americaneldercare
asked on
server 2008 TS Web Access/Gateway
I am having some difficulty setting up a test environment utilizing the TS Web Access and TS Gateway on Server 2008 (not R2). I believe the base of the issue goes to the ports. A quick breakdown of the situation is this:
I have a TS Gateway setup and showing the TS Apps of another server. I am using my public IP which already has a webserver on it, so I changed the Website port of the TS Web Access to another port.
All of the above appears to be working fine, however when I go to connect to one of my RemoteApps it is giving me an error indicating the certificate and subject authority name don't match...however the certificate it is providing is for my mail server NOT the self signed cert from the Gateway.
So it appears that it is trying to communicate using either port 80 or 443 and hitting my web and/or email server.
Is there a way to have Gateway use ports other then 80/443?
I have a TS Gateway setup and showing the TS Apps of another server. I am using my public IP which already has a webserver on it, so I changed the Website port of the TS Web Access to another port.
All of the above appears to be working fine, however when I go to connect to one of my RemoteApps it is giving me an error indicating the certificate and subject authority name don't match...however the certificate it is providing is for my mail server NOT the self signed cert from the Gateway.
So it appears that it is trying to communicate using either port 80 or 443 and hitting my web and/or email server.
Is there a way to have Gateway use ports other then 80/443?
AC_Nova
change the bindings for the site in IIS.
ASKER
To make sure we are both on the same page - I have the main portion of the web page working externally on another port other then 80. It is when I go to launch the remote app that I am having an issue. It is giving a certificate mismatch - but is referencing the SSL cert on my main website, not the self signed one on the test gateway server.
Are you indicating I need to adjust the SSL port in IIS and the system will automatically know to reference that other port? Or were you intending the comment being for Port 80 to allow the TS Web to work on another port?
Are you indicating I need to adjust the SSL port in IIS and the system will automatically know to reference that other port? Or were you intending the comment being for Port 80 to allow the TS Web to work on another port?
I had a similar problem and it was all down to certificates. The server name must match what is specified in the SSL certificate for the TS Gateway server.
also
If the Require server authentication check box is selected, consider the following:
If any client computers are running Windows Server 2003 with SP1, Windows Server 2003 with SP2, or Windows XP with SP2, you must configure the terminal server to use a Secure Sockets Layer (SSL) certificate. (You cannot use a self-signed certificate.)
If the RemoteApp program is for intranet use, and all client computers are running either Windows Server 2008 or Windows Vista, you do not have to configure the terminal server to use an SSL certificate. In this case, Network Level Authentication is used.
http://technet.microsoft.com/en-us/library/cc730673(WS.10).aspx
also
If the Require server authentication check box is selected, consider the following:
If any client computers are running Windows Server 2003 with SP1, Windows Server 2003 with SP2, or Windows XP with SP2, you must configure the terminal server to use a Secure Sockets Layer (SSL) certificate. (You cannot use a self-signed certificate.)
If the RemoteApp program is for intranet use, and all client computers are running either Windows Server 2008 or Windows Vista, you do not have to configure the terminal server to use an SSL certificate. In this case, Network Level Authentication is used.
http://technet.microsoft.com/en-us/library/cc730673(WS.10).aspx
ASKER
The external test computer I am using is a Windows 7 Enterprise.
The issue with the certificate is slightly different then what you are mentioning - my issue is that when I get the error saying the certificate doesn't match, and View the certificate it is showing the SSL cert assigned to my email server NOT the certificate assigned to my gateway. If i just change the listening port on the Gateway for SSL will the connection know to use another port? or do I need to specify somewhere that the SSL is on another port?
The issue with the certificate is slightly different then what you are mentioning - my issue is that when I get the error saying the certificate doesn't match, and View the certificate it is showing the SSL cert assigned to my email server NOT the certificate assigned to my gateway. If i just change the listening port on the Gateway for SSL will the connection know to use another port? or do I need to specify somewhere that the SSL is on another port?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.