JSI Tip 9214. How do I configure a Windows Server 2003 terminal server to use TLS for server authentication?

Jerold Schulman

March 30, 2005

2 Min Read
ITPro Today logo in a gray background | ITPro Today

Microsoft Knowledge Base Article 895433 contains the following summary and introduction:

SUMMARY

You can connect to a remote computer that is running Microsoft Windows Terminal Services by using a Remote Desktop Protocol connection. This kind of connection provides encryption for the data that is sent between the terminal server and the client computer. However, this kind of connection does not provide authentication for the terminal server. You may want to make sure that your terminal server is correctly authenticated before you connect to it. To do this, configure your terminal server to use Transport Layer Security (TLS) to authenticate the terminal server and to encrypt the data that is sent between the terminal server and the client computer.

To configure a TLS connection, you must configure both the terminal server and the client computer. To configure the terminal server, you must perform both the following steps:

You must install a valid certificate on the terminal server.

You must configure the authentication settings by using the Terminal Services Configuration tool.

To configure the client computer, you must perform both the following steps:

You must configure the client computer to trust the root Certification Authority that issued the terminal server's certificate.

You must configure the authentication settings for the remote connection by using the Remote Desktop Connection program or by modifying the registry.

INTRODUCTION

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

If you use the Remote Desktop Protocol (RDP) to connect to a terminal server, RDP provides data encryption but it does not provide authentication. Therefore, you cannot verify the identity of the terminal server. You can use Microsoft Windows Server 2003 Service Pack 1 (SP1) together with Transport Layer Security (TLS) version 1.0 to help increase terminal server security by using TLS for server authentication and to encrypt terminal server communications.

This article describes how to configure Windows Server 2003 SP1 to use TLS 1.0 for server authentication to encrypt terminal server communications.



Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like