RDG RPC 401 falha ao não ingressar no modo de domínio de trabalho do AD

1

Uma instalação personalizada do Windows Server 2008R1 e seguindo muitos dos guias disponíveis:

link

  1. Nome completo do computador definido como TSGSERVER.local , Workgroup WORKGROUP .
  2. Adicione funções para Serviços de área de trabalho remota e o Gateway de área de trabalho remota .
  3. Crie um certificado autoassinado.
  4. Instalação completa.
  5. Exportar certificado via MMC a partir de Local Computer/Personal/Certificates .
  6. Importar certificado via MMC para Local Computer/Trusted Root Certification Authorities .
  7. Teste com rpcping na linha de comando:
    rpcping -v 3
            -e 3388
            -t ncacn_http
            -s localhost
            -o RpcProxy=TSGSERVER.local
            -P "Administrator,WORKGROUP,Password1"
            -H NTLM -u NTLM
            -a connect
            -F ssl
            -B msstd:TSGSERVER.local
            -E
            -R None

Parâmetros tomados de link

E o RPC falha:

RPCPing v6.0. Copyright (C) Microsoft Corporation, 2002-2006
 Since you have specified the RPC/HTTP proxy echo only option (-E), the endpoint
/interface you have specified will be ignored as no calls will reach the RPC/HTT
P server
 RPCPing set Activity ID:  {0c934a78-201c-40a3-82e8-9700bd928be6}
 RPCPinging proxy server tsgserver.local with Echo Request Packet
 Setting autologon policy to high
 Sending ping to server
 Response from server received: 401
 Use Server Preffered Auth Scheme: 2
 Setting autologon policy to high
 Sending ping to server
 Response from server received: 401
 Client is not authorized to ping RPC proxy
 Ping failed

Com os arquivos de log do IIS sendo igualmente informativos:

#Software: Microsoft Internet Information Services 7.5
#Version: 1.0
#Date: 2013-08-28 18:01:02
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken
2013-08-28 18:01:02 192.168.1.1 RPC_IN_DATA /Rpc/rpcproxy.dll - 443 - 192.168.1.1 MSRPC 401 2 5 514
2013-08-28 18:01:02 192.168.1.1 RPC_IN_DATA /Rpc/rpcproxy.dll - 443 - 192.168.1.1 MSRPC 401 2 5 0

Quais etapas estou faltando?

Sem instalar como uma CA, naturalmente ocorre um erro de certificado:

RPCPing v6.0. Copyright (C) Microsoft Corporation, 2002-2006
 Since you have specified the RPC/HTTP proxy echo only option (-E), the endpoint
/interface you have specified will be ignored as no calls will reach the RPC/HTT
P server
 RPCPing set Activity ID:  {b8fc4006-a3e8-4b9f-aa18-e1b951c7fe9a}
 RPCPinging proxy server TSGSERVER.local with Echo Request Packet
 Setting autologon policy to high
 Sending ping to server
 Error 12175 : A security error occurred
 returned in WinHttpSendRequest
 Ping failed

Isso está documentado em KB 831051 :

The PRC Ping Utility test may have failed because the certificate is not trusted or because it does not trust the certificate and root authority. The server certificate subject from the RPC Proxy server does not match the one that is specified by -B.

    
por Steve-o 28.08.2013 / 20:07

0 respostas