Microsoft Remote Server Administration Tools enables IT administrators to remotely manage roles and features in Windows Server 2008 from a computer that is running. Configuring Windows Server 2. Remote Access SSL VPN Server (Part 3)If you missed the previous parts in this article series please read: In the first two parts of this series on how to create an SSL VPN server on Windows Server 2. VPN networking and then dived into the configuration of the server. At this point we are ready to finish things up by performing some small configuration changes in the Active Directory and on the CA Web site. After making these changes, we will focus on the VPN client configuration and finish up by establishing the SSL VPN connection. Configure the User Account to Allow Dial- up Connections. User accounts need permission for dial- up access before they can connect to a Windows VPN server that is a member of an Active Directory domain. Remote connection to office : While away from the office for a business trip or for other reasons, remote desktop connection and access to your work PC via the. If you missed the previous parts in this article series please read: Configuring Windows Server 2008 as a Remote Access SSL VPN Server (Part 1). How to get remote desktop on windows 10 home Edition? Windows 10 home rdp enable? Has windows 10 home support remote desktop? Windows 10 home remote desktop server? 254 Responses to “Use the Remote Shutdown Tool to Shutdown, Restart, or Logoff a Local or Networked Computer” Subscribe to this guide's comments RSS feed.The best way to do this is to use a Network Policy Server (NPS) and use the default user account permission which is to allow remote access based on NPS policy. However, we did not install an NPS server in this scenario, so we will have to manually configure the user’s dial- in permission. I will write a future article on how you can use an NPS server and EAP User Certificate authentication to establish the SSL VPN server connection. Perform the following steps to enable dial- in permission on the user account that you want to connect to the SSL VPN server. In this example we will enable dial- in access for the default domain administrator account: At the domain controller, open the Active Directory Users and Computers console from the Administrative Tools menu. In the left pane of the console, expand the domain name and click on the Users node. Double click on the Administratoraccount. Click on the Dial- in tab. The default setting is Control access through NPS Network Policy. Since we do not have an NPS server in this scenario, we will change the setting to Allow access, as seen in the figure below. Click OK. Figure 1. Configure IIS on the Certificate Server to Allow HTTP Connections for the CRL Directory. For some reason, when the installation wizard installs the Certificate Services Web site, it configures the CRL directory to require an SSL connection. While this seems like a good idea from a security point of view, the problem is that the URI on the certificate is not configured to use SSL. I suppose you could create a custom CDP entry for the certificate so that it uses SSL, but you can bet dollars to donuts that Microsoft has not documented this problem anywhere. Since we are using the default settings for the CDP in this article, we need to turn off the SSL requirement on the CA’s Web site for the CRL directory path. Perform the following steps to disable the SSL requirement for the CRL directory: From the Administrative Tools menu, open the Internet Information Services (IIS) Manager. In the left pane of the IIS console, expand the server name and then expand the Sites node. Expand the Default Web Site node and click on the Cert. Enroll node, as seen in the figure below. Figure 2. If you look in the middle pane of the console, you will see that the CRL is located in this virtual directory, as seen in the figure below. In order to see the content of this virtual directory, you will need to click on the Content View button at the bottom of the middle pane. Figure 3. Click on the Features View button on the bottom of the middle pane. At the bottom of the middle pane, double click the SSL Settings icon. Figure 4. The SSL Settings page appears in the middle pane. Remove the checkmark from the Require SSL checkbox. Click the Apply link in the right pane of the console. Figure 5. Close the IIS console after you see the The changes have been successfully saved Alert. Figure 6. Configure the HOSTS File on the VPN Client. Now we can move our attention to the VPN client. The first thing we need to do on the client is configure the HOSTS file so that we can simulate a public DNS infrastructure. There are two names that we need to enter into the HOSTS file (and the same is true for the public DNS server that you would use in a production environment). The first name is the name of the VPN server, as defined by the common/subject name on the certificate that we have bound to the SSL VPN server. The second name we need to enter into the HOSTS file (and the public DNS server) is the CDP URL, which is found on the certificate. We saw the location of the CDP information in part 2 of this series. The two names we will need to enter into the HOSTS file in this example are: 1. Perform the following steps on the Vista SP1 VPN client to configure the HOSTS file: Click the Start button and enter c: \windows\system. ENTER. In the Open With dialog box, double click on Notepad. Enter the HOSTS file entries using the format as seen in the figure below. Make sure that you press enter after the last line so that the cursor appears under the last line. Figure 7. Close the file and choose the save option when asked. Use PPTP to Connect to the VPN Server. We are getting closer to creating an SSL VPN connection! The next step is to create a VPN connectoid on the Vista SP1 client that will allow us to make an initial VPN connection to the VPN server. We need to do this in our current scenario because the client computer is not a domain member. Since the machine is not a domain member, it will not have the CA certificate automatically installed in its Trusted Root Certificate Authorities machine certificate store. If the machine were a domain member, autoenrollment would have taken care of that problem for us, since we have installed an Enterprise CA. The easiest way to do this is to create a PPTP connection from the Vista SP1 VPN client to the Windows Server 2. VPN server. By default, the VPN server will support PPTP connections and the client will try PPTP first before trying L2. TP/IPSec and SSTP. To do this, we need to create a VPN connectoid or connection object. Perform the following steps on the VPN client to create the connectoid: On the VPN client, right click the network icon in the tray and click the Network and Sharing Center. In the Network Sharing Center window, click the Set up a connection or network link on the left side of the window. On the Choose a connection option page, click on the Connect to a workplace entry and click Next. Figure 8. On the How do you want to connect page, select the Use my Internet connection (VPN) entry. Figure 9. On the Type the Internet address to connect to page, enter the name of the SSL VPN server. Make sure that this is the same name as the common name on the certificate used by the SSL VPN server. In this example, the name is sstp. Enter a Destination Name. In this example we will name the destination SSL VPN. Click Next. Figure 1. On the Type your user name and password page, enter the User name, Password and Domain. Click Connect. Figure 1. Click Close on the You are connected page. Figure 1. 2On the Select a location for the “SSL VPN” network page, select the Work option. Figure 1. 3Click Continue on the UAC prompt. Click Close on the Successfully set network settings page. Figure 1. 4In the Network and Sharing Center, click on the View status link in the SSL VPN section, as seen in the figure below. You will see in the SSL VPN Status dialog box that the VPN connection type is PPTP. Click Close in the SSL VPN Status dialog box. Figure 1. 5Open a command prompt and ping the domain controller. In this example, the IP address of the domain controller is 1. If your VPN connection is successful, you will receive a ping reply from the domain controller. Figure 1. 6Obtain a CA Certificate from the Enterprise CAThe SSL VPN client needs to trust the CA that issued the certificate used by the VPN server. In order to establish this trust, we need to install the CA certificate of the CA that issued the VPN server’s certificate. We can do this by connecting to the Web enrollment site on the CA on the internal network and installing the certificate in the VPN client’s Trusted Root Certification Authorities certificate store. Perform the following steps to obtain the certificate from the Web enrollment site: On the VPN client that is connected to the VPN server over a PPTP link, enter http: //1. Internet Explorer and press ENTER. Enter a user name and password that is valid in the credentials dialog box. In this example we will use the default domain administrator account’s username and password. On the Welcome page of the Web enrollment site, click the Download a CA certificate, certificate chain, or CRL link. Figure 1. 7Click Allow in the dialog box warning you that A website wants to open web content using this program on your computer. Then click Close on the Did you notice the Information bar dialog box if it appears. Figure 1. 8Note that the Information bar informs you that the Web site might not work correctly, since the Active. X control is blocked. This should not be a problem, as we will be downloading the CA certificate and using the Certificates MMC to install the certificate. Click the Download CA certificate link. Figure 1. 9In the File Download – Security Warning dialog box, click the Save button. Save the certificate to the Desktop. Figure 2. 0Click Close in the Download complete dialog box. Close Internet Explorer. Now we need to install the CA certificate into the VPN client machine’s Trusted Root Certification Authorities Certificate Store. Perform the following steps to install the certificate: Click Start and then enter mmc in the Search box. Press ENTER. Click Continue in the UAC dialog box. In the Console. 1 window, click the File menu and then click Add/Remove Snap- in. In the Add or Remove Snap- ins dialog box, click the Certificates entry in the Available snap- ins list and then click Add. On the Certificates snap- in page, select the Computer account option and click Finish. On the Select Computer page, select the Local computer option and click Finish. Click OK in the Add or Remove Snap- ins dialog box. Remote Desktop Connection - Blank desktop. Okay, I also had the same problem and this is what I did to solve it.. I would assume the people that had the problem are running similar systems as I have..
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |