+ Post New Thread
Results 1 to 14 of 14
Windows 7 Thread, RDP error in Technical; ok tried to connect to schools Terminal Server (2K8) Via a TS Gateway (from outside) now this worked fine in ...
  1. #1
    k-strider's Avatar
    Join Date
    Oct 2006
    Location
    Gloucester
    Posts
    357
    Thank Post
    7
    Thanked 40 Times in 30 Posts
    Rep Power
    23

    RDP error

    ok tried to connect to schools Terminal Server (2K8) Via a TS Gateway (from outside)

    now this worked fine in Vista before i blew away the Laptop to install Win7 Beta

    i now get this error

    The remote computer could not be authenticated due to problems with its security certificate. it may be unsafe to proceed.

    Certificate name
    Name in the Certificate from the remote computer:
    TSServerName.My_internal_Domain.lan

    Certificate errors
    The Following errors were encountered while validating the remote computer's certificate:
    A revocation check could not be performed for the certificate.

    You cannot proceed because authentication is required.

    Now the TS gateway mydesktop.schoolsdomain.sch.uk has a real proper Trustico Certificate, but obviously the actually Terminal Servers has an internally generated certificate from the domans Certificate authority.. the Cert is valid and working. even installing the root cert of my internal domain as a trusted root authority doesn't resolve it...

    Anyone tried RDPing yet from Win 7 via a TS gateway???

  2. #2
    k-strider's Avatar
    Join Date
    Oct 2006
    Location
    Gloucester
    Posts
    357
    Thank Post
    7
    Thanked 40 Times in 30 Posts
    Rep Power
    23
    Ok.. this adds to the mystery.. using the TS gateway i can connect to a 2K3 server that is accepting RDP sessions. by manually filling out the RDP connection settings... manually filling them out for the 2K8 TS server i get the same error... so it must be something between 2K8 and Win7... a new feature / check that MS added either to 2K8 or Win7 that only gets tested between the two.... hum...

    Edit... Interestingly I can connect to a normal 2K8 Server.. Via the TS gateway.. just not the actual Terminal Server!!
    Last edited by k-strider; 26th January 2009 at 11:42 PM.

  3. #3

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    I think you need to look at what that (internal) certificate says about revocation via view certificate or whatever W7 has now - it probably points to somewhere internal you can't get to from the outside world.

    You might be able to turn off revocation checking somewhere. Or you can, with a little effort, make certificates with custom revocation info.. or even no revocation info.

  4. #4
    k-strider's Avatar
    Join Date
    Oct 2006
    Location
    Gloucester
    Posts
    357
    Thank Post
    7
    Thanked 40 Times in 30 Posts
    Rep Power
    23
    i fixed this the otherday so i thought i should say what i did encase anyone else comes acropper

    The Terminal Server was using cert signed by my CA, compname.internal.lan by changing the cert to a auto generated one the Win7 clients then started to connect just fine :-)

    The TS gateway kept its Real world signed Cert

  5. #5

    Join Date
    Jun 2009
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    What do you mean by an auto generated certificate?

  6. #6
    k-strider's Avatar
    Join Date
    Oct 2006
    Location
    Gloucester
    Posts
    357
    Thank Post
    7
    Thanked 40 Times in 30 Posts
    Rep Power
    23
    see attached
    Attached Images Attached Images

  7. #7

    Join Date
    Apr 2008
    Location
    England
    Posts
    84
    Thank Post
    2
    Thanked 12 Times in 8 Posts
    Rep Power
    0
    Possibly you have enabled NLA, this is new for W2008 and causes non-connections for older clients (Network Level Authentication)

  8. #8

    Join Date
    Nov 2009
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    It seems im missing some little piece to this issue. I believe on a few win7 pro clients i need to set the certs to auto generated as K strider has shown, however win7 doesnt contian tsconfig, is there another way to do this on win7 pro so I can connect to 2008 servers?

  9. #9
    k-strider's Avatar
    Join Date
    Oct 2006
    Location
    Gloucester
    Posts
    357
    Thank Post
    7
    Thanked 40 Times in 30 Posts
    Rep Power
    23
    i had to set the Terminal Server certificate to Autogenerated.. as per the picture i posted earlier..

    Administrative tools -> Terminal services -> Terminal Services Configuration.
    Right Click RDP-TCP under the connectiosn box Properties... the bottom of the genral TAG chose autogenerated.
    Last edited by k-strider; 25th November 2009 at 10:52 AM.

  10. #10
    RobFuller's Avatar
    Join Date
    Feb 2007
    Location
    Chelmsford
    Posts
    312
    Thank Post
    82
    Thanked 39 Times in 29 Posts
    Rep Power
    22
    Quote Originally Posted by k-strider View Post
    i fixed this the otherday so i thought i should say what i did encase anyone else comes acropper

    The Terminal Server was using cert signed by my CA, compname.internal.lan by changing the cert to a auto generated one the Win7 clients then started to connect just fine :-)

    The TS gateway kept its Real world signed Cert

    I tried that but my home machine (not domain aware) sulks at a unidentified certificate, even when I try importing the certificate (user and computer) it still sulks.
    What the heck have Microsoft done, looked around the web and this seems to be a common problem! I would love to get this sorted so I can offer the service to some of our staff.

  11. #11

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180
    If it's anything like Citrix Secure Gateway, all the certificates along the length (so each hop) of the connection have to be trusted by each of the machines. This is so that you are gauranteed of a secure connection from start to finish.

    My Secure Gateway connection takes advantage of this to limit who can access it. By installing the required certificate on machines that you trust (and license) to use the connection, you limit who can get access

  12. #12

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,038
    Thank Post
    160
    Thanked 909 Times in 713 Posts
    Blog Entries
    3
    Rep Power
    270
    I might not be anyhelp here, i just know 2k8 can be a pain... by anychance do you use the more secure option? and if so have to tried using the less secure way?

    Note: I have not using TSgateway for 2k8 but just a thought

    James.
    Attached Images Attached Images

  13. #13

    Join Date
    May 2010
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thank You k-strider. That solved my problem. A+

  14. #14

    Join Date
    Jul 2012
    Location
    NJ
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thank you k-strider this solved an issue I was having within my corporate network as well!

SHARE:
+ Post New Thread

Similar Threads

  1. [SIMS] Sims RDP error
    By WebbA in forum MIS Systems
    Replies: 11
    Last Post: 4th October 2012, 12:22 PM
  2. RDP shortcuts not working
    By firefighting in forum Wireless Networks
    Replies: 5
    Last Post: 4th June 2008, 06:15 PM
  3. rdp niggle
    By Jamie_a in forum Windows
    Replies: 0
    Last Post: 23rd January 2008, 01:56 PM
  4. MS RDP Client V6 available
    By Norphy in forum Windows
    Replies: 2
    Last Post: 29th November 2006, 10:21 AM
  5. RDP Server for Linux
    By fooby in forum *nix
    Replies: 4
    Last Post: 27th April 2006, 09:44 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •