Solved

Terminal Server via Web Browser

Posted on 2010-09-14
14
537 Views
Last Modified: 2012-08-13
I have been asked to set up a 2003 TS w/ web connectivity for TSWEB.

I installed the TS web connectivity feature and WWW Service. Then added new rules to allow http/https to the server on the firewall.

still cannot connect. Any ideas would be really appreciates. I do not know IIS at all.

THanks - SJMP
0
Comment
Question by:sparkis
  • 8
  • 5
14 Comments
 

Author Comment

by:sparkis
ID: 33674196
Actually. I can access it via the web internally so the server is not the issue just the firewall.

I have a sonciwall tz170 in place. Logs say that it dropped the request due to rule 10 - which is default deny al. But I have rules 5,6 which say allow http/https to the TSWEB server
0
 

Author Comment

by:sparkis
ID: 33674225
How can I enable HTTPS on here, assume it is in IIS. At default site level or at tsweb level?

And do I need a new cert or can I use a local created one
0
 
LVL 17

Accepted Solution

by:
Tony Massa earned 500 total points
ID: 33674439
You have to install the cert on the web directory where the TSWeb app is installed.  You can use a cert from a CA on your domain, use OpenSSL, or the IIS Resource Kit from MS has a utility called SELFSSL that you can use to create a certificate:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en

http://mystyleit.com/blogs/mystyleit/archive/2008/01/14/creating-a-ssl-certificate-with-selfssl.aspx

Users will get a warning every time unless you add the web cert to the "Trusted Root Certification Authorities" store.
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 33674449
My post wasn't clear...install the SSL cert on the site, then make the TSWeb app require SSL
0
 

Author Comment

by:sparkis
ID: 33674828
I installed the IIS Resource Kit - can you just help me with the switches - will this work for what I want to do:

selfssl.exe /N:CN=LOCALCOMPUTER /K:1024 /V:7 /S:1 /P:443
0
 

Author Comment

by:sparkis
ID: 33674858
i see on the other post it says NOT to install / run SelfSSL on the IIS server. Is that the case
0
 
LVL 8

Expert Comment

by:ZombieAutopsy
ID: 33674952
Check out this thread. Ive used it in the past. works everytime. it also says XP but i have used it on others.

http://www.microsoft.com/windowsxp/using/networking/expert/northrup_03may16.mspx
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:sparkis
ID: 33675121
tmassa99

If I want this to be a permanent trusted cert for the local TSWEB server would this work>

selfssl.exe /T /N:CN=localmachinename /K:1024 /V:3600 /S:1 /P:443

I am adding the /T trusted switch and chaning the validity to much longer than the defualt 7 - is that going to be ok. Then export it and import it on the IIS/TSWEB server?

Thanks,
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 33675136
The author says not to do this because he wants to control the installation of the certificates himself, and not have SELFSSL do it for him automatically.  I can see this if he has multiple websites on a server.  If you have only this "Default" IIS site on your server, then there shouldn't be an issue.

You shouldn't use it, generally, for production systems.  The reason why is simple.  Users that would connect to this site will get a certificate warning because the certificate is self-signed, and therefore cannot be validated.  A potential problem is that a malicious hacker could simply redirect users to a site of their own, and get users to enter username/passwords for your domain.  Since they could use any certificate (users will ignore the warning anyway), the users wouldn't expect anything different.

It's a risk, but is it as big a risk as passing creds in clear text?  Probably not.

As for the command itself, you can run.  Just change the CN= to the URL of your site:
selfssl.exe /N:CN=tsweb.yourdomain.com /K:1024 /V:1825
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 33675160
If you are running the SELFSSL on the machine with IIS, it should try to install it automatically for you.  Then go to IIS and change the SSL settings.
0
 

Author Comment

by:sparkis
ID: 33675202
Great.

And RE: security once I want to use this in production. I should just purchased a real CERT that can be added to root cert's?

Thanks,
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 33675242
Correct.
0
 

Author Comment

by:sparkis
ID: 33675290
thanks
0
 

Author Closing Comment

by:sparkis
ID: 33675295
rock on man. Thanks for sharing the knowledge
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now