There is an issue when attempting remote connections from Windows XP SP3 through SBS 2008 or SBS 2011 as both use a Remote Gateway implementation that requires a couple of updates. To succeed at reaching your remote office desktop from your home or offsite based XP desktop (not applicable to Vista or later OS) you need to install two things to make this work:
Here are the links:
· http://www.microsoft.com/download/en/details.aspx?id=20609 – XP RDP 7.0 client – doesn’t require restart
· http://support.microsoft.com/kb/951608 Microsoft FixIT – repairs Credential Security Support Provider (CredSSP) Service in XP – requires a restart
**ref** SBS 2011 release documentation which covers the second linked fix above and other possible remote connection issues:
- Let’s say you like keeping as much money as possible and only spending what is necessary.
- Let’s also say you like the idea of using an industry standard certificate that often has its Root and Intermediate certificates prepopulated in cell phones.
What Why Where?
- Why DYNDNS? …typically due to the business using a dynamic IP address
- they hold the DNS name servers for their entire namespace which is how your DNS records can get instantly updated across the globe when your IP addy changes
- …and you can have your ‘real’ domain name also registered and managed there using this same ‘instant-change’ DNS methodology
- The cert offered by DYNDNS is overpriced at $99/yr. Their other services are extremely price friendly so maybe this isn’t such a big deal. …but then again it’s money you can keep
- Go Daddy often has a Google Search keyword “security certificate” $12.99 SSL cert special. This is the same cert they (Go Daddy) normally charge $45 for. You can purchase from 1-5 years.
- your site: rubberduckies.dyndns.com
your DYNDNS WHOIS information
- it won’t be able to be seen by Go Daddy in order to send you the verification email
- Why? WHOIS queries only happen at the root domain level ….& the root domain DYNDNS.com isn’t owned by you
- The Administrative Contact for that WHOIS query is email@example.com which BTW isn’t you
DYNDNS Custom DNS
- Let’s imaging you also paid for a real domain name “rubberduckies4vr.com” with DYNDNS and associate it with your rubberduckies.dyndns.com zone
- It will have the same WHOIS information as above …and the same failed results for a SSL cert issuance validation step
- you can set up your SSL cert with either domain name – that won’t be covered in this post …assuming you understand and would most benefit of using the rubberduckies4vr.com name
SSL certificate issuance steps
- First step –generate a CSR (certificate signing request) – at your IIS server
- Buy a cert – you are really buying a credit which later can get ‘managed’ into a real certificate – at GoDaddy
- Manage the Certificate that is listed under your Go Daddy “My Products”
- Use the cert credit – involves entering the CSR by cut-n-paste from the text file on your PC to the Go Daddy GUI
- Cert goes to a state of ‘pending’
- Go Daddy sends a validation email to the Administrator Contact which requires reception and a reply to prove you actually are authorized from the domain – …but that isn’t you (see WHOIS above) and you don’t get that email
When that fails (see above reason if you have forgotten) you **can** request that Go Daddy send you a 7 digit code to create a TXT record for validation
- adding a DNS record into your domain proves you to be an authoritative person for the domain
- Go Daddy must be called before they email you this
- create the TXT record per their instructions
- you manage your DNS records at DYNDNS (required when using a dynamic IP/DNS account) and that is where this TXT record gets entered
With that TXT alternate validation method in place you return to the Go Daddy certificate management portal and click the link for “What’s holding this up?”
- you will see a window with a link to click to have Go Daddy use the TXT validation
Return to the cert portal and see if the cert has cleared all hurdles and is “issued”
If it isn’t you may have to wait for Go Daddy to manually review your site and request
- I phoned and politely requested that it be moved to the top of the list – and so it went upwards to the top
- took about an hour and your mileage may vary since there are a lot of unknown factors to a manual process …but it will get completed!
Download the certificate
A five year Go Daddy SSL cert just cost you $65. Of course you could have spent $495 with DYNDNS. Please send your grateful donation to me at your discretion. ;-D
Terminal Server Printer Redirection Wizard Tool
This tool will help resolve Terminal Server Printer Redirection errors by scanning the event log of a Terminal Server to create a custom mapping file for administrators.
Knowledge Base (KB) Articles:
The Terminal Server Printer Driver Redirection Wizard will help you troubleshoot and replace print drivers that were unsuccessfully redirected. This tool automates the process found in the Microsoft Knowledge Base article KB239088 entitled “Windows 2000 Terminal Services Server Logs Events 1111, 1105, and 1006”
This tool will scan a server’s System Event Log and detect all events with Event ID 1111 and Source ‘TermServDevices.’ The tool will then scan the server’s registry for installed Version 3 MINI drivers, and prompt you to substitute an installed Version 3 MINI driver for each of the printers that failed printer redirection. Any changes will be written to a file named NTPrintSubs.inf which is where custom redirected printer mappings are stored.
note that this tool will eventually ask for drivers for the printers it discovers weren’t properly redirected . So be prepared first to run it as a method to catalog what you need to go get and then re-run it to install whatever drivers you’ve gotten and uploaded to some local directory or network share in relation to the server
If you have ever found it annoying that when you use RWW with SBS 2003 that you end up with a lot of printers to choose from then this tip might be something you’ll also find awesome. How would you like it if the only printer that redirected was the one you normally print to, your default? No longer be cluttered with Adobe .pdf printers, One Note printers, Microsoft Document Imaging printers, fax printers, …etc.
Well there is a way to do it via the registry. The KB this comes from also referred to a hotfix; however, being that this KB is over 3 years old I’m assuming that the hotfix has been rolled up in an update or service pack by now. –
How to modify the registry to configure default printer redirection on a Terminal Services client
To configure default printer redirection on a Terminal Services client, add the RedirectDefaultPrinterOnly registry entry to the Windows registry. To do this, follow these steps:
- locate and then click the following registry subkey:
“HKLM\SOFTWARE\Microsoft\Terminal Server Client\Default\AddIns\RDPDR”
Note To configure default printer redirection for only the current user, locate and then click the following registry subkey instead:
HKCU\SOFTWARE\Microsoft\Terminal Server Client\Default\AddIns\RDPDR
- On the Edit menu (assuming the value below doesn’t yet exist), point to New, and then click DWORD Value.
- Type RedirectDefaultPrinterOnly, and then press ENTER.
- Double-click RedirectDefaultPrinterOnly, type 1 (on) in the Value data box, and then click OK.
Note Type 0 (off) in the Value data box to disable the registry entry. Setting the value data to 0 turns off default printer redirection.
– BTW while you are in the registry at that Subkey you might consider another addition. Another KB discussed issues regarding some printers that use a DOT4 printer port instead of a COM, USB, or LPT1 port. This key forces all ports to be filtered for redirection. I see no downside to doing this proactively even before a DOT4 printer is introduced – KB302361
add a DWORD value named FilterQueueType to “HKxx\Software\Microsoft\Terminal Server Client\Default\AddIns\RDPDR and set its value data to FFFFFFFF”.