Re: RDP over SSL question

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

But everything I'm reading tells me communication is encryted even though it
is coming through the firewall on port 3389. For instance this article tells
of the few things that do not get encrypted.
http://support.microsoft.com/default.aspx?scid=kb;en-us;275727&FR=1&PA=1&SD=HSCH
So after reading this article it sounds like as long as you are up on SP's
and patches then the only data not encrypted is the Initial Connection and
the Server Certificate. And it states in that article that those contain
non-sensitive information.

Could you be mistaken or am I just not reading things properly?

Thank you and I appreciate your help.

"Cláudio Rodrigues" wrote:

Simply because this is not exactly RDP over SSL. The first paragraph of the
article you pointed is clear:

"Windows 2003 Service Pack 1 included a new feature, RDP over SSL. This
feature will allow you to use TLS authentication and encryption with your
RDP connections using SelfSSL to create the SSL certificate. It still uses
RDP and TCP port 3389 so your firewall rules should not need to be
modified."

"It still uses RDP and TCP port 3389"

This is for authentication purposes only (and for encrypting RDP). But the
old RDP is still running on port TCP 3389.

If you need real RDP over HTTPS (so it can traverse firewalls, HTTPS
proxies, etc) you need, as of today, something like the 2X LoadBalancer
(http://www.2x.com). Or another product called RDP Tunnel or something like
that.

--

Cláudio Rodrigues

Microsoft MVP
Windows Server - Terminal Services
"Maineiac" <Maineiac@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3F74154C-2DC4-40B4-A78E-3EEC3922BBBE@xxxxxxxxxxxxxxxx
I've found sites that explain how to do this and have gotten it working
internally as well. One site for example is here
http://thelazyadmin.com/index.php?/archives/204-Configure-RDP-over-SSL-with-SelfSSL.html

A couple questions though:

1. Why do I keep reading in the newsgroups here that it is not offered
because it is my understanding this came out with 2003 SP1?

2. Now that I have it working internally on a test TS is it safe to open
it
on our firewall so employees can work from home? The TS is requiring SSL
connections.





.

Relevant Pages

  • Re: RDP Port access
    ... Opening port 3389 on the firewall allows *incoming* traffic on port ... The RDP client uses local TCP port X (random port number between 1024 ... When you establish a connection from inside a firewall to a Terminal ...
    (microsoft.public.win2000.termserv.clients)
  • Re: REMOTE DESKTOP NOT WORKING ANY LONGER PLEASE HELP!
    ... If the Vista machine is listening for incoming rdp traffic (on ... whatever port you configure), it sounds to me as a firewall issue. ...
    (microsoft.public.windows.terminal_services)
  • Re: [redhat] Re: Remote Desktop/Firewall
    ... On May 2, 2004 07:54 pm, Frank Reichenbacher wrote: ... > It's always port 65535. ... > remote machine and then answered, but the firewall isn't allowing the ... Aside from this RDP service, can you confirm the firewall is correctly passing ...
    (RedHat)
  • Re: RDP Probleme - kein Zugriff ???
    ... Bitte teste mal von einen PC oder anderen Server diesen Befehl, ... ist der Port in der Firewall geschlossen, ... RDP Port offen sein. ... muss mann nun die Firewall einstellung uebrpruefen. ...
    (microsoft.public.de.german.windows.server.active_directory)
  • Re: RDC Cannot connect from home
    ... is the rdp only works when firewall is disabled? ... At the hours when you cannot RDP to SBS from home, ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)