Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Terminal Server via Web Browser

Posted on 2010-09-14
14
Medium Priority
?
547 Views
Last Modified: 2012-08-13
I have been asked to set up a 2003 TS w/ web connectivity for TSWEB.

I installed the TS web connectivity feature and WWW Service. Then added new rules to allow http/https to the server on the firewall.

still cannot connect. Any ideas would be really appreciates. I do not know IIS at all.

THanks - SJMP
0
Comment
Question by:sparkis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
14 Comments
 

Author Comment

by:sparkis
ID: 33674196
Actually. I can access it via the web internally so the server is not the issue just the firewall.

I have a sonciwall tz170 in place. Logs say that it dropped the request due to rule 10 - which is default deny al. But I have rules 5,6 which say allow http/https to the TSWEB server
0
 

Author Comment

by:sparkis
ID: 33674225
How can I enable HTTPS on here, assume it is in IIS. At default site level or at tsweb level?

And do I need a new cert or can I use a local created one
0
 
LVL 17

Accepted Solution

by:
Tony Massa earned 2000 total points
ID: 33674439
You have to install the cert on the web directory where the TSWeb app is installed.  You can use a cert from a CA on your domain, use OpenSSL, or the IIS Resource Kit from MS has a utility called SELFSSL that you can use to create a certificate:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en

http://mystyleit.com/blogs/mystyleit/archive/2008/01/14/creating-a-ssl-certificate-with-selfssl.aspx

Users will get a warning every time unless you add the web cert to the "Trusted Root Certification Authorities" store.
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 
LVL 17

Expert Comment

by:Tony Massa
ID: 33674449
My post wasn't clear...install the SSL cert on the site, then make the TSWeb app require SSL
0
 

Author Comment

by:sparkis
ID: 33674828
I installed the IIS Resource Kit - can you just help me with the switches - will this work for what I want to do:

selfssl.exe /N:CN=LOCALCOMPUTER /K:1024 /V:7 /S:1 /P:443
0
 

Author Comment

by:sparkis
ID: 33674858
i see on the other post it says NOT to install / run SelfSSL on the IIS server. Is that the case
0
 
LVL 8

Expert Comment

by:ZombieAutopsy
ID: 33674952
Check out this thread. Ive used it in the past. works everytime. it also says XP but i have used it on others.

http://www.microsoft.com/windowsxp/using/networking/expert/northrup_03may16.mspx
0
 

Author Comment

by:sparkis
ID: 33675121
tmassa99

If I want this to be a permanent trusted cert for the local TSWEB server would this work>

selfssl.exe /T /N:CN=localmachinename /K:1024 /V:3600 /S:1 /P:443

I am adding the /T trusted switch and chaning the validity to much longer than the defualt 7 - is that going to be ok. Then export it and import it on the IIS/TSWEB server?

Thanks,
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 33675136
The author says not to do this because he wants to control the installation of the certificates himself, and not have SELFSSL do it for him automatically.  I can see this if he has multiple websites on a server.  If you have only this "Default" IIS site on your server, then there shouldn't be an issue.

You shouldn't use it, generally, for production systems.  The reason why is simple.  Users that would connect to this site will get a certificate warning because the certificate is self-signed, and therefore cannot be validated.  A potential problem is that a malicious hacker could simply redirect users to a site of their own, and get users to enter username/passwords for your domain.  Since they could use any certificate (users will ignore the warning anyway), the users wouldn't expect anything different.

It's a risk, but is it as big a risk as passing creds in clear text?  Probably not.

As for the command itself, you can run.  Just change the CN= to the URL of your site:
selfssl.exe /N:CN=tsweb.yourdomain.com /K:1024 /V:1825
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 33675160
If you are running the SELFSSL on the machine with IIS, it should try to install it automatically for you.  Then go to IIS and change the SSL settings.
0
 

Author Comment

by:sparkis
ID: 33675202
Great.

And RE: security once I want to use this in production. I should just purchased a real CERT that can be added to root cert's?

Thanks,
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 33675242
Correct.
0
 

Author Comment

by:sparkis
ID: 33675290
thanks
0
 

Author Closing Comment

by:sparkis
ID: 33675295
rock on man. Thanks for sharing the knowledge
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question