Re: [Fwd: Re: connecting to a secured Windows 2003 terminal server]

[Gerard]

On Sat, 02 Aug 2008 00:06:46 +
FreeBSD <[EMAIL PROTECTED]> wrote:

>I am posting this question again since so far I have not been able to 
>find any solution. But I do believe there is one -- which I cannot
>find and hopefully someone will be able to share her/his effective
>solution with me.

If you cannot get an answer here, you might try the Microsoft site.

http://technet.microsoft.com/en-us/windowsserver/bb430837.aspx

From time to time I have gotten some useful information there myself.

-- 
Gerard
[EMAIL PROTECTED]

Romeo wasn't bilked in a day.

Walt Kelly, "Ten Ever-Lovin' Blue-Eyed Years With Pogo"


signature.asc
Description: PGP signature

[Fwd: Re: connecting to a secured Windows 2003 terminal server]

[FreeBSD]

Dear List members

I am posting this question again since so far I have not been able to 
find any solution. But I do believe there is one -- which I cannot find 
and hopefully someone will be able to share her/his effective solution 
with me.


Thanks

--- Begin Message ---

   Hello, is 3389 filtered in any way between you and that server?
   On Tue, Jul 22, 2008 at 8:37 PM, FreeBSD <[EMAIL PROTECTED]>
   wrote:

 Dear folks
 my sincere apologies if this has been discussed earlier, which I
 seriously doubt, since even after googling for nearly five days I
 couldn't find any solution.
 Recently my company has updated their server to Windows 2003. The
 earlier 2000 server didn't have SSL enabled, so rdp/rdesktop worked
 for me without any problem. But now, as I try to connect to the
 server, it simply gives me
 ERROR: recv: Connection reset by peer
 I know for a fact that the server is working fine, since all IE and
 remote desktop softwares are working (they have to install the
 certificate at the beginning, once). But how can I connect from my
 freebsd box?
 any pointers/links sujjestions are highly welcome.
 Thanks.
 ___
 [EMAIL PROTECTED] mailing list
 [3]http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to
 "[EMAIL PROTECTED]"

   --
   regards,
   dg
   "using fsdb(8) and clri(8) was like climbing Mount Everest in sandals
   and shorts.
   Since writing that, I've tried them more than once and discovered that
   I was wrong.
   You don't get the shorts." -- M.W. Lucas

References

   1. mailto:[EMAIL PROTECTED]
   2. mailto:freebsd-questions@freebsd.org
   3. http://lists.freebsd.org/mailman/listinfo/freebsd-questions
   4. mailto:[EMAIL PROTECTED]
--- End Message ---
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: connecting to a secured Windows 2003 terminal server

[darko]

What ver. of rdesktop are you running? Are you running the latest?

sorry, I don't know enough about MS encryption or their TS services to
suggest any advanced rdesktop tweaks. Wonder if you can run rdesktop in
verbose mode and look at any logs it spews out.




On Thu, Jul 24, 2008 at 5:40 PM, FreeBSD <[EMAIL PROTECTED]> wrote:

>  Dear Darko
>
> Thanks for your mail.
>
> To answer your question, no, we are on the same network and from my machine
> everything is open. Also, I tried it from my home, which has the basic
> firewall allowing me to connect to whereever I want (I tried it with no
> firewall as well), nothing worked.
>
> Since my office lan can connect to the secured TServer using IE and other
> client from windows, and both my office lan and home can connect to the
> non-SSL TServer using rdesktop, I am suspecting I might be needing different
> client.
>
> any other pointers / links welcome
>
> Thanks
>
>
>
> darko gavrilovic wrote:
>
> Hello, is 3389 filtered in any way between you and that server?
>
>
> On Tue, Jul 22, 2008 at 8:37 PM, FreeBSD <[EMAIL PROTECTED]> wrote:
>
>> Dear folks
>>
>> my sincere apologies if this has been discussed earlier, which I seriously
>> doubt, since even after googling for nearly five days I couldn't find any
>> solution.
>>
>> Recently my company has updated their server to Windows 2003. The earlier
>> 2000 server didn't have SSL enabled, so rdp/rdesktop worked for me without
>> any problem. But now, as I try to connect to the server, it simply gives me
>> ERROR: recv: Connection reset by peer
>>
>> I know for a fact that the server is working fine, since all IE and remote
>> desktop softwares are working (they have to install the certificate at the
>> beginning, once). But how can I connect from my freebsd box?
>>
>> any pointers/links sujjestions are highly welcome.
>>
>> Thanks.
>> ___
>> freebsd-questions@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "
>> [EMAIL PROTECTED]"
>>
>
>
>
> --
> regards,
> dg
>
> "using fsdb(8) and clri(8) was like climbing Mount Everest in sandals and
> shorts.
> Since writing that, I've tried them more than once and discovered that I
> was wrong.
> You don't get the shorts." -- M.W. Lucas
>
>
>


-- 
regards,
dg

"..but the more you use clever tricks, the less support you'll get ..." --
M.W.Lucas
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

RE: connecting to a secured Windows 2003 terminal server

[Tamouh H.]

 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of FreeBSD
> Sent: July 24, 2008 5:41 PM
> To: darko gavrilovic
> Cc: User Questions
> Subject: Re: connecting to a secured Windows 2003 terminal server
> 
> Dear Darko
> 
> Thanks for your mail.
> 
> To answer your question, no, we are on the same network and 
> from my machine everything is open. Also, I tried it from my 
> home, which has the basic firewall allowing me to connect to 
> whereever I want (I tried it with no firewall as well), 
> nothing worked.
> 
> Since my office lan can connect to the secured TServer using 
> IE and other client from windows, and both my office lan and 
> home can connect to the non-SSL TServer using rdesktop, I am 
> suspecting I might be needing different client.
> 
> any other pointers / links welcome
> 
> Thanks
> 
> 
> darko gavrilovic wrote:
> > Hello, is 3389 filtered in any way between you and that server?
> >
> >
> > On Tue, Jul 22, 2008 at 8:37 PM, FreeBSD <[EMAIL PROTECTED] 
> > <mailto:[EMAIL PROTECTED]>> wrote:
> >
> > Dear folks
> >
> > my sincere apologies if this has been discussed earlier, which I
> > seriously doubt, since even after googling for nearly 
> five days I
> > couldn't find any solution.
> >
> > Recently my company has updated their server to Windows 
> 2003. The
> > earlier 2000 server didn't have SSL enabled, so rdp/rdesktop
> > worked for me without any problem. But now, as I try to 
> connect to
> > the server, it simply gives me
> > ERROR: recv: Connection reset by peer
> >
> > I know for a fact that the server is working fine, since all IE
> > and remote desktop softwares are working (they have to 
> install the
> > certificate at the beginning, once). But how can I 
> connect from my
> > freebsd box?
> >
> > any pointers/links sujjestions are highly welcome.
> >
> > Thanks.
> > ___
> > freebsd-questions@freebsd.org
> > <mailto:freebsd-questions@freebsd.org> mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> > "[EMAIL PROTECTED]
> > <mailto:[EMAIL PROTECTED]>"
> >
> >
> >
> >
> > --
> > regards,
> > dg
> >
> > "using fsdb(8) and clri(8) was like climbing Mount Everest 
> in sandals 
> > and shorts.
> > Since writing that, I've tried them more than once and 
> discovered that 
> > I was wrong.
> > You don't get the shorts." -- M.W. Lucas
> 
> ___
> freebsd-questions@freebsd.org mailing list 
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "[EMAIL PROTECTED]"
> 

So I take it the encryption level on the TS server is set to High and you're 
using a certificate, or is it just the security level is set to High ?

Which RDP version the server is running? I know there was a recent update by 
MSFT for RDP connections, but I don't know if this fixes the problem or not. 
Also, what version of rdpdesktop are you running?

Tamouh


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: connecting to a secured Windows 2003 terminal server

[FreeBSD]

Dear Darko

Thanks for your mail.

To answer your question, no, we are on the same network and from my 
machine everything is open. Also, I tried it from my home, which has the 
basic firewall allowing me to connect to whereever I want (I tried it 
with no firewall as well), nothing worked.


Since my office lan can connect to the secured TServer using IE and 
other client from windows, and both my office lan and home can connect 
to the non-SSL TServer using rdesktop, I am suspecting I might be 
needing different client.


any other pointers / links welcome

Thanks


darko gavrilovic wrote:

Hello, is 3389 filtered in any way between you and that server?


On Tue, Jul 22, 2008 at 8:37 PM, FreeBSD <[EMAIL PROTECTED] 
> wrote:


Dear folks

my sincere apologies if this has been discussed earlier, which I
seriously doubt, since even after googling for nearly five days I
couldn't find any solution.

Recently my company has updated their server to Windows 2003. The
earlier 2000 server didn't have SSL enabled, so rdp/rdesktop
worked for me without any problem. But now, as I try to connect to
the server, it simply gives me
ERROR: recv: Connection reset by peer

I know for a fact that the server is working fine, since all IE
and remote desktop softwares are working (they have to install the
certificate at the beginning, once). But how can I connect from my
freebsd box?

any pointers/links sujjestions are highly welcome.

Thanks.
___
freebsd-questions@freebsd.org
 mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]
"




--
regards,
dg

"using fsdb(8) and clri(8) was like climbing Mount Everest in sandals 
and shorts.
Since writing that, I've tried them more than once and discovered that 
I was wrong.

You don't get the shorts." -- M.W. Lucas


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: connecting to a secured Windows 2003 terminal server

[Steve Bertrand]

Wojciech Puchar wrote:
doubt, since even after googling for nearly five days I couldn't find 
any solution.


Recently my company has updated their server to Windows 2003. The 
earlier 2000 server didn't have SSL enabled, so rdp/rdesktop worked 
for me without any problem. But now, as I try to connect to the 
server, it simply gives me

ERROR: recv: Connection reset by peer


why such questions are on FreeBSD list ?

rdp/rdesktop is not FreeBSD specific at all, and FreeBSD is not Windows.

search the rdesktop mailing list etc. and ask there!


Did you even consider the possibility that the OP is connecting to a 
terminal/rdp server from a FreeBSD workstation?


I know I've done it numerous times in the past. I think that if this is 
the case, its very FreeBSD related.


Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: connecting to a secured Windows 2003 terminal server

[Wojciech Puchar]

doubt, since even after googling for nearly five days I couldn't find any 
solution.


Recently my company has updated their server to Windows 2003. The earlier 
2000 server didn't have SSL enabled, so rdp/rdesktop worked for me without 
any problem. But now, as I try to connect to the server, it simply gives me

ERROR: recv: Connection reset by peer


why such questions are on FreeBSD list ?

rdp/rdesktop is not FreeBSD specific at all, and FreeBSD is not Windows.

search the rdesktop mailing list etc. and ask there!
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: connecting to a secured Windows 2003 terminal server

[Paul Schmehl]

--On July 22, 2008 11:21:48 PM -0400 Steve Bertrand <[EMAIL PROTECTED]> 
wrote:



Paul Schmehl wrote:


To the OP - here's what I get when testing from a FreeBSD box to one of
our servers:

[EMAIL PROTECTED] telnet hostname.utdallas.edu 3389



Connection closed by foreign host.


Does your server have SSL enabled? The OP stated that prior to upgrade,
the box did NOT have SSL enabled.



RDP has three types of encryption capability: RDP (native), Negotiate and 
SSL.  The default is RDP, which uses RSA keys.  To setup SSL you also have 
to setup TLS and exchange certs.  The OP *may* have that setup.  I don't 
recall.  Ours use the native RDP encryption layer with RSA keys and are 
set to "Client compatible", which means they will use the highest key 
strength possible - either 56 bits or 128 bits.  I think most, if not all, 
of our clients use 128 bits, but I haven't verified that.


Paul Schmehl
If it isn't already obvious,
my opinions are my own and not
those of my employer.

Re: connecting to a secured Windows 2003 terminal server

[Steve Bertrand]

Paul Schmehl wrote:

To the OP - here's what I get when testing from a FreeBSD box to one of 
our servers:


[EMAIL PROTECTED] telnet hostname.utdallas.edu 3389



Connection closed by foreign host.


Does your server have SSL enabled? The OP stated that prior to upgrade, 
the box did NOT have SSL enabled.


The access denied message you 
cited appears to be a firewall or acl issue that prevents the server 
from accepting connections from your FreeBSD box.


Perhaps from a Service Pack whereas Microsoft could have enabled it's 
inbound 'firewall', thinking it was appropriate.


# nmap -sS -P0 -p 3389 ip_of_rdp_server

Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: connecting to a secured Windows 2003 terminal server

[Steve Bertrand]

Paul Schmehl wrote:



Umm..no.  In Windows-land, Terminal Services == rdp (port 3389 TCP) but 
a terminal *server* is used specifically to allow mutliple (as in more 
than the default limit of two) concurrent sessions and requires the 
purchase of additional licenses.  Now, *maybe* the OP really meant 
terminal *services* but he wrote "secured Windows 2003 terminal 
*server*", and that is a different animal altogether.


Ok, fair enough. I was hasty in reading the OP's original post.


Failing that, see if there is a 'feature' to drop back to non-SSL mode
for RDP for the time being, to at least get the FBSD boxen to 'see' the
service. Troubleshooting can commence from there.

If you like sending your credentials across the internet in clear text, 
be my guest.  I wouldn't suggest to the OP that he ask his enterprise to 
expose themselves to that level of risk.


I'll rephrase... if there is the possibility to adding a temporary, 
non-privileged user to the enterprise network that you are currently 
testing that only has specific rights to authenticate via Terminal 
Server and no rights otherwise whatsoever, then I would try that.


Commencing the test, I would immediately remove the user account.

Otherwise, I would configure a separate Windows 2k3 box, exactly the 
same as the one that was upgraded, and test the scenario in a closed, 
less-sensitive environment.


The logs should provide guidance to the cause of the problem. I'm more 
familiar with FreeBSD, so I would start there. However, perhaps the 
Windows logging system has something to offer.


I would still try nmap and telnet, and the other tests.

Especially given the fact that OP never specified that he would be 
sending credentials over a public network at all.


Besides... in the original post, it was clarified that the old server 
did NOT have any encryption whatsoever.


Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: connecting to a secured Windows 2003 terminal server

[Paul Schmehl]

--On July 22, 2008 9:26:27 PM -0500 Paul Schmehl 
<[EMAIL PROTECTED]> wrote:



--On July 22, 2008 10:03:36 PM -0400 Steve Bertrand <[EMAIL PROTECTED]>
wrote:


Umm..it's a terminal server


...ummm, in Windows-land, Terminal Services == rdp (port 3389 TCP).



Umm..no.  In Windows-land, Terminal Services == rdp (port 3389 TCP) but
a terminal *server* is used specifically to allow mutliple (as in more
than the default limit of two) concurrent sessions and requires the
purchase of additional licenses.  Now, *maybe* the OP really meant
terminal *services* but he wrote "secured Windows 2003 terminal
*server*", and that is a different animal altogether.



To the OP - here's what I get when testing from a FreeBSD box to one of 
our servers:


[EMAIL PROTECTED] telnet hostname.utdallas.edu 3389
Trying 10.110.21.80...
Connected to hostname.utdallas.edu.
Escape character is '^]'.
test
^C
login test
Connection closed by foreign host.

So, if a connection closed message is what you get, it appears to be a 
timeout after a failure to authenticate.  The access denied message you 
cited appears to be a firewall or acl issue that prevents the server from 
accepting connections from your FreeBSD box.


BTW, I use rdesktop routinely to rdp to various Windows 2003 servers, but 
I haven't tested it against a terminal server.  I'll try that and let you 
know what I find.


Paul Schmehl
If it isn't already obvious,
my opinions are my own and not
those of my employer.

Re: connecting to a secured Windows 2003 terminal server

[Paul Schmehl]

--On July 22, 2008 10:03:36 PM -0400 Steve Bertrand <[EMAIL PROTECTED]> 
wrote:


Umm..it's a terminal server


...ummm, in Windows-land, Terminal Services == rdp (port 3389 TCP).



Umm..no.  In Windows-land, Terminal Services == rdp (port 3389 TCP) but a 
terminal *server* is used specifically to allow mutliple (as in more than 
the default limit of two) concurrent sessions and requires the purchase of 
additional licenses.  Now, *maybe* the OP really meant terminal *services* 
but he wrote "secured Windows 2003 terminal *server*", and that is a 
different animal altogether.



To the OP:

If NMap is installed on the FBSD box, try:

# nmap -sS -P0 -p 3389 ip_of_rdp_box

..if the port appears open, try:

# telnet ip_of_rdp_box 3389

...and see what you get.

If you see nothing, refer to the logs of the 2k3 server (Event Viewer I
believe it is called).

Failing that, see if there is a 'feature' to drop back to non-SSL mode
for RDP for the time being, to at least get the FBSD boxen to 'see' the
service. Troubleshooting can commence from there.



If you like sending your credentials across the internet in clear text, be 
my guest.  I wouldn't suggest to the OP that he ask his enterprise to 
expose themselves to that level of risk.


Paul Schmehl
If it isn't already obvious,
my opinions are my own and not
those of my employer.

Re: connecting to a secured Windows 2003 terminal server

[Steve Bertrand]

Paul Schmehl wrote:
--On July 22, 2008 9:17:45 PM -0400 Simon Chang <[EMAIL PROTECTED]> 
wrote:



Recently my company has updated their server to Windows 2003. The
earlier 2000 server didn't have SSL enabled, so rdp/rdesktop worked for
me without any problem. But now, as I try to connect to the server, it
simply gives me ERROR: recv: Connection reset by peer



Did you make sure that the server has remote administration enabled?
I believe that, by default, Win2k3 Servers have RDP disabled.  Check
with your admins about that.



Umm..it's a terminal server


...ummm, in Windows-land, Terminal Services == rdp (port 3389 TCP).

To the OP:

If NMap is installed on the FBSD box, try:

# nmap -sS -P0 -p 3389 ip_of_rdp_box

..if the port appears open, try:

# telnet ip_of_rdp_box 3389

...and see what you get.

If you see nothing, refer to the logs of the 2k3 server (Event Viewer I 
believe it is called).


Failing that, see if there is a 'feature' to drop back to non-SSL mode 
for RDP for the time being, to at least get the FBSD boxen to 'see' the 
service. Troubleshooting can commence from there.


Steve
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: connecting to a secured Windows 2003 terminal server

[Paul Schmehl]

--On July 22, 2008 9:17:45 PM -0400 Simon Chang <[EMAIL PROTECTED]> 
wrote:



Recently my company has updated their server to Windows 2003. The
earlier 2000 server didn't have SSL enabled, so rdp/rdesktop worked for
me without any problem. But now, as I try to connect to the server, it
simply gives me ERROR: recv: Connection reset by peer



Did you make sure that the server has remote administration enabled?
I believe that, by default, Win2k3 Servers have RDP disabled.  Check
with your admins about that.



Umm..it's a terminal server

Paul Schmehl
If it isn't already obvious,
my opinions are my own and not
those of my employer.

Re: connecting to a secured Windows 2003 terminal server

[darko gavrilovic]

what happens when you type this?

# openssl s_client -connect :3389

you should get a response of "CONNECTED" or something to that effect.

you might have to change the 3389 if you have rdp listening on another port.




On Tue, Jul 22, 2008 at 9:17 PM, Simon Chang <[EMAIL PROTECTED]> wrote:

> > Recently my company has updated their server to Windows 2003. The earlier
> > 2000 server didn't have SSL enabled, so rdp/rdesktop worked for me
> without
> > any problem. But now, as I try to connect to the server, it simply gives
> me
> > ERROR: recv: Connection reset by peer
> >
>
> Did you make sure that the server has remote administration enabled?
> I believe that, by default, Win2k3 Servers have RDP disabled.  Check
> with your admins about that.
>
> SC
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> [EMAIL PROTECTED]"
>



-- 
regards,
dg

"using fsdb(8) and clri(8) was like climbing Mount Everest in sandals and
shorts.
Since writing that, I've tried them more than once and discovered that I was
wrong.
You don't get the shorts." -- M.W. Lucas
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: connecting to a secured Windows 2003 terminal server

[Simon Chang]

> Recently my company has updated their server to Windows 2003. The earlier
> 2000 server didn't have SSL enabled, so rdp/rdesktop worked for me without
> any problem. But now, as I try to connect to the server, it simply gives me
> ERROR: recv: Connection reset by peer
>

Did you make sure that the server has remote administration enabled?
I believe that, by default, Win2k3 Servers have RDP disabled.  Check
with your admins about that.

SC
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

connecting to a secured Windows 2003 terminal server

[FreeBSD]

Dear folks

my sincere apologies if this has been discussed earlier, which I 
seriously doubt, since even after googling for nearly five days I 
couldn't find any solution.


Recently my company has updated their server to Windows 2003. The 
earlier 2000 server didn't have SSL enabled, so rdp/rdesktop worked for 
me without any problem. But now, as I try to connect to the server, it 
simply gives me

ERROR: recv: Connection reset by peer

I know for a fact that the server is working fine, since all IE and 
remote desktop softwares are working (they have to install the 
certificate at the beginning, once). But how can I connect from my 
freebsd box?


any pointers/links sujjestions are highly welcome.

Thanks.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"