From owner-freebsd-questions@FreeBSD.ORG Wed Jul 23 03:14:13 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 83ED21065680 for ; Wed, 23 Jul 2008 03:14:13 +0000 (UTC) (envelope-from steve@ibctech.ca) Received: from ibctech.ca (v6.ibctech.ca [IPv6:2607:f118::b6]) by mx1.freebsd.org (Postfix) with SMTP id 409CD8FC1D for ; Wed, 23 Jul 2008 03:14:13 +0000 (UTC) (envelope-from steve@ibctech.ca) Received: (qmail 44155 invoked by uid 89); 23 Jul 2008 03:18:20 -0000 Received: from unknown (HELO ?192.168.30.114?) (steve@ibctech.ca@::ffff:208.70.104.100) by ::ffff:208.70.104.210 with ESMTPA; 23 Jul 2008 03:18:20 -0000 Message-ID: <4886A214.3080102@ibctech.ca> Date: Tue, 22 Jul 2008 23:14:28 -0400 From: Steve Bertrand User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) MIME-Version: 1.0 To: Paul Schmehl References: <48867D4A.2050605@vfemail.net> <8efc42630807221817x873729dg9f4dc18c56865f48@mail.gmail.com> <48869178.60808@ibctech.ca> In-Reply-To: X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: User Questions Subject: Re: connecting to a secured Windows 2003 terminal server X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jul 2008 03:14:13 -0000 Paul Schmehl wrote: > > Umm..no. In Windows-land, Terminal Services == rdp (port 3389 TCP) but > a terminal *server* is used specifically to allow mutliple (as in more > than the default limit of two) concurrent sessions and requires the > purchase of additional licenses. Now, *maybe* the OP really meant > terminal *services* but he wrote "secured Windows 2003 terminal > *server*", and that is a different animal altogether. Ok, fair enough. I was hasty in reading the OP's original post. >> Failing that, see if there is a 'feature' to drop back to non-SSL mode >> for RDP for the time being, to at least get the FBSD boxen to 'see' the >> service. Troubleshooting can commence from there. >> > If you like sending your credentials across the internet in clear text, > be my guest. I wouldn't suggest to the OP that he ask his enterprise to > expose themselves to that level of risk. I'll rephrase... if there is the possibility to adding a temporary, non-privileged user to the enterprise network that you are currently testing that only has specific rights to authenticate via Terminal Server and no rights otherwise whatsoever, then I would try that. Commencing the test, I would immediately remove the user account. Otherwise, I would configure a separate Windows 2k3 box, exactly the same as the one that was upgraded, and test the scenario in a closed, less-sensitive environment. The logs should provide guidance to the cause of the problem. I'm more familiar with FreeBSD, so I would start there. However, perhaps the Windows logging system has something to offer. I would still try nmap and telnet, and the other tests. Especially given the fact that OP never specified that he would be sending credentials over a public network at all. Besides... in the original post, it was clarified that the old server did NOT have any encryption whatsoever. Steve