I am trying to get a Server 2008 R2 Standard RDS server installed on a child domain. We have a root and subordinate certificate authority established on the parent domain. I am having difficulty attaining a certificate from the subordinate CA because of the network being locked down. The CA's have never been used, they are server 2008 r2 standard as well. I have a few questions on this:
What ports do I need to have opened between the RDS server where I will generate my request for a certificate and the CA's?
Per this article, I need port 135 for RPC, but the other port is randomly generated, how do I establish what it is, and will it stay the same? Also, will it need to remain open? http://support.microsoft.com/kb/832017
What is the best way to go about generating a request for a certificate, and what will the steps be to import the certificate once it is generated? Should I generate a request using a .inf file and certreq, or is there a better way? This is the context of the .inf I was using to generate the request file, will this work?:
ProviderName="Microsoft RSA SChannel Cryptographic Provider"
KeyUsage=0xF0 ;Digital Signature, Key Encipherment, Nonrepudiation, Data Encipherment
OID=184.108.40.206.220.127.116.11.1 ; Server Authentication
I was able to get a certificate over to the RDS server and select it for use w/ RDS, but when i attempt to connect to it from my Windows 7 pc that is not joined to the same domain, I get an error saying that the Certificate revocation list is not available. Is there communication that takes place between the RDS server and the CA when someone logs on remotely to it? An xp machine on the domain does not get a notification about the certificate at all. This RDS server is going to be accessed from non-domain PCs.
One other thing, the parent and child domains are on seperate vlans & subnets, the parent is on the 10.33.1.* range and the child is on the 10.28.1.* range.
Let me know if you need anything else. I'm sure I will have more questions as we go being that I have now thoroughly confused myself.