RDGateway certificate problem

Posted on 2011-02-15
Last Modified: 2013-11-21
I am having trouble accessing remote app's externally. If I try from within the company all works perfectly. Externally I have tried I can display the remote apps but I get a certificate error if I try to run them. The certificate name is not one that I know, not the wild-card rapidssl certificate I have successfully set up internally. Our web site is hosted by an isp and the main domain name is used there. The "mail" portion of the domain name seems to point it back to the company. Do I need the isp to add some other records in order to correctly access my internal server?
   external rds access
Question by:RapidityAU
  • 4
  • 3

Author Comment

ID: 34895186
Plesk the name that appears as the certificate when RDS is attempted externally (not internally using my local server name eg seems to be some kind of control panel that might be used my the ISP?
LVL 56

Expert Comment

by:Cliff Galiher
ID: 34901538
Plesk is indeed a very popular control panel company used by many webhosts (which may or may not be your ISP if you host a website elsewhere.)

Sounds like you either have a wildcard DNS record that is pointing all traffic to your webhost or you published your web-app links using domain name in the URL that is not the same as the DNS record(s) that point to the RD-Gateway.

Author Comment

ID: 34902562
Yes you are correct that my domain name forms part of the url. The company has an externally hosted web site and an internally hosted exchange mail server.

Externally using an address finds the remote apps but I can not run them without getting the plesk certificate error.

the internal servers name that hosts RDS is indeed different eg

Does this mean that the webhost people have to fix this. Adding records for  In order to us to use remote desktop externally.

Can I also get external access too and host both  https OWA webmail and the https RDWeb that reside on two different internal servers. With my internal gateway router just pointing to the exchange mail server?

Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

LVL 56

Accepted Solution

Cliff Galiher earned 500 total points
ID: 34902755
No, it means you have to fix this by changing your published apps. They have been published using the wrong domain name. When properly configured, the apps themselves will use the RD Gateway which has a proper certificate. You will need to modify your RD infrastructure, but without *a lot* more info (more than can be done on any online forum) I cannot be more specific.

As far as accessing OWA and RDWeb, ideally you'd use two public IP addresses so you don't have to use convoluted port remapping. Your edge device would need to support this as well and then you can map each public IP address to a different internal server forming a 1-to-1 NAT traversal. Pretty common scenario and business-class edge devices support this regularly.


Author Comment

ID: 34903652
They have been published using our own domain name, our company name forms our domain name. If that case it would be like asking to call themselves something else, changing their internal domain just to use the apps through RDGateway and RDWeb?

or On the other hand we would have to change our name on the web calling ourselves ibm instead of dell? an advertising nightmare...

so you are implying that for instance Dell could not use if their web site was hosted by another web hosting company?

To fix this I need to register a new domain, buy another certificate for the new domain, and set up a new internet connection to a standalone new RDGateway server that then talks to to my existing RDWeb sever on my existing domain?

The web hosting company cannot just forward the url request to my existing server? It is already so close to working as I can see login in and see apps available.


Author Closing Comment

ID: 34914812
Would not respond to further questions on this topic to discuss a better workable and feasible solution. I think a VPN solution may be answer I am looking for using a Netgear Prosafe VPN SRX5308 router to access the apps from other locations on our internal local domain. A more cost effective and viable solution.
LVL 56

Expert Comment

by:Cliff Galiher
ID: 34918917
I appreciate the points, but I do have a couple of comments that may help you in the future:

1) No, I did not discuss "further questions" nor would I have, even if I had read them. I'd have urged you to post them as new questions. How to configure redirection or DNS or your other questions are NOT the same as your initial question, or even close.

If you look here:


Break Up Your Question, if Necessary
As a Premium Service Member or a Qualified Expert you have unlimited points and are allowed to ask unlimited questions. If you have a very long difficult question that could be broken down into smaller, easier questions, do so. If the initial question is answered accept the solution and post a new question. Include the link to the old question as reference to help the Experts put things in context.

Stringing along questions is really poor etiquette and I'd have encouraged you to ask a new question as a new post so that I, or others) can properly credit answers.

2) If you want *immediate* answers or in depth help, there are plenty of people out in the world that offer paid support. EE is great for the stuck or one-off question, but don't make the mistake of thinking it replaces paid support. Everyone hee, myself included, does this as volunteer work. I don't get paid, I don't get material benefit, I do this because I love technology and if I can help someone improve their life and the lives of othres, I want to try and help. But I have bills to pay, mouths to feed, and I will not be on EE 24/7 just to look to see if you posted a comment and reply to it. Again, you want that, pay for it. 'Nuf said.

Good luck with your future endeavors, and I hope you find a solutoin for your RD issue that fits your needs.

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Join & Write a Comment

##the calculator has been updated to version 1.6 please download the use the updated version## Hi there, After the previous post of the original version of the calculator here :…
The environment that this is running in is SCCM 2007 R2 running on a Windows 2008 R2 server. The PXE Distribution point is running on its own Windows 2008 R2 box. This is what Event viewer showed after trying to start the WDS service:  An erro…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now