HiI'm using RDP over SSL to connect from a client to a server.On the client I can choose one of three options for the secure conn.1. Connect and don't warn me 2. Warn me3. Do not connectIf I choose option 1 I don't get a padlock and it seems that I connect without SSL.Now, how can I enforce SSL on the server without using a gateway or GPO? I don't want clients to be able to connect without SSL.

on the server? in the Terminal Services Configuration go to properties of the RDP protocol and change the Negotiate to SSL.one point - if you are using the 2008 TS server, then the SSL is not necessary, because you have mutual authentication anyway.ondrej.

2008 TS sounds interesting. Will check it out.However, in this particular case there's a 2003 TS that is set to use SSL.My question is what happens if I one a client choose the alternative "Connect and don't warn me"??Will I still use SSL or is comm in clear?

if you have set the server to require SSL, the client will use SSL even with the certificate errors. The only thing that will not work even if the don't warn me is used, is when the CRL is not accessible. In that case, you will not be able to connect regardles the client setting.ondrej.

What version of RDC you're using? RDC 6.0 can use RDP security layer (not SSL) even if TS is configured with SSL.[http://www.sysadmins.lv] As always enjoy the automation of tools within the Windows-based, .NET aware, WPF accessible, multi-processes on the same IP / Port usage, admin's automation tool, powershell.exe! Flowering Weeds

RDC 6.0 can use RDP security layer (not SSL) even if TS is configured with SSL. Please ellaborate (we're using Vista clients i.e. RDC 6.0 and connect to a W2k3srv).

... if not REQUIRED on the server side.ondrej.

When RDC 6.0 was released I found this issue that this option allow non-SSL connections to server. I've used Win2k3 servers that are configured with SSL. Using client version 5.2 I was unable to connect to server with No authenticate option. However I was able to create unsecured communications using client 6.0. This is described here:http://support.microsoft.com/kb/925876/en-usactually it uses unsecured communications. I don't remember if this bug was solved in RDC 6.1 (you need to check this). In RDC 7.0 this issue is fixed.[http://www.sysadmins.lv] As always enjoy the automation of tools within the Windows-based, .NET aware, WPF accessible, multi-processes on the same IP / Port usage, admin's automation tool, powershell.exe! Flowering Weeds

I am sorry, but there is nothing about the bug as I tried to find it, would you please be more specific?o.

Now I haven't this link where this issue was described more specific as "feature by design". However you can beleive me. Here is another similar issue:http://www.petri.co.il/forums/archive/index.php/t-13364.html[http://www.sysadmins.lv] As always enjoy the automation of tools within the Windows-based, .NET aware, WPF accessible, multi-processes on the same IP / Port usage, admin's automation tool, powershell.exe! Flowering Weeds

I am going to test it both with 6.0 and 6.1 client. will come back with the results.o.

I want to advice to test it with 5.2 and 7.0 clients.[http://www.sysadmins.lv] As always enjoy the automation of tools within the Windows-based, .NET aware, WPF accessible, multi-processes on the same IP / Port usage, admin's automation tool, powershell.exe! Flowering Weeds

whow, this increases the combinations significantly :-) will try my best :-)o.

As I have tested this issue doesn't apply to 5.2 and 7.0 cleints.[http://www.sysadmins.lv] As always enjoy the automation of tools within the Windows-based, .NET aware, WPF accessible, multi-processes on the same IP / Port usage, admin's automation tool, powershell.exe! Flowering Weeds

Thanks for helping out. However, you got me confused.Ondrej, u said:"RDC 6.0 can use RDP security layer (not SSL) even if TS is configured with SSL...if not REQUIRED on the server side."I thought that when u configure SSL on TS server that this meant it was required to connect with RDP from a client.But I read your response that I can configure SSL on the TS server but still use RDP Security when connecting with a client.Please help.Vadims, what u mean is that there's a bug in RDC6.0 which allows a client to connect to a TS server without SSL even though this is configured on the server?The KB doesn't give any further info.

I know, this KB article doesn't describe this issue. There was another link where this behaviour was described as "feature by design" and now I can't find it.[http://www.sysadmins.lv] As always enjoy the automation of tools within the Windows-based, .NET aware, WPF accessible, multi-processes on the same IP / Port usage, admin's automation tool, powershell.exe! Flowering Weeds

Plz try to find the article.I'm refreshing this thread once every 5 minutes. ;-)

I'm sorry, looks like this page is removed. As far as I remember this was a FAQ page after RDC 6.0 was released. [http://www.sysadmins.lv] As always enjoy the automation of tools within the Windows-based, .NET aware, WPF accessible, multi-processes on the same IP / Port usage, admin's automation tool, powershell.exe! © Flowering Weeds