Date: Tue, 22 Jul 2008 23:14:28 -0400 From: Steve Bertrand <steve@ibctech.ca> To: Paul Schmehl <pschmehl_lists_nada@tx.rr.com> Cc: User Questions <freebsd-questions@freebsd.org> Subject: Re: connecting to a secured Windows 2003 terminal server Message-ID: <4886A214.3080102@ibctech.ca> In-Reply-To: <CD60A1D35A43AC937836374A@Macintosh.local> References: <48867D4A.2050605@vfemail.net> <8efc42630807221817x873729dg9f4dc18c56865f48@mail.gmail.com> <AF16F9669027C41267243CA3@Macintosh.local> <48869178.60808@ibctech.ca> <CD60A1D35A43AC937836374A@Macintosh.local>
next in thread | previous in thread | raw e-mail | index | archive | help
Paul Schmehl wrote: > > Umm..no. In Windows-land, Terminal Services == rdp (port 3389 TCP) but > a terminal *server* is used specifically to allow mutliple (as in more > than the default limit of two) concurrent sessions and requires the > purchase of additional licenses. Now, *maybe* the OP really meant > terminal *services* but he wrote "secured Windows 2003 terminal > *server*", and that is a different animal altogether. Ok, fair enough. I was hasty in reading the OP's original post. >> Failing that, see if there is a 'feature' to drop back to non-SSL mode >> for RDP for the time being, to at least get the FBSD boxen to 'see' the >> service. Troubleshooting can commence from there. >> > If you like sending your credentials across the internet in clear text, > be my guest. I wouldn't suggest to the OP that he ask his enterprise to > expose themselves to that level of risk. I'll rephrase... if there is the possibility to adding a temporary, non-privileged user to the enterprise network that you are currently testing that only has specific rights to authenticate via Terminal Server and no rights otherwise whatsoever, then I would try that. Commencing the test, I would immediately remove the user account. Otherwise, I would configure a separate Windows 2k3 box, exactly the same as the one that was upgraded, and test the scenario in a closed, less-sensitive environment. The logs should provide guidance to the cause of the problem. I'm more familiar with FreeBSD, so I would start there. However, perhaps the Windows logging system has something to offer. I would still try nmap and telnet, and the other tests. Especially given the fact that OP never specified that he would be sending credentials over a public network at all. Besides... in the original post, it was clarified that the old server did NOT have any encryption whatsoever. Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4886A214.3080102>