Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Terminal Server via Web Browser

Posted on 2010-09-14
14
Medium Priority
?
550 Views
Last Modified: 2012-08-13
I have been asked to set up a 2003 TS w/ web connectivity for TSWEB.

I installed the TS web connectivity feature and WWW Service. Then added new rules to allow http/https to the server on the firewall.

still cannot connect. Any ideas would be really appreciates. I do not know IIS at all.

THanks - SJMP
0
Comment
Question by:sparkis
  • 8
  • 5
14 Comments
 

Author Comment

by:sparkis
ID: 33674196
Actually. I can access it via the web internally so the server is not the issue just the firewall.

I have a sonciwall tz170 in place. Logs say that it dropped the request due to rule 10 - which is default deny al. But I have rules 5,6 which say allow http/https to the TSWEB server
0
 

Author Comment

by:sparkis
ID: 33674225
How can I enable HTTPS on here, assume it is in IIS. At default site level or at tsweb level?

And do I need a new cert or can I use a local created one
0
 
LVL 17

Accepted Solution

by:
Tony Massa earned 2000 total points
ID: 33674439
You have to install the cert on the web directory where the TSWeb app is installed.  You can use a cert from a CA on your domain, use OpenSSL, or the IIS Resource Kit from MS has a utility called SELFSSL that you can use to create a certificate:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en

http://mystyleit.com/blogs/mystyleit/archive/2008/01/14/creating-a-ssl-certificate-with-selfssl.aspx

Users will get a warning every time unless you add the web cert to the "Trusted Root Certification Authorities" store.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 17

Expert Comment

by:Tony Massa
ID: 33674449
My post wasn't clear...install the SSL cert on the site, then make the TSWeb app require SSL
0
 

Author Comment

by:sparkis
ID: 33674828
I installed the IIS Resource Kit - can you just help me with the switches - will this work for what I want to do:

selfssl.exe /N:CN=LOCALCOMPUTER /K:1024 /V:7 /S:1 /P:443
0
 

Author Comment

by:sparkis
ID: 33674858
i see on the other post it says NOT to install / run SelfSSL on the IIS server. Is that the case
0
 
LVL 8

Expert Comment

by:ZombieAutopsy
ID: 33674952
Check out this thread. Ive used it in the past. works everytime. it also says XP but i have used it on others.

http://www.microsoft.com/windowsxp/using/networking/expert/northrup_03may16.mspx
0
 

Author Comment

by:sparkis
ID: 33675121
tmassa99

If I want this to be a permanent trusted cert for the local TSWEB server would this work>

selfssl.exe /T /N:CN=localmachinename /K:1024 /V:3600 /S:1 /P:443

I am adding the /T trusted switch and chaning the validity to much longer than the defualt 7 - is that going to be ok. Then export it and import it on the IIS/TSWEB server?

Thanks,
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 33675136
The author says not to do this because he wants to control the installation of the certificates himself, and not have SELFSSL do it for him automatically.  I can see this if he has multiple websites on a server.  If you have only this "Default" IIS site on your server, then there shouldn't be an issue.

You shouldn't use it, generally, for production systems.  The reason why is simple.  Users that would connect to this site will get a certificate warning because the certificate is self-signed, and therefore cannot be validated.  A potential problem is that a malicious hacker could simply redirect users to a site of their own, and get users to enter username/passwords for your domain.  Since they could use any certificate (users will ignore the warning anyway), the users wouldn't expect anything different.

It's a risk, but is it as big a risk as passing creds in clear text?  Probably not.

As for the command itself, you can run.  Just change the CN= to the URL of your site:
selfssl.exe /N:CN=tsweb.yourdomain.com /K:1024 /V:1825
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 33675160
If you are running the SELFSSL on the machine with IIS, it should try to install it automatically for you.  Then go to IIS and change the SSL settings.
0
 

Author Comment

by:sparkis
ID: 33675202
Great.

And RE: security once I want to use this in production. I should just purchased a real CERT that can be added to root cert's?

Thanks,
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 33675242
Correct.
0
 

Author Comment

by:sparkis
ID: 33675290
thanks
0
 

Author Closing Comment

by:sparkis
ID: 33675295
rock on man. Thanks for sharing the knowledge
0

Featured Post

WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question