none
TSC 7 (6.1.7600) ActiveX crashes when attempting to connecting through a TS gateway that uses an untrusted certificate RRS feed

  • Question

  • It only started with this latest version. Has anyone else encountered this issue?

    Seems like the issue is happening when there's a problem with trusting the gateway's certificate. Though I am not sure exactly what trust issues prompt the crash, sometimes it has to do with having self-signed, older, expired certificates, while at other times the gateway will have a properly signed certificate from a well established root CA (these are times where I don't have the exact information to know what prompted the trust to fail). However, when the crash does occur, it will always happen when trying to connect through the gateway with the ActiveX, and trying to connect manually using mstsc.exe will produce an error showing there's a problem trusting the gateway's certificate.

    Here's a stack trace:

    	mstscax.dll!4d7693d8() 	
     	[Frames below may be incorrect and/or missing, no symbols loaded for mstscax.dll]	
     	mstscax.dll!4d7d2834() 	
     	mstscax.dll!4d7d2e24() 	
     	mstscax.dll!4d863967() 	
     	mstscax.dll!4d864e70() 	
     	mstscax.dll!4d864f07() 	
     	mstscax.dll!4d865538() 	
     	mstscax.dll!4d864460() 	
     	mstscax.dll!4d782581() 	
     	user32.dll!7e418734() 	
     	user32.dll!7e418816() 	
     	user32.dll!7e4189cd() 	
     	user32.dll!7e418a10() 	
     	ieframe.dll!3e25e743() 	
     	kernel32.dll!7c80b729()
    
    Has anyone else been affected by this? Any ideas how to get around it?

    Our public gateway is using a certificate that is properly signed by a well known root CA, but still, some of our users are coming across this issue. At the very least I'd like to be able to prevent their browsers from crashing.
    Thanks,
    Leeor.

    • Edited by Leeor A. _ Wednesday, December 22, 2010 2:11 PM Clarity
    Wednesday, December 22, 2010 12:31 PM

All replies

  • Hi,

     

    When some of connections fail together, did you receive any error messages? Terminal Services-Gateway if there are any error logs in Event Viewer?

     

    To check whether the certificate store name is NULL, follow these steps:

    1.       At the command prompt, type the following command, and then press ENTER: netsh http show sslcert  

    2.       Check the value for Certificate Store Name of the first binding that is listening on port 443. A value of (null) indicates that the certificate store name is NULL for that particular binding. 

     

    The hotfix:

    You have problems when you try to connect to the Remote Desktop Gateway (RD Gateway) that is hosted on a computer that is running Windows Server 2008 R2:

    http://support.microsoft.com/kb/976484/en-us


    Technology changes life……
    Friday, December 24, 2010 8:45 AM
    Moderator
  • Thanks Dollar.

    The certificate store name was indeed null. Our IT has changed it and ran windows update, but clients are still crashing.

    Any other ideas?

    Leeor.

    EDIT: To answer your other questions, we do not see any error messages or error logs that seems relevant to the crashes.

    Sunday, January 2, 2011 2:17 PM