issue just the firewall.

I have a sonciwall tz170 in place. Logs say that it dropped the request due to rule 10 - which is default deny al. But I have rules 5,6 which say allow http/https to the TSWEB server
0
 

Author Comment

by:sparkis
ID: 33674225
How can I enable HTTPS on here, assume it is in IIS. At default site level or at tsweb level?

And do I need a new cert or can I use a local created one
0
 
LVL 17

Accepted Solution

by:
Tony Massa earned 500 total points
ID: 33674439
You have to install the cert on the web directory where the TSWeb app is installed.  You can use a cert from a CA on your domain, use OpenSSL, or the IIS Resource Kit from MS has a utility called SELFSSL that you can use to create a certificate:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en

http://mystyleit.com/blogs/mystyleit/archive/2008/01/14/creating-a-ssl-certificate-with-selfssl.aspx

Users will get a warning every time unless you add the web cert to the "Trusted Root Certification Authorities" store.
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 33674449
My post wasn't clear...install the SSL cert on the site, then make the TSWeb app require SSL
0
 

Author Comment

by:sparkis
ID: 33674828
I installed the IIS Resource Kit - can you just help me with the switches - will this work for what I want to do:

selfssl.exe /N:CN=LOCALCOMPUTER /K:1024 /V:7 /S:1 /P:443
0
 

Author Comment

by:sparkis
ID: 33674858
i see on the other post it says NOT to install / run SelfSSL on the IIS server. Is that the case
0
 
LVL 8

Expert Comment

by:ZombieAutopsy
ID: 33674952
Check out this thread. Ive used it in the past. works everytime. it also says XP but i have used it on others.

http://www.microsoft.com/windowsxp/using/networking/expert/northrup_03may16.mspx
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:sparkis
ID: 33675121
tmassa99

If I want this to be a permanent trusted cert for the local TSWEB server would this work>

selfssl.exe /T /N:CN=localmachinename /K:1024 /V:3600 /S:1 /P:443

I am adding the /T trusted switch and chaning the validity to much longer than the defualt 7 - is that going to be ok. Then export it and import it on the IIS/TSWEB server?

Thanks,
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 33675136
The author says not to do this because he wants to control the installation of the certificates himself, and not have SELFSSL do it for him automatically.  I can see this if he has multiple websites on a server.  If you have only this "Default" IIS site on your server, then there shouldn't be an issue.

You shouldn't use it, generally, for production systems.  The reason why is simple.  Users that would connect to this site will get a certificate warning because the certificate is self-signed, and therefore cannot be validated.  A potential problem is that a malicious hacker could simply redirect users to a site of their own, and get users to enter username/passwords for your domain.  Since they could use any certificate (users will ignore the warning anyway), the users wouldn't expect anything different.

It's a risk, but is it as big a risk as passing creds in clear text?  Probably not.

As for the command itself, you can run.  Just change the CN= to the URL of your site:
selfssl.exe /N:CN=tsweb.yourdomain.com /K:1024 /V:1825
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 33675160
If you are running the SELFSSL on the machine with IIS, it should try to install it automatically for you.  Then go to IIS and change the SSL settings.
0
 

Author Comment

by:sparkis
ID: 33675202
Great.

And RE: security once I want to use this in production. I should just purchased a real CERT that can be added to root cert's?

Thanks,
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 33675242
Correct.
0
 

Author Comment

by:sparkis
ID: 33675290
thanks
0
 

Author Closing Comment

by:sparkis
ID: 33675295
rock on man. Thanks for sharing the knowledge
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now