We help IT Professionals succeed at work.

TS Gateway let computer without certificate installed through

fanadata
fanadata asked
on
Medium Priority
144 Views
Last Modified: 2015-04-03
Scenario: TS Gateway server set up, self-signed certificate created and installed in root on server. When I test it with a RDP client without the certificate installed, I will still get through with the "normal" prompt of untrusted certificate you always get. I thought the idea was that when running RDP client from a computer without the certificate installed, the TS gateway were to block the computer until the certificate had been installed.

Any thoughts?
Comment
Watch Question

Senior Engineer
Commented:
You are confusing two differnt things. Server authentication to the client and Client authentication to the server. The self signed cert you put on the TS gateway is just there to prove to the client that is in fact connecting to the server it thinks it is connecting to.

If you want the TS gateway to not allow RDP sessions from clients that do not have certificates you will need to configure policies on your TS Gateway or forward authentication to a RADIUS server. In either case you will need to enable certificate based authentication.

Author

Commented:
ok thanks, I will have a look

Explore More ContentExplore courses, solutions, and other research materials related to this topic.