So, the time has come to retire our old Windows 2003 server. This box runs bookkeeping software (Exact Globe 2003, and BCS Delta), and is exclusively used internally by the accounting staff.

...

Since we now have a nice server certificate in the Windows Certificate Store, I figured I might as well use it to secure more services that run of this machine. The most obvious service is of course the channel by which the machine is managed: Remote Desktop Protocol (RDP). Based on the docs for Remote Desktop Services (RDS), this service does support SSL (TLS1.0).Every time I use Remote Desktop Connection, I get this warning. The installed certificate can be configured with the Remote Desktop Session Host Configuration. While at it, I also selected to only use SSL (TLS 1.0), and High Encryption level:

Image Added

Using Wireshark it is again easy to spot that the session is encrypted.

Service monitoring

All of this stuff is very nice, but it's no good without monitoring.

We run a Nagios 3.x instance in a remote data center, and ideally I want to monitor all services that this hosts runs.