Install SSL certificate on Windows RDP

1. Certificate thumbprint. Certificate must be installed in personal store at the computer level.

2. Run PowerShell script:

$PATH = (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices)
Set-WmiInstance -Path $PATH -argument @{SSLCertificateSHA1Hash="thumbprint"}

 

Chrome: disable certificate check

1. Chrome - type "thisisunsafe" on page

2. Chrome - run with parameters:

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --ignore-certificate-errors
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --ignore-certificate-errors --ignore-urlfetcher-cert-requests &> /dev/null

PowerShell: convert password to secure string for RDP connection file

encrypt:

("Password!" | ConvertTo-SecureString -AsPlainText -Force) | ConvertFrom-SecureString

decrypt:

$s = ConvertTo-SecureString "encoded string"
$pointer = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($s)
$password = [Runtime.InteropServices.Marshal]::PtrToStringAuto($pointer)
$password

Ubuntu: disable IPv6

 1.

sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=1

 2.

sudo nano /etc/sysctl.conf

insert lines:

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1

apply settings:

sudo sysctl -p

create file:

sudo nano /etc/rc.local

insert lines:

#!/bin/bash
# /etc/rc.local
/etc/sysctl.d
/etc/init.d/procps restart
exit 0

set permissions:

sudo chmod 755 /etc/rc.local

 

VMware Horizon View Agent, fix VPN using error

Can not reconnect to machine via Horizon View after setup VPN connection.

When you install View Agent on a virtual machine that has more than one NIC, you must configure the subnet that View Agent uses. The subnet determines which network address View Agent provides to the View Connection Server instance for client protocol connections.

On the virtual machine on which Horizon Agent is installed, open a command prompt, type regedit.exe and create a registry entry to configure the subnet.

For example, in an IPv4 network: HKLM\Software\VMware, Inc.\VMware VDM\IpPrefix = n.n.n.n/m (REG_SZ)

In this example, n.n.n.n is the TCP/IP subnet and m is the number of bits in the subnet mask.

Note:

In releases earlier than Horizon 6 version 6.1, this registry path was HKLM\Software\VMware, Inc.\VMware VDM\Node Manager\subnet = n.n.n.n/m (REG_SZ). The old registry setting is not used with View Agent 6.1 or later. If you upgrade View Agent from an earlier release to version 6.1 or later, make sure to use the current registry setting.

Remote Desktop Gateway: force use NTLM

On Windows Events (Microsoft-Windows-TerminalServices-Gateway/Operational) appears records with event ID’s 312, but the connection does not authenticate successfully. Remote Desktop Gateway does not support Kerberos authentication, which use Remote Desktop Client with version >= 8.0

Resolution:

  1. On Remote Desktop Gateway server set the EnforceChannelBinding registry value to 0 (zero) to ignore missing channel bindings on the Gateway server. Reboot for applying changes.

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\TerminalServerGateway\Config\Core

    Type: REG_DWORD

    Name: EnforceChannelBinding

    Value: 0 (Decimal)

  2. On client change Local Policy LAN Manager Authentication Level. Adjust the NTLM Manager setting on the client to be "Send LM & NTLM - use NTLMv2 session security if negotiated".