RDPSign - Signing RemoteApps

[Guest Kristin L. Griffin]

I have signed an RDP file with RDPSign. However, this seems alot of trouble

to go through just to sign an RDP fileI and I dont see what i have gained

over using RemoteApp Manager to sign RDP files. I have to have a certificate

in order to get the thumbprint anyway. Is this because remoteApp Manager

will not recognize uniquely created certs with unique EKU?

 

What are the circumstances when using RDPSign would be prudent?

 

Thanks!

[Guest Rob Leitman [MS]]

Re: RDPSign - Signing RemoteApps

 

They both do the same thing. If you have a large number of RDP files to

sign, you can script RDPSign, instead of using RemoteApp Manager one-by-one.

 

Also, if your RDP files didn't come from RemoteApp Manager, RDPSign would be

used.

 

Rob

 

"Kristin L. Griffin" <KristinLGriffin@discussions.microsoft.com> wrote in

message news:A032AE32-A933-45F4-9D31-73A0D117957A@microsoft.com...

>I have signed an RDP file with RDPSign. However, this seems alot of

>trouble

> to go through just to sign an RDP fileI and I dont see what i have gained

> over using RemoteApp Manager to sign RDP files. I have to have a

> certificate

> in order to get the thumbprint anyway. Is this because remoteApp Manager

> will not recognize uniquely created certs with unique EKU?

>

> What are the circumstances when using RDPSign would be prudent?

>

> Thanks!

[Guest Vinz Focker]

Re: RDPSign - Signing RemoteApps

 

rdpsign.exe in windows 2008 is currently broken and produces corrupt

rdp files.

 

 

On 19 Mai, 23:00, "Rob Leitman [MS]" <robl...@online.microsoft.com>

wrote:

> They both do the same thing. If you have a large number of RDP files to

> sign, you can script RDPSign, instead of using RemoteApp Manager one-by-one.

>

> Also, if your RDP files didn't come from RemoteApp Manager, RDPSign would be

> used.

>

> Rob

>

> "Kristin L. Griffin" <KristinLGrif...@discussions.microsoft.com> wrote in

> messagenews:A032AE32-A933-45F4-9D31-73A0D117957A@microsoft.com...

>

> >I have signed an RDP file with RDPSign. However, this seems alot of

> >trouble

> > to go through just to sign an RDP fileI and I dont see what i have gained

> > over using RemoteApp Manager to sign RDP files. I have to have a

> > certificate

> > in order to get the thumbprint anyway. Is this because remoteApp Manager

> > will not recognize uniquely created certs with unique EKU?

>

> > What are the circumstances when using RDPSign would be prudent?

>

> > Thanks!

[Guest Rob Leitman [MS]]

Re: RDPSign - Signing RemoteApps

 

Could you elaborate on that? Why do you say they're corrupt?

 

Rob

 

"Vinz Focker" <vinz.focker@gmail.com> wrote in message

news:271208a8-236e-4308-b53d-fe576625db6b@e39g2000hsf.googlegroups.com...

> rdpsign.exe in windows 2008 is currently broken and produces corrupt

> rdp files.

>

>

> On 19 Mai, 23:00, "Rob Leitman [MS]" <robl...@online.microsoft.com>

> wrote:

>> They both do the same thing. If you have a large number of RDP files to

>> sign, you can script RDPSign, instead of using RemoteApp Manager

>> one-by-one.

>>

>> Also, if your RDP files didn't come from RemoteApp Manager, RDPSign would

>> be

>> used.

>>

>> Rob

>>

>> "Kristin L. Griffin" <KristinLGrif...@discussions.microsoft.com> wrote in

>> messagenews:A032AE32-A933-45F4-9D31-73A0D117957A@microsoft.com...

>>

>> >I have signed an RDP file with RDPSign. However, this seems alot of

>> >trouble

>> > to go through just to sign an RDP fileI and I dont see what i have

>> > gained

>> > over using RemoteApp Manager to sign RDP files. I have to have a

>> > certificate

>> > in order to get the thumbprint anyway. Is this because remoteApp

>> > Manager

>> > will not recognize uniquely created certs with unique EKU?

>>

>> > What are the circumstances when using RDPSign would be prudent?

>>

>> > Thanks!

>

[Guest Vinz Focker]

Re: RDPSign - Signing RemoteApps

 

Because it is true ;)

 

Step 1: open mstsc.exe, configure some settings and save as test1.rdp

file

Step 2: sign it with rdpsign /sha1 sha1hashofsignercertificate

test1.rdp

Step 3: run mstsc test1.rdp

Result: mstsc will just open the GUI but not initialize the connection

Step 4: run notepad test1.rdp and just save as test2.rdp without

changing anything

Step 5: run mstsc test2.rdp

Result: mstsc will be happy this time

 

Meanwhile (since posting this) I already got +5 independent

confirmations of this bug from other w2k8 users/admins !

 

If you diff test1.rdp and test2.rdp you'll see that rdpsign.exe

obviously forgot to write the 2 byte "unicode header" (0xFF,0xFE).

 

I wonder how this tool made it through QA !?

 

I've tried to report this bug to Microsoft but made the experience

that there is now way to report bugs to Microsoft.

I was offered to pay >USD30 for a support call ... no thanks.

 

I wrote my own rdp signing tool now based on openssl which works just

perfectly and integrates well in our linux hosted web portal which

creates the rdp files dynamically.

 

However I'd be happy for other users if this information provided here

results in a fixed rdpsign.exe in one of the future updates.

 

 

Cheers,

 

Vinz.

 

 

 

 

 

 

 

 

On 4 Jun., 22:01, "Rob Leitman [MS]" <robl...@online.microsoft.com>

wrote:

> Could you elaborate on that? Why do you say they're corrupt?

>

> Rob

>

> "Vinz Focker" <vinz.foc...@gmail.com> wrote in message

>

> news:271208a8-236e-4308-b53d-fe576625db6b@e39g2000hsf.googlegroups.com...

>

> > rdpsign.exe in windows 2008 is currently broken and produces corrupt

> > rdp files.

>

> > On 19 Mai, 23:00, "Rob Leitman [MS]" <robl...@online.microsoft.com>

> > wrote:

> >> They both do the same thing. If you have a large number of RDP files to

> >> sign, you can script RDPSign, instead of using RemoteApp Manager

> >> one-by-one.

>

> >> Also, if your RDP files didn't come from RemoteApp Manager, RDPSign would

> >> be

> >> used.

>

> >> Rob

>

> >> "Kristin L. Griffin" <KristinLGrif...@discussions.microsoft.com> wrote in

> >> messagenews:A032AE32-A933-45F4-9D31-73A0D117957A@microsoft.com...

>

> >> >I have signed an RDP file with RDPSign. However, this seems alot of

> >> >trouble

> >> > to go through just to sign an RDP fileI and I dont see what i have

> >> > gained

> >> > over using RemoteApp Manager to sign RDP files. I have to have a

> >> > certificate

> >> > in order to get the thumbprint anyway. Is this because remoteApp

> >> > Manager

> >> > will not recognize uniquely created certs with unique EKU?

>

> >> > What are the circumstances when using RDPSign would be prudent?

>

> >> > Thanks!