Re: TS Gateway configuration/issues with non-domain membership


What is the error coming when the clients are trying to connect ?
If TSG is deployed in workgroup mode, you cannot use domain accounts to
authenticate or authorize users.

Thanks,
Kaustubh

"Alex Borleis" wrote:

Hi Kaustubh,

thanks for your reply!
Yes - it seems that the network service (the service account for the TS
Gateway) has no access to the private key. When I use a different
account to run the TS gateway service and use the same account to import
the certificate, the error won't appear.
But the clients are still not able to connect to TS gateway - Microsoft
says, the TS gateway has to be a domain member
/http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/27c39b63-9e4d-4c30-ab24-aabde8ae93af)

But this is not the same information as in
http://technet.microsoft.com/en-us/library/cc754010(WS.10).aspx

I'm not sure, which information is correct...

Greetings,
Alex

Kaus wrote:
Hi Alex,
The error no "2148081675" is :
2148081675 CRYPT_E_NO_KEY_PROPERTY: The certificate doesn't have a private
key property

Are you sure that the certificate installed on the gateway had a
corresponding private key (pfx file format) . If yes, can you please try
installing the certificate on the gateway once more and see if the problem
still persists.

Thanks,
Kaustubh


"Alex Borleis" wrote:

One more point - it works pretty good with a self-signed certificate...
but it does not worked if I choose the certifate from the AD integrated PKI.
If I choose that certifcate, a critical event occurs (ID 103): The
Terminal Services Gateway service does not have sufficient permissions
to access the Secure Sockets Layer (SSL) certificate that is required to
accept connections. To resolve this issue, bind (map) a valid SSL
certificate by using TS Gateway Manager. For more information, see
"Obtain a certificate for the TS Gateway server" in the TS Gateway Help.
The following error occurred: "2148081675".

I checked the read permission for the network service. Seemed to be ok...

Greetings,
Alex!


.

Relevant Pages

  • Re: TS Gateway configuration/issues with non-domain membership
    ... Yes - it seems that the network service has no access to the private key. ... When I use a different account to run the TS gateway service and use the same account to import the certificate, ...
    (microsoft.public.windows.terminal_services)
  • Re: IIS 6 Directory Services Mapping ACL Problems
    ... It would appear that you can not delegate Certificate based credentials. ... IIS does not have the user's password, so it can't just logon to the remote ... file server as the user directly. ... Lastly - if you want to see what account is being used to access the remote ...
    (microsoft.public.inetserver.iis.security)
  • Re: How do I deal with "Password Synchronization is not supported"
    ... It just means that you need to select a local account (an account local to ... You can not allocate an SSL Certificate to a single folder. ... and then click Default Web Site. ... In the Anonymous User Account dialog box, ...
    (microsoft.public.inetserver.iis.security)
  • Re: Protecting Directories
    ... If you do, then only your account, and an optionally ... If you select to use EFS, then you should be certain that you ... For this your machine needs a smart card ... an issueing authority for the certificate on the card. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: X509 digital certificate for offline solution
    ... > license blind signatures at that time (great that the patent expired now ... giving the person's current account balance (at the time the ...
    (microsoft.public.dotnet.security)
Loading