TS Gateway service

-

hi,

 

i've created certificate on ts gateway , installed certificate (import) localy on computer. now, regardinig ts cap , rap can connect servers on internal network through rdp.

 

my questions:

- how skip local installation of certificate , publish computers on domain?

- don't have separate ip address sll listener. possible user existing sll certificate (for example exchange/owa , use ts service). in way can create additional rule on isa server. how publish ts gateway service existing ssl certificate?

- real advantage internal/external users use rdp on ts gateway? external - don't need use vpn connection anymore. else?

 

thnx!

 

>1. can please explain type of certificate must generated on enterprise ca?

web server/computer do.

 

>2. yes, mean ssl certificate, used owa. can use same cerficate ts exchange or must new one?

 

if want cer without private key , should create new 1 gateway machine. if have pfx exchange can use that.

 

say the cn of cert exchange.test.com.now gateway can configured use cert putting in certs\mycomputer\personal , configuring properties.

 

but when client wants connect exchange.test.com, requests go exchange.test.com (your exchange machine), can go , edit hosts file or setup dns route requests gateway , connects gateway ip.

 

if want reach original exchange machine without gateway , can change dns/hosts file on client.

 

you can create cert cn as fqdn of gateway machine , configure gateway avoid .

 

==============

 

 

 

from step step guide @ http://technet2.microsoft.com/windowsserver2008/en/library/722f3aa8-2f22-462f-bcc6-72ad31713ddd1033.mspx?mfr=true

 

using existing certificates

if have certificate, can reuse ts gateway server if certificate:

is issued 1 of trusted public cas participate in microsoft root certificate program members program [as listed in article 931125 in microsoft knowledge base (http://go.microsoft.com/fwlink/?linkid=59547 )]; ,

meets certificate requirements ts gateway server .

if certificate not trusted microsoft root certificate program members program (for example, if create , install self-signed certificate on ts gateway server , not manually configure certificate trust terminal services client computer), warning stating not have trusted certificate appears when client attempts connect through ts gateway server, , connection not succeed. prevent error occurring, install certificate onto computer certificate store on client computer before client attempts connect through ts gateway server.

 

--------------------------------------------

======================

 

 

certificate requirements ts gateway

certificates ts gateway must meet these requirements:

the name in subject line of server certificate (certificate name, or cn) must match dns name client uses connect ts gateway server, unless using wildcard certificates or san attributes of certificates. if organization issues certificates enterprise certification authority (ca), certificate template must configured appropriate name supplied in certificate request. if organization issues certificates stand-alone ca, not need this.

note:

if using san attributes of certificates, clients connect ts gateway server must running remote desktop connection (rdc) 6.1. (rdc 6.1 [6.0.6001] supports remote desktop protocol 6.1.). rdc 6.1 included windows server 2008 , windows vista sp1 , windows xp sp3.

the certificate computer certificate.

the intended purpose of certificate server authentication. extended key usage (eku) server authentication (1.3.6.1.5.5.7.3.1).

the certificate has corresponding private key.

the certificate has not expired. recommend certificate valid 1 year date of installation.

a certificate object identifier (also known oid) of 2.5.29.15 not required. however, if certificate plan use contains object identifier of 2.5.29.15, can use certificate if @ least 1 of following key usage values set: cert_key_encipherment_key_usage, cert_key_agreement_key_usage, , cert_data_encipherment_key_usage.

for more information these values, see advanced certificate enrollment , management (http://go.microsoft.com/fwlink/?linkid=74577 ).

the certificate must trusted on clients. is, public certificate of ca signed ts gateway server certificate must located in trusted root certification authorities store on client computer.

 

 



Windows Server  >  Remote Desktop Services (Terminal Services)



Comments

Post a Comment

Popular posts from this blog

Motherboard replacement

-
running windows 10 technical preview, need replace motherboard can run the  sysprep  command restoring pc ? or there easier  or more preferred way ? thanks if replace motherboard within same family of chipsets (i.e. intel > intel or amd > amd), should okay restarting pc twice. carey frisch Windows 10 Insider Preview  >  Windows 10 Insider Preview General
Read more

Cannot create Full Text Search catalog after upgrading to V12 - Database is not fully started up or it is not in an ONLINE state

-
in order access new full text search capiblities of sql azure, upgraded our azure sql v12. (a day later), when try create new catalog: create fulltext catalog mycatalog default i following message: msg 9972, level 16, state 100, line 1 database not started or not in online state. try full-text ddl command again after database started , becomes online. hi scott, apologies inconvenience caused you. known issue on service side , fix going included in next update. specific case mitigated, should able use full-text search syntax now. thanks, mihaela Microsoft Azure  >  Azure SQL Database
Read more

Remote Desktop App - Error 0x207 or 0x607

-
hi all, i manage windows 2012 r2 network, including connection broker, session hosts , remote apps virtual servers.  i've used remote desktop app on own android phone, no issues @ - connects published gateway url , can login , access network. we looking move business onto nokia handsets ms operating system (currently on blackberry), not able connect via remote desktop app on nokia lumia handset. setup, per android config , brings remote apps , remote desktop screen, know can connect.  when select remote desktop, shows following process: initiating remote connection securing remote connection certificate can't verified - choose connect it digitally signed cert (digicert sha2), pc name different physical connection broker name (inherited domain name old gov project - can't publish publicly) initiating establishing securing connection error have been 0x207 getting 0x607 a bit baffled, work on android (and ipad @ home using app). assume ms use d...
Read more