 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Windows 2000 / Security / August 2005Remote Desktop Connection does not encrypt with ipsec
Hi, I would like to encrypt the rdc connection for terminal services with an ipsec connection to make it more secure. I have set up a Policy on the terminal server (request security) with an ip filter my ip adress -> to any tcp -> port 3389 to any and the rule is mirrored. It uses Kerberos Authentication. The server is only a terminal server (Windows 2000) and not a domain controller. I have configured the client (WIn XP) with the client respond only security policy. When I am connecting from the client to the server ipsecmon shows no encryption at all. For testing i have configured the policy on the server that all traffic should be encypted and it works fine. What went wrong in my configuration? regards Hello, Based on my test and experience, Your configuration steps are correct. So regarding this, please send me a scree shot to show the status on your ipsecmon. To take a screen shot: --------------------- 1) Press the Pr Scrn key once on the keyboard when the error message appears. 2) Click Start, go to Run, enter MSPAINT in the open dialog box, and then Click OK. 3) Use Ctrl + V to paste the screenshot to the canvas. 4) From the File menu, go to Save and save it as a JPG file. 5) Send the JPG file to me as an attachment. My mailbox: v-xuwen@microsoft.com To verify on the earch whether the data is encrypted, I suggest you use netmon to trace the data. Network Monitor: ======================= 1. To obtain a time-bombed version of Network Monitor, visit the following Microsoft Web site: ftp://ftp.microsoft.com/PSS/Tools/NetMon/NETMON2.ZIP 2. Download the netmon2.zip file. The password for that zip is "trace" (no quotation marks). 3. Run the qfesetup.exe file to install Network Monitor on HSMain. Please send me the capture data. And don't forget the source MAC and Desc MAC. Best regards, Vincent Xu Microsoft Online Partner Support Get Secure! - www.microsoft.com/security -------------------- >>Thread-Topic: Remote Desktop Connection does not encrypt with ipsec >>thread-index: AcWpTYOvY/isMYd6QP+TWjhgfrKSZw== [quoted text clipped - 44 lines] >> >>regards HI, i found out that somebody promoted the server to a dc. I know that authentication traffic during login can`t be secured (with ipsec) but can i protect the rdc with the ruleset seen below?Or in another way? The client hangs when the ip filter (rdc) ist active during login. regards > Hello, > [quoted text clipped - 85 lines] > >> > >>regards Hi, I'm not sure about "protect the rdc with the ruleset seen below", if you mean RDC authentication and encryption, I have some information as below: Remote Desktop Protocol (RDP) provides data encryption, but it does not provide authentication to verify the identity of a terminal server. In Windows Server 2003 Service Pack 1 (SP1), you can enhance the security of Terminal Server by configuring Terminal Services connections to use Transport Layer Security (TLS) 1.0 for server authentication, and to encrypt terminal server communications. TLS is a standard protocol that is used to provide secure Web communications on the Internet or intranets. It enables clients to authenticate servers or, optionally, servers to authenticate clients. It also provides a secure channel by encrypting communications. More detailed information, please refer to following link: Configuring authentication and encryption <http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serv erHelp/a92d8eb9-f53d-4e86-ac9b-29fd6146977b.mspx> In addition, I think followig article also may helps. 275727 High Encryption on a Remote Desktop or Terminal Services Session Does http://support.microsoft.com/?id=275727 Best regards, Vincent Xu Microsoft Online Partner Support Get Secure! - www.microsoft.com/security -------------------- >>Thread-Topic: Remote Desktop Connection does not encrypt with ipsec >>thread-index: AcWpeTz7Nwql5vA2T5SzOcpxHLV1Aw== >>X-WBNR-Posting-Host: 212.79.172.242 >>From: "=?Utf-8?B?UmV4IEtyZW1lcg==?=" <rex@news.postalias> >>References: <B94A3101-08C1-41E9-9986-21095901FA75@microsoft.com> <lAL2vqWqFHA.3676@TK2MSFTNGXA01.phx.gbl> >>Subject: RE: Remote Desktop Connection does not encrypt with ipsec >>Date: Thu, 25 Aug 2005 06:31:02 -0700 [quoted text clipped - 116 lines] >>> >> >>> >>regards |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2010 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.