1

We are using MSTSCLib_TLB.pas in Delphi imported from C:\Windows\system32\mstscax.dll (Microsoft Terminal Services Control Type Library) for to connect our customers via this RDP Activex . DLL file version is 6.1.7601.18079. We are using in our project TMsRdpClient7. My questions are below.

  1. We are searching equivalent to /admin flag used with MSTSC.EXE about to use in this library. We try to find it in MSDN Library and searched much places but we couldn't find anything about that.
  2. While connecting with Mstsc.Exe it asks us about to install certificate for some servers and we accept it and we are continuing our work. Is there any way or property or parameter to self accept thus certificate?

    The part of my code is below.

    axRdp := TMsRdpClient7.Create(Nil);
    axRdp.Server := server;
    axRdp.AdvancedSettings7.RDPPort := portNo;
    axRdp.UserName := user;
    axRdp.AdvancedSettings7.ClearTextPassword := pass;
    axRdp.AdvancedSettings7.RedirectDrives := True;
    axRdp.Connect;
    

Best regards.

----------------added----------------------

i find some usefull code parts this part is about to "Enable NLA Authentication" but i'm not sure its working or not but i am sure that servers which i cant connect are requires NLA. Now i see the problem is about that. but below code didnt worked for me. How can i enable NLA from activex?

axRdp.AdvancedSettings8.EnableCredSspSupport := True;       

this part is about mstsc.exe /admin flag. i'm sure about that

axRdp.AdvancedSettings7.ConnectToAdministerServer := True;
axRdp.AdvancedSettings3.ConnectToServerConsole := True;
AhmetSinav
  • 55
  • 1
  • 2
  • 9
  • There won't be a way to install cert in the library. That will be an external task. Install the cert before running the program. – David Heffernan Jan 30 '14 at 08:28
  • tnks for your comment but we have to connect to server to take its certificate. i see this is impossible :( – AhmetSinav Jan 30 '14 at 08:40
  • If you control the server you control it's certificates. It is standard practise to distribute certificates. That's a security/admin issue more than code. – David Heffernan Jan 30 '14 at 09:00
  • yes you are right but i mean that the activex cannot begin to control the server before to connect it. and the active x cannot connect if the certificate didn't install on the client. we have to install the certificate before to run the program as you say. so this is impossibble from code. – AhmetSinav Jan 30 '14 at 09:26
  • I'm sure you can install a certificate with code. But I mean that the MSTSC library likely won't offer functionality for that. I expect that it is a separate admin task. – David Heffernan Jan 30 '14 at 09:33
  • the comments will go i mean , i mean,... . Yes i understood you and i meant as you say at the previous comments. – AhmetSinav Jan 30 '14 at 09:40

1 Answers1

1

Just connect to the server on port 3389 as if you were connecting to an https server, this will give you the certificate (so you can take the sha1 hash).

AFAIK there is no (supported) way to self accept, but why not install a trusted certificate on the RDS Server?

Remko
  • 7,214
  • 2
  • 32
  • 52