Can they co-exist? How?
Thursday 28 November 2013
Make Certificate fully chained
Some web server, like Tomcat or Nginx, needs a fully chained certificate to provide SSL service.
However, normally you are not given a fully chained certificate when you purchase a web server certificate from some famous public CA, instead they send you back a couple of certificates. You need to merge them yourself. In this link, I described the problem and provided a way to do the combination.
However, normally you are not given a fully chained certificate when you purchase a web server certificate from some famous public CA, instead they send you back a couple of certificates. You need to merge them yourself. In this link, I described the problem and provided a way to do the combination.
Monday 11 November 2013
DVC (Dynamic Virtual Channel)
MS discarded static virtual channel(SVC) in Visual Studio 2012, so we decided to move on - using DVC.
In normal user mode application, it is fine to call the API WTSVirtualChannelOpenEx. However it returned error 2 in Credential Provider. We are not alone, as someone else also reported the same issue.
We opened a support case with Microsoft more than two weeks ago , haven't got any positive answer from them.
If you are interested in solving this mystery, here is my test code and rough explanation.
Update: After one month email exchange, MS finally admits it is a BUG (Case NO REG:113102410891026). In addition, SVC Sounds like back in VS2013, as in this link, I see someone said
“cchannel.h is present in the Windows 8.1 SDK that will come with VS 2013.”
Here is their conclusion,
PROBLEM
========
You are calling WTSVirtualChannelOpenEx() from your Credential Provider (Windows Server 2008) and it is failing with error code 2 to the built-in "echo" listener. (Dynamic Virtual Channel) The API succeeds after the user has logged on. You need to transfer data from the client to the credential provider on the server for authentication data.
RESOLUTION
============
This is currently by design.
You cannot call WTSVirtualChannelOpenEx() from a Credential Provider. It can only be called once the Remote Desktop Connection has been established which happens after the Credential Provider returns.
ADDITIONAL INFORMATION AND RECOMMENDATIONS
================================================
Based on some additional testing, the issue only happens if the RDC role is installed. Static Virtual Channels (SVC) would be a work around. (SVC support has NOT been removed from Windows).
The Remote Desktop Team is aware of your request for accessing a DVC from a Credential Provider. You may see support for this in the future.
In normal user mode application, it is fine to call the API WTSVirtualChannelOpenEx. However it returned error 2 in Credential Provider. We are not alone, as someone else also reported the same issue.
We opened a support case with Microsoft more than two weeks ago , haven't got any positive answer from them.
If you are interested in solving this mystery, here is my test code and rough explanation.
Update: After one month email exchange, MS finally admits it is a BUG (Case NO REG:113102410891026). In addition, SVC Sounds like back in VS2013, as in this link, I see someone said
“cchannel.h is present in the Windows 8.1 SDK that will come with VS 2013.”
Here is their conclusion,
PROBLEM
========
You are calling WTSVirtualChannelOpenEx() from your Credential Provider (Windows Server 2008) and it is failing with error code 2 to the built-in "echo" listener. (Dynamic Virtual Channel) The API succeeds after the user has logged on. You need to transfer data from the client to the credential provider on the server for authentication data.
RESOLUTION
============
This is currently by design.
You cannot call WTSVirtualChannelOpenEx() from a Credential Provider. It can only be called once the Remote Desktop Connection has been established which happens after the Credential Provider returns.
ADDITIONAL INFORMATION AND RECOMMENDATIONS
================================================
Based on some additional testing, the issue only happens if the RDC role is installed. Static Virtual Channels (SVC) would be a work around. (SVC support has NOT been removed from Windows).
The Remote Desktop Team is aware of your request for accessing a DVC from a Credential Provider. You may see support for this in the future.
Subscribe to:
Posts (Atom)
