locked
RDP over SSL RRS feed

  • Question

  • I'm configuring Vista Ultimate x64 for secure RDP but I don't see an option to configure an SSL, so that when I connect I get a lock icon in the connection bar what am I missing?
    Thursday, July 9, 2009 5:32 AM

Answers

  • Hi,

     

    Thank you for updating.

     

    From the guide, we can see that the Group Policy Object is configured for securing the host (from Figure A to Figure G) and we can just configure SSL (TLS 1.0) in the item “Require Use Of Specific Security Layer For Remote (RDP) Connections to SSL” (Figure E).

     

    At this time, please perform the steps again referring to the section “Secure configuration for Vista RDP host” to secure the Windows Vista x64 host; then perform the rest steps to see if the secured RDP connection can be established with the guide.

     

    If there are anything I can help, please feel free to let me know. I am happy to be of further assistance.

     

    Thanks!


    Nicholas Li - MSFT
    • Marked as answer by Premgenius Saturday, July 18, 2009 7:08 PM
    Wednesday, July 15, 2009 9:02 AM
    Moderator

All replies

  • Hi,

     

    Thank you for your post.

     

    To make the issue clear, please provide us the following information:

     

    1.    Which host machine will this Windows Vista Ultimate x64 establish the RDP connection with, a TS Gateway on your network or other Windows Vista computer?

     

    2.    I noticed that you get “a lock icon in the connection bar” when you establish the connection, please capture a screenshot on this:

     

    Capture a screenshot

    ==============

    1)   Press the Print Screen key (PrtScn) on your keyboard.

    2)   Click the "Start" menu, type "mspaint" in the Search Bar and Press Enter.

    3)   In the Paint program, click the "Edit" menu, click "Paste", click the "File" menu, and click "Save".

    4)   The "Save As" dialogue box will appear. Type a file name in the "File name:" box, for example: "screenshot".

    5)   Make sure "JPEG (*.JPG;*.JPEG;*.JPE;*.JFIF)" is selected in the "Save as type" box, click “Desktop” on the left pane and then click "Save".

     

    Please upload the picture to Windows Live SkyDrive (http://www.skydrive.live.com/) and share its URL with us.

     

    Meanwhile, I would like to share the following documents for your reference:

     

    Connect to another computer using Remote Desktop Connection

    http://windowshelp.microsoft.com/Windows/en-US/Help/02ddfbec-7a97-4788-9d54-86f174a95f841033.mspx

     

    Remote Desktop Connection: frequently asked questions

    http://windowshelp.microsoft.com/Windows/en-US/Help/f55326fa-e629-423b-abba-b30f76cc61e61033.mspx

     

    Configuring authentication and encryption

    http://technet.microsoft.com/en-us/library/cc782610(WS.10).aspx

     

    Thanks.


    Nicholas Li - MSFT
    Friday, July 10, 2009 6:20 AM
    Moderator
  • Hi,

    Thank you for your response.

    I'm using this http://articles.techrepublic.com.com/5100-10878_11-6166676.html to setup my Windows Vista Ultimate x64 computer to have a a secure RDP but I'm unable to set and SSL certificate and from what I understand is RDP is connecting to RDP over SSL then and lock icon appears as this article http://www.petri.co.il/securing_rdp_communications.htm (http://www.petri.co.il/images/secure_rdp_022.jpg) but in that they are using Windows Server 2003.


    Friday, July 10, 2009 7:38 PM
  • Hi,

     

    Thank you for updating.

     

    Since this question is related to your specific network environment, we still need some detail information about this:

     

    1.    Are the computers in a domain or workgroup?

    2.    Which host will this Windows Vista x64 computer establish the RDP connection with? Or if this Windows Vista x64 computer is just the host, please let me know which computer will connect to it.

     

    After getting this, we can perform some further researches.

     

    By the way, with regard to the document you referred to, since it is for Windows Server 2003 and Remote Desktop Connection version is 5.2.3790.1830, I suspect the steps are not proper for Windows Vista. I also want to know if you can establish the connection referring to “http://articles.techrepublic.com.com/5100-10878_11-6166676.html”?

     

    Thanks again for your efforts.


    Nicholas Li - MSFT
    Monday, July 13, 2009 8:36 AM
    Moderator
  • Thank you and sorry.

    1. Computer is in Workgroup.
    2. Windows Vista x64 shall be the host. Windows XP and Vista machines will connect to the host and all clients are using the most up to date version of RDP.

    Using the guide http://articles.techrepublic.com.com/5100-10878_11-6166676.html I can setup the Vista configuration as in the guide but I dont get a certificate prompt.
    Tuesday, July 14, 2009 5:14 AM
  • Hi,

     

    Thank you for your response.

     

    I also performed some tests according to the guide “http://articles.techrepublic.com.com/5100-10878_11-6166676.html” and it worked. Please try this guide step by step again and check the results.

     

    Meanwhile, I would like to suggest:

     

    1.    Please ensure that the RDP Remote Desktop Connection (Terminal Services Client) is up-to-date on the computers:

     

    Remote Desktop Connection (Terminal Services Client 6.0)

    http://support.microsoft.com/kb/925876

     

    Description of the Remote Desktop Connection 6.1 client update for Terminal Services

    http://support.microsoft.com/kb/951616

     

    2.    Note Figure R in the guide; please select “Warn me” (Warn me if authentication fails) in Server authentication option.

     

    What are server authentication options?

    http://windowshelp.microsoft.com/Windows/en-US/Help/e8a25c65-85a1-4031-a243-436a25dfe03b1033.mspx

     

    Hope this helps. Thanks.


    Nicholas Li - MSFT
    Tuesday, July 14, 2009 8:37 AM
    Moderator
  • Hello,

    Thank you.

    I need to confirm one thing on where you installed the SSL on the host so that you get a prompt for the SSL when I connect to the client?
    Wednesday, July 15, 2009 5:21 AM
  • Hi,

     

    Thank you for updating.

     

    From the guide, we can see that the Group Policy Object is configured for securing the host (from Figure A to Figure G) and we can just configure SSL (TLS 1.0) in the item “Require Use Of Specific Security Layer For Remote (RDP) Connections to SSL” (Figure E).

     

    At this time, please perform the steps again referring to the section “Secure configuration for Vista RDP host” to secure the Windows Vista x64 host; then perform the rest steps to see if the secured RDP connection can be established with the guide.

     

    If there are anything I can help, please feel free to let me know. I am happy to be of further assistance.

     

    Thanks!


    Nicholas Li - MSFT
    • Marked as answer by Premgenius Saturday, July 18, 2009 7:08 PM
    Wednesday, July 15, 2009 9:02 AM
    Moderator
  • Hi,

     

    I'm just writing to see how things are going on there.

     

    Did the information we provided satisfies your query? If there is anything we can do for you here in this thread, please feel free to post back here. It is my pleasure to be of assistance.

     

    Thanks!


    Nicholas Li - MSFT
    Friday, July 17, 2009 10:57 AM
    Moderator
  • Nicholas I've not had a chance to try this but I shall mark the previous response. Thank you for all the help
    Saturday, July 18, 2009 7:10 PM
  • Hi,

     

    Thank you for updating

     

    I understand that you might be quite busy or not available to work on this issue at this time. If you have any additional information or need further assistance, feel free to let me know at your earliest convenience.

     

    Thanks again for your time.


    Nicholas Li - MSFT
    Monday, July 20, 2009 11:08 AM
    Moderator
  • I finally got a chance to do this and it worked perfectly I'm not sure what I missed in the first.

    My question now is is it possible to replace the self-cert with a trusted cert with a matching name?
    Monday, July 27, 2009 7:02 PM
  • Hi,

     

    I am glad to know the good news that it worked.

     

    Regarding your question that whether it is possible to replace the certificate, based on my research, I think it is possible and I would like to share the following with you for your reference:

     

    Microsoft Public Key Infrastructure (PKI)

    http://www.microsoft.com/windowsserver2003/technologies/pki/default.mspx

     

    Windows PKI blog

    http://blogs.technet.com/pki/

     

    Hope this helps. Thanks.

     


    Nicholas Li - MSFT
    Tuesday, July 28, 2009 8:32 AM
    Moderator
  • I just want to say hi and to see how thing are going there. If you would like further assistance, please do not hesitate to let me know. Thanks, and have a great day!


    Nicholas Li - MSFT
    Friday, July 31, 2009 11:38 AM
    Moderator