RDGateway certificate problem

Posted on 2011-02-15
Medium Priority
Last Modified: 2013-11-21
I am having trouble accessing remote app's externally. If I try from within the company all works perfectly. Externally I have tried https://mail.domain.com.xx I can display the remote apps but I get a certificate error if I try to run them. The certificate name is not one that I know, not the wild-card rapidssl certificate I have successfully set up internally. Our web site is hosted by an isp and the main domain name is used there. The "mail" portion of the domain name seems to point it back to the company. Do I need the isp to add some other records in order to correctly access my internal server?
   external rds access
Question by:RapidityAU
  • 4
  • 3

Author Comment

ID: 34895186
Plesk the name that appears as the certificate when RDS is attempted externally (not internally using my local server name eg https://server1.domain.com.au) seems to be some kind of control panel that might be used my the ISP?

LVL 61

Expert Comment

by:Cliff Galiher
ID: 34901538
Plesk is indeed a very popular control panel company used by many webhosts (which may or may not be your ISP if you host a website elsewhere.)

Sounds like you either have a wildcard DNS record that is pointing all traffic to your webhost or you published your web-app links using domain name in the URL that is not the same as the DNS record(s) that point to the RD-Gateway.

Author Comment

ID: 34902562
Yes you are correct that my domain name forms part of the url. The company has an externally hosted web site and an internally hosted exchange mail server.

Externally using an address mail.domain.com.au finds the remote apps but I can not run them without getting the plesk certificate error.

the internal servers name that hosts RDS is indeed different eg rdsserver.domain.com.au

Does this mean that the webhost people have to fix this. Adding records for rdsserver.domain.com.au  In order to us to use remote desktop externally.

Can I also get external access too and host both  https OWA webmail and the https RDWeb that reside on two different internal servers. With my internal gateway router just pointing to the exchange mail server?

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

LVL 61

Accepted Solution

Cliff Galiher earned 1500 total points
ID: 34902755
No, it means you have to fix this by changing your published apps. They have been published using the wrong domain name. When properly configured, the apps themselves will use the RD Gateway which has a proper certificate. You will need to modify your RD infrastructure, but without *a lot* more info (more than can be done on any online forum) I cannot be more specific.

As far as accessing OWA and RDWeb, ideally you'd use two public IP addresses so you don't have to use convoluted port remapping. Your edge device would need to support this as well and then you can map each public IP address to a different internal server forming a 1-to-1 NAT traversal. Pretty common scenario and business-class edge devices support this regularly.


Author Comment

ID: 34903652
They have been published using our own domain name, our company name forms our domain name. If that case it would be like asking dell.com.au to call themselves something else, changing their internal domain just to use the apps through RDGateway and RDWeb?

or On the other hand we would have to change our name on the web calling ourselves ibm instead of dell? an advertising nightmare...

so you are implying that for instance Dell could not use https://server2.dell.com.au/RDWeb if their web site was hosted by another web hosting company?

To fix this I need to register a new domain, buy another certificate for the new domain, and set up a new internet connection to a standalone new RDGateway server that then talks to to my existing RDWeb sever on my existing domain?

The web hosting company cannot just forward the url request to my existing server? It is already so close to working as I can see login in and see apps available.


Author Closing Comment

ID: 34914812
Would not respond to further questions on this topic to discuss a better workable and feasible solution. I think a VPN solution may be answer I am looking for using a Netgear Prosafe VPN SRX5308 router to access the apps from other locations on our internal local domain. A more cost effective and viable solution.
LVL 61

Expert Comment

by:Cliff Galiher
ID: 34918917
I appreciate the points, but I do have a couple of comments that may help you in the future:

1) No, I did not discuss "further questions" nor would I have, even if I had read them. I'd have urged you to post them as new questions. How to configure redirection or DNS or your other questions are NOT the same as your initial question, or even close.

If you look here:


Break Up Your Question, if Necessary
As a Premium Service Member or a Qualified Expert you have unlimited points and are allowed to ask unlimited questions. If you have a very long difficult question that could be broken down into smaller, easier questions, do so. If the initial question is answered accept the solution and post a new question. Include the link to the old question as reference to help the Experts put things in context.

Stringing along questions is really poor etiquette and I'd have encouraged you to ask a new question as a new post so that I, or others) can properly credit answers.

2) If you want *immediate* answers or in depth help, there are plenty of people out in the world that offer paid support. EE is great for the stuck or one-off question, but don't make the mistake of thinking it replaces paid support. Everyone hee, myself included, does this as volunteer work. I don't get paid, I don't get material benefit, I do this because I love technology and if I can help someone improve their life and the lives of othres, I want to try and help. But I have bills to pay, mouths to feed, and I will not be on EE 24/7 just to look to see if you posted a comment and reply to it. Again, you want that, pay for it. 'Nuf said.

Good luck with your future endeavors, and I hope you find a solutoin for your RD issue that fits your needs.

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session. In a lot of this cases the quick solutions made b…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
How to fix display issue, screen flickering issue when I plug in power cord to the machine. Before I start explaining the solution lets check out once the issue how it looks like after I connect the power cord. most of you also have faced this…
If you are looking for an automated solution for backup single or multiple Office 365 user mailboxes to Outlook data file, then you can use Kernel Office 365 Backup & Restore tool. Go through the video to check out the steps to backup single or mult…

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question