Using signed rdp files without RemoteApp configuration entries withrdc 6.1

[Guest Vinz Focker]

Hi,

 

I think we've found a bug in the RDC 6.1 client but read on ...

 

We've successfully deployed xp sp3 in our remote locations and

switched to TS Gateway instead of the previous VPN solution.

 

On our Windows 2008 Server we've only enabled the TS Gateway Terminal

Services Role Service. And via that TS Gateway our users connect to

their individual virtualized XP Professional Desktops.

 

Now with the new RDC 6.1 (installed by xp sp3) we have the issue that

a warning message appears when launching the .rdp files: "The

publisher of this remote connection cannot be identified ..."

 

Allright .. wtf .. well ... RDC 6.1 now supports signed rdp files

which is basically a great thing because it decreases the threat of

maliciously modifications.

 

So I was glad to read in the Technet TS RemoteApp Step-by-Step Guide

that I can use the same SSL certificate which we use for the TS

Gateway connections for signing the rdp files.

 

I've used the rdpsign.exe console utility to append the signature to

the rdp file. The signing process works. If I alter eg the rdp port or

server name in the signed rdp file mstsc complains that the file is

currupt - that's what excpected.

 

Now the only remaining problem is that RDC 6.1 client refuses to

connect with signed rdp files if these files are missing the

remoteapplicationxxxxxx settings - e.g.:

remoteapplicationname:s:Calculator

remoteapplicationcmdline:s

remoteapplicationmode:i:1

remoteapplicationprogram:s:||calc

 

We don't use TS RemoteApps because we just connect to xp pro via TS

Gateway and so those lines of course may not be present in the rdp

files which are to be signed!

 

And the rdp files are valid because if I remove the signature

everything works - except the user frightening unknown publisher

warning dialog.

 

So obviously the newest rdc (we've mstsc.exe file version

6.0.6001.18000) does not support signed rdp files unless these contain

TS RemoteApps configuration entries.

 

This behaviour is not documented and therefore I assume it is a bug.

And it does not make sense to not support signed rdp files that have

full desktop session configurations instead of a single remote app ...

 

Do we have to go back to RDC 6.0 without the support for signed rdp

files (this setup works) or am I doing something completely wrong ?

 

Any hints very much appreciated !

 

Cheers,

Vinz