Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1788
  • Last Modified:

RDGateway certificate problem

I am having trouble accessing remote app's externally. If I try from within the company all works perfectly. Externally I have tried https://mail.domain.com.xx I can display the remote apps but I get a certificate error if I try to run them. The certificate name is not one that I know, not the wild-card rapidssl certificate I have successfully set up internally. Our web site is hosted by an isp and the main domain name is used there. The "mail" portion of the domain name seems to point it back to the company. Do I need the isp to add some other records in order to correctly access my internal server?
   external rds access
0
RapidityAU
Asked:
RapidityAU
  • 4
  • 3
1 Solution
 
RapidityAUAuthor Commented:
Plesk the name that appears as the certificate when RDS is attempted externally (not internally using my local server name eg https://server1.domain.com.au) seems to be some kind of control panel that might be used my the ISP?

http://en.wikipedia.org/wiki/Plesk
0
 
Cliff GaliherCommented:
Plesk is indeed a very popular control panel company used by many webhosts (which may or may not be your ISP if you host a website elsewhere.)

Sounds like you either have a wildcard DNS record that is pointing all traffic to your webhost or you published your web-app links using domain name in the URL that is not the same as the DNS record(s) that point to the RD-Gateway.
0
 
RapidityAUAuthor Commented:
Yes you are correct that my domain name forms part of the url. The company has an externally hosted web site and an internally hosted exchange mail server.

Externally using an address mail.domain.com.au finds the remote apps but I can not run them without getting the plesk certificate error.

the internal servers name that hosts RDS is indeed different eg rdsserver.domain.com.au

Does this mean that the webhost people have to fix this. Adding records for rdsserver.domain.com.au  In order to us to use remote desktop externally.

Can I also get external access too and host both  https OWA webmail and the https RDWeb that reside on two different internal servers. With my internal gateway router just pointing to the exchange mail server?

0
How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

 
Cliff GaliherCommented:
No, it means you have to fix this by changing your published apps. They have been published using the wrong domain name. When properly configured, the apps themselves will use the RD Gateway which has a proper certificate. You will need to modify your RD infrastructure, but without *a lot* more info (more than can be done on any online forum) I cannot be more specific.

As far as accessing OWA and RDWeb, ideally you'd use two public IP addresses so you don't have to use convoluted port remapping. Your edge device would need to support this as well and then you can map each public IP address to a different internal server forming a 1-to-1 NAT traversal. Pretty common scenario and business-class edge devices support this regularly.

-Cliff
0
 
RapidityAUAuthor Commented:
They have been published using our own domain name, our company name forms our domain name. If that case it would be like asking dell.com.au to call themselves something else, changing their internal domain just to use the apps through RDGateway and RDWeb?

or On the other hand we would have to change our name on the web calling ourselves ibm instead of dell? an advertising nightmare...

so you are implying that for instance Dell could not use https://server2.dell.com.au/RDWeb if their web site was hosted by another web hosting company?

To fix this I need to register a new domain, buy another certificate for the new domain, and set up a new internet connection to a standalone new RDGateway server that then talks to to my existing RDWeb sever on my existing domain?

The web hosting company cannot just forward the url request to my existing server? It is already so close to working as I can see login in and see apps available.


0
 
RapidityAUAuthor Commented:
Would not respond to further questions on this topic to discuss a better workable and feasible solution. I think a VPN solution may be answer I am looking for using a Netgear Prosafe VPN SRX5308 router to access the apps from other locations on our internal local domain. A more cost effective and viable solution.
0
 
Cliff GaliherCommented:
I appreciate the points, but I do have a couple of comments that may help you in the future:

1) No, I did not discuss "further questions" nor would I have, even if I had read them. I'd have urged you to post them as new questions. How to configure redirection or DNS or your other questions are NOT the same as your initial question, or even close.

If you look here:

====
http://www.experts-exchange.com/questionTips.jsp

Break Up Your Question, if Necessary
As a Premium Service Member or a Qualified Expert you have unlimited points and are allowed to ask unlimited questions. If you have a very long difficult question that could be broken down into smaller, easier questions, do so. If the initial question is answered accept the solution and post a new question. Include the link to the old question as reference to help the Experts put things in context.
====

Stringing along questions is really poor etiquette and I'd have encouraged you to ask a new question as a new post so that I, or others) can properly credit answers.

2) If you want *immediate* answers or in depth help, there are plenty of people out in the world that offer paid support. EE is great for the stuck or one-off question, but don't make the mistake of thinking it replaces paid support. Everyone hee, myself included, does this as volunteer work. I don't get paid, I don't get material benefit, I do this because I love technology and if I can help someone improve their life and the lives of othres, I want to try and help. But I have bills to pay, mouths to feed, and I will not be on EE 24/7 just to look to see if you posted a comment and reply to it. Again, you want that, pay for it. 'Nuf said.

Good luck with your future endeavors, and I hope you find a solutoin for your RD issue that fits your needs.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now