Windows Server 2003 Certificate group policy enrollment vs. 2008 R2 Cerfificate Group Policy Enrollment

I have a project to move from the standard 40bit encryption that comes with the Windows Remote Desktop Protocol to 128-bit. I have an internal CA and have published a Remote Desktop Computer template that I created following a Microsoft article. The issue is that when I set the group policy to use the certificate, my 2003 servers don't pick up the certificate automatically on a group policy refresh, or even after a reboot. The 2008 Servers work just fine.

Note: I am going to the RDP-tcp connection settings and looking at properties. The 2008 server certificate location says "Group Policy based Certificate". No such thing occurs on 2003 server. I have to manually go and request the certificate through the certificate console in a 2003 server to get the certificate installed. And even after that, when I go and try to select the certificate in the RDP-tcp connection properties, it doesn't show up.

Any ideas on how to make this work through group policy for 2003 server? I am in a native mode 2008 R2 AD Forest. This is a 2048 bit key and domain computers have been given access to "read" and "enroll" on the template.

2003 RDP-tcp properties with no cert assigned



Between the time I posted this and doing some more research, I noticed that the group policy certificate setting in group policy to pushed to 2008 is only supported in "vista" and above. I don't see a group policy setting in 2003 for this. I wonder if this is still possible via some other method? If I have to do this manually on all of my 2003 servers, I wonder how to make the manually installed certificate show up to be able to choose it?



Between the time I posted this and doing some more research, I noticed that the group policy certificate setting in group policy to pushed to 2008 is only supported in "vista" and above. I don't see a group policy setting in 2003 for this. I wonder if this is still possible via some other method? If I have to do this manually on all of my 2003 servers, I wonder how to make the manually installed certificate show up to be able to choose it?



End of support for S2K3 is in 8 months I'd not spend the time with this task and be more concerned with updating the servers.



Yes, I know. I just figured the template situation out. That was the problem. We will have our servers gone by July of next year. I just need a way to get this done in the interim.



No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:Accept: ClintWeldon (http:#40438753)

If you feel this question should be closed differently, post an objection and a moderator will read all objections and then close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer



This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Share this

Related Posts

There was an error in this gadget