Remote Desktop Server authentication problem

When opening an app in RDWeb (running on 2008 R2) I am getting a pop up stating that "your remote desktop connection failed because the remote computer cannot be authenticated" on my XP SP3 machine - not a problem in vista, win 7.  It is advising me that there are problems with the security certificate.  It looks like a name mismatch.  The requested name is, and the name in the certificate is TS.domainname.local.  The error is encountered when validating the computer's certificate; "The server name on the certificate is incorrect"  If I change the authentication level:i:1 level to 0, i dont' get the prompt, but I am not thinking this is a valid or secure solution.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


Here are a few quick steps:

1) issue a cert that matches the externally addressable FQDN of the gateway.

2) ensure the issuing authorities cert is exported to the client (this is the step most people get wrong, they export the gateway certificate by mistake) this MUST be imported into the trusted root store of the client machine (use the MMC snap in to do this). If the cert goes into the wrong store (usually machine personal or user personal) drag and drop it from that store into the machine trusted root authorities store.

3) ensure you haven't turned on require certificate auth for the terminal server (this is the default and will mean one less set of certs - to make it easier for testing).

4) do not use wildcard certs

I'm quoting from microsoft technet (

Also, the above link has detailed info on how to install the TS Gateway server root certificate on the terminal services client.

Hope that helps.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SuperiorCabinetsAuthor Commented:
I changed the authentication level:i:2 to 0, and I am able to login successfully and open the remote app programs successfully.
SuperiorCabinetsAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.