V
Vinz Focker
Guest
Hi,
I think we've found a bug in the RDC 6.1 client but read on ...
We've successfully deployed xp sp3 in our remote locations and
switched to TS Gateway instead of the previous VPN solution.
On our Windows 2008 Server we've only enabled the TS Gateway Terminal
Services Role Service. And via that TS Gateway our users connect to
their individual virtualized XP Professional Desktops.
Now with the new RDC 6.1 (installed by xp sp3) we have the issue that
a warning message appears when launching the .rdp files: "The
publisher of this remote connection cannot be identified ..."
Allright .. wtf .. well ... RDC 6.1 now supports signed rdp files
which is basically a great thing because it decreases the threat of
maliciously modifications.
So I was glad to read in the Technet TS RemoteApp Step-by-Step Guide
that I can use the same SSL certificate which we use for the TS
Gateway connections for signing the rdp files.
I've used the rdpsign.exe console utility to append the signature to
the rdp file. The signing process works. If I alter eg the rdp port or
server name in the signed rdp file mstsc complains that the file is
currupt - that's what excpected.
Now the only remaining problem is that RDC 6.1 client refuses to
connect with signed rdp files if these files are missing the
remoteapplicationxxxxxx settings - e.g.:
remoteapplicationname:s:Calculator
remoteapplicationcmdline:s
remoteapplicationmode:i:1
remoteapplicationprogram:s:||calc
We don't use TS RemoteApps because we just connect to xp pro via TS
Gateway and so those lines of course may not be present in the rdp
files which are to be signed!
And the rdp files are valid because if I remove the signature
everything works - except the user frightening unknown publisher
warning dialog.
So obviously the newest rdc (we've mstsc.exe file version
6.0.6001.18000) does not support signed rdp files unless these contain
TS RemoteApps configuration entries.
This behaviour is not documented and therefore I assume it is a bug.
And it does not make sense to not support signed rdp files that have
full desktop session configurations instead of a single remote app ...
Do we have to go back to RDC 6.0 without the support for signed rdp
files (this setup works) or am I doing something completely wrong ?
Any hints very much appreciated !
Cheers,
Vinz
I think we've found a bug in the RDC 6.1 client but read on ...
We've successfully deployed xp sp3 in our remote locations and
switched to TS Gateway instead of the previous VPN solution.
On our Windows 2008 Server we've only enabled the TS Gateway Terminal
Services Role Service. And via that TS Gateway our users connect to
their individual virtualized XP Professional Desktops.
Now with the new RDC 6.1 (installed by xp sp3) we have the issue that
a warning message appears when launching the .rdp files: "The
publisher of this remote connection cannot be identified ..."
Allright .. wtf .. well ... RDC 6.1 now supports signed rdp files
which is basically a great thing because it decreases the threat of
maliciously modifications.
So I was glad to read in the Technet TS RemoteApp Step-by-Step Guide
that I can use the same SSL certificate which we use for the TS
Gateway connections for signing the rdp files.
I've used the rdpsign.exe console utility to append the signature to
the rdp file. The signing process works. If I alter eg the rdp port or
server name in the signed rdp file mstsc complains that the file is
currupt - that's what excpected.
Now the only remaining problem is that RDC 6.1 client refuses to
connect with signed rdp files if these files are missing the
remoteapplicationxxxxxx settings - e.g.:
remoteapplicationname:s:Calculator
remoteapplicationcmdline:s
remoteapplicationmode:i:1
remoteapplicationprogram:s:||calc
We don't use TS RemoteApps because we just connect to xp pro via TS
Gateway and so those lines of course may not be present in the rdp
files which are to be signed!
And the rdp files are valid because if I remove the signature
everything works - except the user frightening unknown publisher
warning dialog.
So obviously the newest rdc (we've mstsc.exe file version
6.0.6001.18000) does not support signed rdp files unless these contain
TS RemoteApps configuration entries.
This behaviour is not documented and therefore I assume it is a bug.
And it does not make sense to not support signed rdp files that have
full desktop session configurations instead of a single remote app ...
Do we have to go back to RDC 6.0 without the support for signed rdp
files (this setup works) or am I doing something completely wrong ?
Any hints very much appreciated !
Cheers,
Vinz