Terminal Services Gateway Server dropping its SSL Certificate Mapp

[Guest Tom Hundley]

I have installed Terminal Services Gateway on a Windows 2008 server. This

server is running my "grunt" services such as being the domain controller,

DNS, and is also running Certificate Services (configured as an Enterprise

CA). I am running ISA Server 2006 on another machine.

 

I had Gateway Services working great and then all off the sudden when I

connected to the Gateway Services Manager it immediately dropped the mapping

for the SSL certificate and broke the connections. Now, every time I map the

certificate it accepts the configuration but when I refresh on the server it

loses it's mapping, saying "xx is not yet fully configured as a TS Gateway

server...".

 

Can anyone help with this? I'm simply stumped. I don't see any useful

information in the event logs except for HTTPEvent Warnings ID 15300 and

15301 "SSL certificate settings deleted for port %internalIP%:443 and SSL

certificate settings created by an admin process for port %internalIP:443".

 

The cert that I'm using both for the Gateway Services mapping and the ISA

2006 listener meets the requirements with one exception- the subject doesn’t

resolve to the machine name. I do, however, have a cert that is the fully

qualified name of the server and I get the exact same behavior in the Gateway

Services Manager.

 

Thanks in advance for your assistance,

 

Tom Hundley

Elegant Software Solutions, LLC

[Guest Tom Hundley]

RE: Terminal Services Gateway Server dropping its SSL Certificate Mapp

 

Actually, I just found the solution. I missed an important clue in what I

did to break it.

 

I changed the IIS SSL bindings to bind the cert to one specific IP address

instead of the default "all unassigned". I changed this back and everything

works great. I can't imagine this is by design- it has to be a bug? oO

 

Reference thread in the forums:

 

http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3003413&SiteID=17&mode=1

[Guest dawho9]

Re: Terminal Services Gateway Server dropping its SSL CertificateMapp

 

Re: Terminal Services Gateway Server dropping its SSL CertificateMapp

 

On Mar 13, 7:40 pm, Tom Hundley <TomHund...@discussions.microsoft.com>

wrote:

> I have installed Terminal ServicesGatewayon a Windows 2008 server. This

> server is running my "grunt" services such as being the domain controller,

> DNS, and is also running Certificate Services (configured as an Enterprise

> CA). I am running ISA Server 2006 on another machine.

>

> I hadGatewayServices working great and then all off the sudden when I

> connected to theGatewayServices Manager it immediately dropped the mapping

> for the SSL certificate and broke the connections. Now, every time I map the

> certificate it accepts the configuration but when I refresh on the server it

> loses it's mapping, saying "xx is not yet fully configured as a TSGateway

> server...".

>

> Can anyone help with this? I'm simply stumped. I don't see any useful

> information in the event logs except for HTTPEvent Warnings ID 15300 and

> 15301 "SSL certificate settings deleted for port %internalIP%:443 and SSL

> certificate settings created by an admin process for port %internalIP:443".

>

> The cert that I'm using both for theGatewayServices mapping and the ISA

> 2006 listener meets the requirements with one exception- the subject doesn't

> resolve to the machine name. I do, however, have a cert that is the fully

> qualified name of the server and I get the exact same behavior in theGateway

> Services Manager.

>

> Thanks in advance for your assistance,

>

> Tom Hundley

> Elegant Software Solutions, LLC

 

Tom,

 

Did you ever get a solution to this problem? I am literally having

the same problem with nearly the same setup. I don't have the ISA

going on but a cert for TS Web Access works great but refreshes to

Gateway loses the cert I select each time.

 

Richard

[Guest dawho9]

Re: Terminal Services Gateway Server dropping its SSL CertificateMapp

 

Re: Terminal Services Gateway Server dropping its SSL CertificateMapp

 

On Mar 26, 1:50 pm, dawho9 <richard.brynte...@gmail.com> wrote:

> On Mar 13, 7:40 pm, Tom Hundley <TomHund...@discussions.microsoft.com>

> wrote:

>

>

>

> > I have installed Terminal ServicesGatewayon a Windows 2008 server. This

> > server is running my "grunt" services such as being the domain controller,

> > DNS, and is also running Certificate Services (configured as an Enterprise

> > CA). I am running ISA Server 2006 on another machine.

>

> > I hadGatewayServices working great and then all off the sudden when I

> > connected to theGatewayServices Manager it immediately dropped the mapping

> > for the SSL certificate and broke the connections. Now, every time I map the

> > certificate it accepts the configuration but when I refresh on the server it

> > loses it's mapping, saying "xx is not yet fully configured as a TSGateway

> > server...".

>

> > Can anyone help with this? I'm simply stumped. I don't see any useful

> > information in the event logs except for HTTPEvent Warnings ID 15300 and

> > 15301 "SSL certificate settings deleted for port %internalIP%:443 and SSL

> > certificate settings created by an admin process for port %internalIP:443".

>

> > The cert that I'm using both for theGatewayServices mapping and the ISA

> > 2006 listener meets the requirements with one exception- the subject doesn't

> > resolve to the machine name. I do, however, have a cert that is the fully

> > qualified name of the server and I get the exact same behavior in theGateway

> > Services Manager.

>

> > Thanks in advance for your assistance,

>

> > Tom Hundley

> > Elegant Software Solutions, LLC

>

> Tom,

>

> Did you ever get a solution to this problem? I am literally having

> the same problem with nearly the same setup. I don't have the ISA

> going on but a cert for TS Web Access works great but refreshes toGatewayloses the cert I select each time.

>

> Richard

 

Wow. Darn news reader didn't show Tom's solution. I can confirm this

worked for me as well! Change from IP to Any Address in IIS. For me

it was TS Web Access.

 

Thanks Tom,

 

Richard

[Guest Evolver]

RE: Terminal Services Gateway Server dropping its SSL Certificate

 

RE: Terminal Services Gateway Server dropping its SSL Certificate

 

Hi.. I have the same problem but i Have to use one Specific IP address, i

can't use the "All unassigned" because it is alredy in use by another SSL

certificate..

 

How can i bind the TS gateway to a specific IP number??

 

/Jonas

 

"Tom Hundley" wrote:

> Actually, I just found the solution. I missed an important clue in what I

> did to break it.

>

> I changed the IIS SSL bindings to bind the cert to one specific IP address

> instead of the default "all unassigned". I changed this back and everything

> works great. I can't imagine this is by design- it has to be a bug? oO

>

> Reference thread in the forums:

>

> http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3003413&SiteID=17&mode=1