Using SSL Certificate for TSAC on NLB Windows 2003 Terminal Server

TheMSsForum.com: The Microsoft Software Forum

We have 2-load balanced Terminal Severs on our Intranet called TERMSRV1 and
TERMSRV2. We want to enable SSL on both for employee access via the Internet.
The Intranet NLB Cluster Name is TERMSRV and the FQDN on the Internet is
TERMSRV. We redirect HTTP requests for TERMSRV from the Internet to the
Intranet FQDN/NLB Cluster name TERMSRV via redirection using ISA2004 and can
do the same for HTTPS.

Would the certificates for both TERMSRV1 IIS and TERMSRV2 IIS be unique to
each server's FQDN or the NLB FQDN CLuster Name?

Thanks,
scott


--
Scott
Top

RE: Using SSL Certificate for TSAC on NLB Windows 2003 Terminal Server by SOFULLER

SOFULLER
Tue Mar 28 15:31:06 CST 2006

The solution in our case was to create a certificate using Windows 2003 CA,
install the certificate on IIS (Changed default web site SSL port from 443 to
444) on the ISA2004.
Reconfigure the Firewall redirect rule to use HTTPS/SSL only and reference
the certificate created. This provides Secure TSAC Internet access to the
ISA2004 and then the traffic is redirected HTTP to the Terminal Server
cluster as it was before.
--
Scott


"SOFULLER" wrote:

> We have 2-load balanced Terminal Severs on our Intranet called TERMSRV1 and
> TERMSRV2. We want to enable SSL on both for employee access via the Internet.
> The Intranet NLB Cluster Name is TERMSRV and the FQDN on the Internet is
> TERMSRV. We redirect HTTP requests for TERMSRV from the Internet to the
> Intranet FQDN/NLB Cluster name TERMSRV via redirection using ISA2004 and can
> do the same for HTTPS.
>
> Would the certificates for both TERMSRV1 IIS and TERMSRV2 IIS be unique to
> each server's FQDN or the NLB FQDN CLuster Name?
>
> Thanks,
> scott
>
>
> --
> Scott
Top

Re: Using SSL Certificate for TSAC on NLB Windows 2003 Terminal Server by Brian

Brian
Wed Mar 29 06:54:32 CST 2006

In article <7AD70E8F-FC09-4B8E-92B9-123CE2F8B1CB@microsoft.com>,
SOFULLER@discussions.microsoft.com says...
> We have 2-load balanced Terminal Severs on our Intranet called TERMSRV1 and
> TERMSRV2. We want to enable SSL on both for employee access via the Internet.
> The Intranet NLB Cluster Name is TERMSRV and the FQDN on the Internet is
> TERMSRV. We redirect HTTP requests for TERMSRV from the Internet to the
> Intranet FQDN/NLB Cluster name TERMSRV via redirection using ISA2004 and can
> do the same for HTTPS.
>
> Would the certificates for both TERMSRV1 IIS and TERMSRV2 IIS be unique to
> each server's FQDN or the NLB FQDN CLuster Name?
>
> Thanks,
> scott
>
>
>
The certificates must contain the name used by the user to connect to
the server, so it would be termsrv.domain.com (not just termsrv)
Brian
Top