Solved

Windows 2008 RDS old autosign certificate steal used as a trusted certificate has benn installed

Posted on 2011-03-14
6
590 Views
Last Modified: 2013-12-24
Hi,

I have installed an RDS server with these roles :
- RD Session host
- RD Web access
- RDGateway

Waiting for a trusted certificate, i installed a self signed certificate : "mycomputer.mydomain.com". All the roles were fonctionning with the normal warning "computer not safe, can't verify certificate"

I finaly got my trusted certificate "mysite.mydomain.com", and configured it in remote app, rd session, rd gateway... The trusted certifcate appear clearly in IE browser, the connection occured without warning. But when I run a remote app, the old self signed certificate is steal in used...

I have checked all configuration I know, I can't find any notice of the old self signed certificate !...

Any Idea of cache, or a mystery hidden certificate configuration ...

Thanks a lot !
0
Comment
Question by:stconseil
  • 4
  • 2
6 Comments
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 35131006
0
 

Assisted Solution

by:stconseil
stconseil earned 0 total points
ID: 35131465
Thanks for you answer...

The old self signed certificat was steal in remote desktop certificates store. I removed It and import the trusted certificate. The import worked , but the self signed certificate always come back in this store. The self signed certificate is only visible in this store, Remote desktop...

Know, the authentication of the user steal worked to log in the rd web page, but fail when i launch a remote app...

I'm searching and trying again...
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35131659
Remove from IIS and any other location as well
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Assisted Solution

by:stconseil
stconseil earned 0 total points
ID: 35131708
The self signed certifcate was only in the remote desktop store...

I've found another way to modify the remote desktop certificate :

http://blogs.nelite.com/blogs/yvarloud/archive/2010/04/05/windows-server-2008-amp-r2-remote-desktop-services-certificate.aspx

I'll try...
0
 

Author Comment

by:stconseil
ID: 35132380

It works !!

Thanks to dariusq...
0
 

Author Closing Comment

by:stconseil
ID: 35171000
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Articles on a wide range of technology and professional topics are available on Experts Exchange. These resources are written by members, for members, and can be written about any topic you feel passionate about. Learn how to best write an article t…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now