Password manager Pro RDP gateway doesn’t work

Having successfully configured the web portal to use SSL and a certificate issued by my internal CA infrastructure I thought I was home and dry with this product.

The very next issue was getting the RDP gateway working.  PMP uses a web portal sitting on port 7273 to provide an RDP and SSH client to the PMP user.  It’s a great idea but when I tried to use it the tab was closed immediately.  I say immediately what happens is you get a popup message box asking if it’s OK to shut the tab. It doesn’t matter what you click it won’t work.

On the password tab there is a hyperlink “Trouble Shoot Auto Logon Issues” click this and another browser ( with no URL bar ) opens and displays a certificate error.  Unfortunately you can;’t view the cert and the error doesn’t really tell you what the problem is.  THATS USEFUL MICROSOFT!

I used Chrome and that allowed me to see the certificate.  BOOM!  it’s self signed and that’s why it’s not working.

So why oh why doesn’t ManageEngine tell you how to configure the RDP gateway to use the same certificate as the web portal?

The fix ( provided by ManagedEngine by the way ) is to edit the wrapper.conf file in the <PMP Install Directory>conf folder.

(Make a copy first in case you mess this up of course)  You need to locate the following elements and change them to reflect the certificate.

wrapper.java.additional.21=-Djavax.net.ssl.keyStore=../conf/server.keystore  change server.keystore to your .pfx file created in my other post.

wrapper.java.additional.22=-Djavax.net.ssl.keyStorePassword=passtrix  and change passtrix to the password you used to secure the private key in the .pfx file.

wrapper.java.additional.23=-Djavax.net.ssl.keyStoreType=<keyType> change this to PKCS12

Restart PMP and it should all start working.  MAGIC!

Advertisements

Adding the Windows Security shortcut to a 2012 server start menu

MS appear to have removed the Windows Security Shortcut from an RDP session so if you want to press CTRL+ALT+DEL you are stuck.  OK so not entirely true and before I get loads of comments about the shortcut CTRL+ALT+END this only works on the first RDP connection, by that I mean we like to use a “jump server” which is a terminal server and then we RDP to another server from there.  Using CTRL+ALT+DEL is intercepted by your local PC, CTRL+ALT+END is intercepted by the 1st RDP session in line and not at the one you really wanted.

On windows 2003 and 2008 there was a menu item added in an RDP session, Windows Security.  When you clicked this is was the same as clicking ATLR+ALT+DEL.

You can add this menu item back using this process.

  1. Logon to a windows 2003 and create a shortcut for the Windows Security start menu item to the desktop
    shortcut1
  2.  Copy the shortcut to  “C:\ProgramData\Start Menu\programs\System Tools” on the 2012 server and rename it to “Windows Security.lnk”
    PersonalStartMenu
  3.  Go to start / Apps, search for the shortcut and right click “Windows Security” and “pin to start”
    pintostart
  4. Copy the file from your profile “C:\Users\<UserName>\AppData\Local\Microsoft\Windows\appsFolder.itemdata-ms” to “C:\Users\Default\AppData\Local\Microsoft\Windows\”
    copyfrom
    copyto
  5. Make the copied file read only in the default profile (important!!!)
    MakeReadonly

Any new user will then get the start screen as you saved it including the “Windows Security”