Terminal Services Gateway Server dropping its SSL Certificate Mapp

  • Thread starter Thread starter Tom Hundley
  • Start date Start date
T

Tom Hundley

Guest
I have installed Terminal Services Gateway on a Windows 2008 server. This
server is running my "grunt" services such as being the domain controller,
DNS, and is also running Certificate Services (configured as an Enterprise
CA). I am running ISA Server 2006 on another machine.

I had Gateway Services working great and then all off the sudden when I
connected to the Gateway Services Manager it immediately dropped the mapping
for the SSL certificate and broke the connections. Now, every time I map the
certificate it accepts the configuration but when I refresh on the server it
loses it's mapping, saying "xx is not yet fully configured as a TS Gateway
server...".

Can anyone help with this? I'm simply stumped. I don't see any useful
information in the event logs except for HTTPEvent Warnings ID 15300 and
15301 "SSL certificate settings deleted for port %internalIP%:443 and SSL
certificate settings created by an admin process for port %internalIP:443".

The cert that I'm using both for the Gateway Services mapping and the ISA
2006 listener meets the requirements with one exception- the subject doesn’t
resolve to the machine name. I do, however, have a cert that is the fully
qualified name of the server and I get the exact same behavior in the Gateway
Services Manager.

Thanks in advance for your assistance,

Tom Hundley
Elegant Software Solutions, LLC
 
RE: Terminal Services Gateway Server dropping its SSL Certificate Mapp

Actually, I just found the solution. I missed an important clue in what I
did to break it.

I changed the IIS SSL bindings to bind the cert to one specific IP address
instead of the default "all unassigned". I changed this back and everything
works great. I can't imagine this is by design- it has to be a bug? oO

Reference thread in the forums:

http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3003413&SiteID=17&mode=1
 
Re: Terminal Services Gateway Server dropping its SSL CertificateMapp

Re: Terminal Services Gateway Server dropping its SSL CertificateMapp

On Mar 13, 7:40 pm, Tom Hundley <TomHund...@discussions.microsoft.com>
wrote:
> I have installed Terminal ServicesGatewayon a Windows 2008 server. This
> server is running my "grunt" services such as being the domain controller,
> DNS, and is also running Certificate Services (configured as an Enterprise
> CA). I am running ISA Server 2006 on another machine.
>
> I hadGatewayServices working great and then all off the sudden when I
> connected to theGatewayServices Manager it immediately dropped the mapping
> for the SSL certificate and broke the connections. Now, every time I map the
> certificate it accepts the configuration but when I refresh on the server it
> loses it's mapping, saying "xx is not yet fully configured as a TSGateway
> server...".
>
> Can anyone help with this? I'm simply stumped. I don't see any useful
> information in the event logs except for HTTPEvent Warnings ID 15300 and
> 15301 "SSL certificate settings deleted for port %internalIP%:443 and SSL
> certificate settings created by an admin process for port %internalIP:443".
>
> The cert that I'm using both for theGatewayServices mapping and the ISA
> 2006 listener meets the requirements with one exception- the subject doesn't
> resolve to the machine name. I do, however, have a cert that is the fully
> qualified name of the server and I get the exact same behavior in theGateway
> Services Manager.
>
> Thanks in advance for your assistance,
>
> Tom Hundley
> Elegant Software Solutions, LLC

Tom,

Did you ever get a solution to this problem? I am literally having
the same problem with nearly the same setup. I don't have the ISA
going on but a cert for TS Web Access works great but refreshes to
Gateway loses the cert I select each time.

Richard
 
Re: Terminal Services Gateway Server dropping its SSL CertificateMapp

Re: Terminal Services Gateway Server dropping its SSL CertificateMapp

On Mar 26, 1:50 pm, dawho9 <richard.brynte...@gmail.com> wrote:
> On Mar 13, 7:40 pm, Tom Hundley <TomHund...@discussions.microsoft.com>
> wrote:
>
>
>
> > I have installed Terminal ServicesGatewayon a Windows 2008 server. This
> > server is running my "grunt" services such as being the domain controller,
> > DNS, and is also running Certificate Services (configured as an Enterprise
> > CA). I am running ISA Server 2006 on another machine.
>
> > I hadGatewayServices working great and then all off the sudden when I
> > connected to theGatewayServices Manager it immediately dropped the mapping
> > for the SSL certificate and broke the connections. Now, every time I map the
> > certificate it accepts the configuration but when I refresh on the server it
> > loses it's mapping, saying "xx is not yet fully configured as a TSGateway
> > server...".
>
> > Can anyone help with this? I'm simply stumped. I don't see any useful
> > information in the event logs except for HTTPEvent Warnings ID 15300 and
> > 15301 "SSL certificate settings deleted for port %internalIP%:443 and SSL
> > certificate settings created by an admin process for port %internalIP:443".
>
> > The cert that I'm using both for theGatewayServices mapping and the ISA
> > 2006 listener meets the requirements with one exception- the subject doesn't
> > resolve to the machine name. I do, however, have a cert that is the fully
> > qualified name of the server and I get the exact same behavior in theGateway
> > Services Manager.
>
> > Thanks in advance for your assistance,
>
> > Tom Hundley
> > Elegant Software Solutions, LLC
>
> Tom,
>
> Did you ever get a solution to this problem? I am literally having
> the same problem with nearly the same setup. I don't have the ISA
> going on but a cert for TS Web Access works great but refreshes toGatewayloses the cert I select each time.
>
> Richard

Wow. Darn news reader didn't show Tom's solution. I can confirm this
worked for me as well! Change from IP to Any Address in IIS. For me
it was TS Web Access.

Thanks Tom,

Richard
 
RE: Terminal Services Gateway Server dropping its SSL Certificate

RE: Terminal Services Gateway Server dropping its SSL Certificate

Hi.. I have the same problem but i Have to use one Specific IP address, i
can't use the "All unassigned" because it is alredy in use by another SSL
certificate..

How can i bind the TS gateway to a specific IP number??

/Jonas

"Tom Hundley" wrote:

> Actually, I just found the solution. I missed an important clue in what I
> did to break it.
>
> I changed the IIS SSL bindings to bind the cert to one specific IP address
> instead of the default "all unassigned". I changed this back and everything
> works great. I can't imagine this is by design- it has to be a bug? oO
>
> Reference thread in the forums:
>
> http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3003413&SiteID=17&mode=1
 
Back
Top