Solved

Creating a different certificate for RD Remote App server

Posted on 2010-09-06
17
1,005 Views
Last Modified: 2012-05-10
Hi Guys,
I've got a few Remote Desktop servers set up and connect through to them via URL to https://rdserver.domain.com/rdweb however when i try to launch anything it shows that the certificate doesn't match and won't let me continue. The servers have self signed certificates but these obviously show the internal address servername.domain.local .
Can i create a certificate to match what i need and if so how or is there another way around this ?
Thanks
0
Comment
Question by:Netexperts
  • 9
  • 8
17 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33610471
Yes you can. But you need CA server in your environment to fulfill these requirements.
0
 
LVL 1

Author Comment

by:Netexperts
ID: 33610504
I Think our DC is a CA, is this just a case of creating a cert and exporting it ?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33610679
Yup, try to request a WWW certificate then issue it to your server. I would try to prepare a doc if you need.
0
 
LVL 1

Author Comment

by:Netexperts
ID: 33610906
That would be great. Thanks
0
 
LVL 1

Author Comment

by:Netexperts
ID: 33611435
I think i managed to create and install a new certificate as the RemoteApp page shows that it now has the external url however when i hit the landing page it says there is a certificate mismatch and if i view the certificate it shows a different one to the one i created and installed to the RemoteApp server.
Does the /RDWEB landing page pick up it's certificate from a different place (or do i also need to set it here ?
Hope this makes sense.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33611530
check on rd server in certmgr.msc console if there is only your newly generated certificate (without self signed) move yours into place where self-signed is
0
 
LVL 1

Author Comment

by:Netexperts
ID: 33611641
In certmgr.msc i can see the newly created certificate (for the external URL) and the local one (which shows on the landing page) but i can't see anything that shows which is self-signed however the internal one has a key symbol on it and the new one does not.
I've not used certmgr.msc before so sorry if i'm a bit vague.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33611680
ok, so let's export that local one and then we will remove it for tests. Click on it right mouse button and choose export, then follow a wizard
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 1

Author Comment

by:Netexperts
ID: 33611721
Ok, i've exported it. Should i now delete that cert from certmgr ?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33611747
yes, do it.
0
 
LVL 1

Author Comment

by:Netexperts
ID: 33611774
Done
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33613195
OK, what results do you have?
0
 
LVL 1

Author Comment

by:Netexperts
ID: 33613293
Still have the same issue.
If i get to the landing page it shows the cert is issued by the TS server for the local TS address but then when i log in and try an icon it then shows certificate mismatch and when i view the certificate it shows it's issued by the CA and for the external URL address (i.e the correct one i created)
Hope this makes sense.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33615649
ok then, I would try to prepare a doc for you :)
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 33618385
Sorry for delay. Busy day :/ So, try with this doc
cert.doc
0
 
LVL 1

Author Closing Comment

by:Netexperts
ID: 33640209
That's worked, many thanks
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33643762
You're welcome
0

Featured Post

Are your end users making ugly email signatures?

Have you left it up to your end users to create their own email signatures? Are they forgetting to add the company logo or using garish font colors? Take control and ensure all users have the same email signature.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been working as System Administrators since 2003. I recently started working as a FreeLancer and was amazed to find out that very few people are taking full advantage of their Windows Server Machines. Microsoft Windows Server comes with so…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now