Solved

Terminal Services Gateway problem with self-created certificate

Posted on 2010-09-03
6
2,730 Views
Last Modified: 2012-06-27
The set is like that:

Server 2008 R2 Enterprise has 4 virtual servers installed:
1. Testing server
2. Engineering server
3. Domain Controller (not yet created)
4. TS Gateway
In a testing environment all worked well. TS Gateway had self-signed certificate and a copy of it was installed on client PCs. Connection was flawless.

On the day host server moved into client's domain environment all was good, too:
1. All servers were assigned proper IP addresses to fit present network.
2. Domain controller role was installed and added to present domain.
3. All servers including host and guests were added to domain.

After that the test connection via TS Gateway was done with external access to TS Gateway (dyndns.org name created and port 443 forwarded to TS Gateway server on the main router). All works as it should. But as soon as I try to connect from external client there comes a delay, then remote connection client window freezes and an error message pops up saying:

"Your computer can't connect to the remote computer because the Remote Desktop Gateway server's certificate has expired or has been revoked. Contact your network administrator for assistance"

External client used has windows 7 Ultimate. Before servers were moved into domain, connection from the same client but different certificate (to fit testing office's dyndns.org name) was used successfully.

The only changes that occurred  on TS Gateway server are:
1. Changed for new self-created sertificate to match dyndns name.
2. Deleted server's certificate (created initially for server itself), but leaving newly created certificate only.

Just to mention - it doesn't matter the self-created certificate for now - we install it's copy in the root certificate authority folder on client's PC and it proved to work ok as a temporary solution.
0
Comment
Question by:sycamoresrv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 4

Expert Comment

by:evilsi
ID: 33603081
Hi,

From what you have described the issue lies with the deletion of the old certificate. It would appear your new certificate doesnt have the components that your original certificate did. Did you create the new cert from the same template as the original one? Try requesting the TS gateway certificate again using the http://servername/certsrv and installing it.

hope this helps

Si.
0
 

Author Comment

by:sycamoresrv
ID: 33603467
Yes, I deleted all certificates to make sure I don't mess with the old ones and create a new one right from the management menu of TS Gateway.
I went even further - reinstalled the whole virtual TS Gateway server from scratch to make sure everything to be intact there but same result.
What I want to stress is that I am capable to connect using Gateway's dynamic name from any PC connected internally (even so I unchecked the option to avoid Gateway for local addresses). I have a strong suspicion my RV042 router does not pass through on port 443, although the port range forwarding rule is implemented.
0
 
LVL 4

Expert Comment

by:evilsi
ID: 33603610
you seem to have covered the bases for the TS gateway then.. Does that router have to capability to have remote management or SSL VPN services (like Draytek routers).. If so you may have to disable those router services..

Si.
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 

Author Comment

by:sycamoresrv
ID: 33604061
no, i checked many times - there are no settings for VPN services being active on it. Thinking of swapping it with some other working model for tests.
0
 
LVL 4

Expert Comment

by:evilsi
ID: 33604070
Can you rdp to the server from outside as a test with port forwarding of 3389?
0
 

Accepted Solution

by:
sycamoresrv earned 0 total points
ID: 33604702
Yes, in fact rdp port forwarding works fine but port 443 does not. I searched through internet on RV042 problems and found many references concerning problems with SSL port forwarding, even if you have the latest firmware.
I installed another working router that was tested in the office here and it proved to blame RV042 as there are no problems with connection for TS Gateway anymore.
Thank you evilsi for advises.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question