RDGateway certificate problem

Posted on 2011-02-15
Medium Priority
Last Modified: 2013-11-21
I am having trouble accessing remote app's externally. If I try from within the company all works perfectly. Externally I have tried https://mail.domain.com.xx I can display the remote apps but I get a certificate error if I try to run them. The certificate name is not one that I know, not the wild-card rapidssl certificate I have successfully set up internally. Our web site is hosted by an isp and the main domain name is used there. The "mail" portion of the domain name seems to point it back to the company. Do I need the isp to add some other records in order to correctly access my internal server?
   external rds access
Question by:RapidityAU
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3

Author Comment

ID: 34895186
Plesk the name that appears as the certificate when RDS is attempted externally (not internally using my local server name eg https://server1.domain.com.au) seems to be some kind of control panel that might be used my the ISP?

LVL 59

Expert Comment

by:Cliff Galiher
ID: 34901538
Plesk is indeed a very popular control panel company used by many webhosts (which may or may not be your ISP if you host a website elsewhere.)

Sounds like you either have a wildcard DNS record that is pointing all traffic to your webhost or you published your web-app links using domain name in the URL that is not the same as the DNS record(s) that point to the RD-Gateway.

Author Comment

ID: 34902562
Yes you are correct that my domain name forms part of the url. The company has an externally hosted web site and an internally hosted exchange mail server.

Externally using an address mail.domain.com.au finds the remote apps but I can not run them without getting the plesk certificate error.

the internal servers name that hosts RDS is indeed different eg rdsserver.domain.com.au

Does this mean that the webhost people have to fix this. Adding records for rdsserver.domain.com.au  In order to us to use remote desktop externally.

Can I also get external access too and host both  https OWA webmail and the https RDWeb that reside on two different internal servers. With my internal gateway router just pointing to the exchange mail server?

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

LVL 59

Accepted Solution

Cliff Galiher earned 1500 total points
ID: 34902755
No, it means you have to fix this by changing your published apps. They have been published using the wrong domain name. When properly configured, the apps themselves will use the RD Gateway which has a proper certificate. You will need to modify your RD infrastructure, but without *a lot* more info (more than can be done on any online forum) I cannot be more specific.

As far as accessing OWA and RDWeb, ideally you'd use two public IP addresses so you don't have to use convoluted port remapping. Your edge device would need to support this as well and then you can map each public IP address to a different internal server forming a 1-to-1 NAT traversal. Pretty common scenario and business-class edge devices support this regularly.


Author Comment

ID: 34903652
They have been published using our own domain name, our company name forms our domain name. If that case it would be like asking dell.com.au to call themselves something else, changing their internal domain just to use the apps through RDGateway and RDWeb?

or On the other hand we would have to change our name on the web calling ourselves ibm instead of dell? an advertising nightmare...

so you are implying that for instance Dell could not use https://server2.dell.com.au/RDWeb if their web site was hosted by another web hosting company?

To fix this I need to register a new domain, buy another certificate for the new domain, and set up a new internet connection to a standalone new RDGateway server that then talks to to my existing RDWeb sever on my existing domain?

The web hosting company cannot just forward the url request to my existing server? It is already so close to working as I can see login in and see apps available.


Author Closing Comment

ID: 34914812
Would not respond to further questions on this topic to discuss a better workable and feasible solution. I think a VPN solution may be answer I am looking for using a Netgear Prosafe VPN SRX5308 router to access the apps from other locations on our internal local domain. A more cost effective and viable solution.
LVL 59

Expert Comment

by:Cliff Galiher
ID: 34918917
I appreciate the points, but I do have a couple of comments that may help you in the future:

1) No, I did not discuss "further questions" nor would I have, even if I had read them. I'd have urged you to post them as new questions. How to configure redirection or DNS or your other questions are NOT the same as your initial question, or even close.

If you look here:


Break Up Your Question, if Necessary
As a Premium Service Member or a Qualified Expert you have unlimited points and are allowed to ask unlimited questions. If you have a very long difficult question that could be broken down into smaller, easier questions, do so. If the initial question is answered accept the solution and post a new question. Include the link to the old question as reference to help the Experts put things in context.

Stringing along questions is really poor etiquette and I'd have encouraged you to ask a new question as a new post so that I, or others) can properly credit answers.

2) If you want *immediate* answers or in depth help, there are plenty of people out in the world that offer paid support. EE is great for the stuck or one-off question, but don't make the mistake of thinking it replaces paid support. Everyone hee, myself included, does this as volunteer work. I don't get paid, I don't get material benefit, I do this because I love technology and if I can help someone improve their life and the lives of othres, I want to try and help. But I have bills to pay, mouths to feed, and I will not be on EE 24/7 just to look to see if you posted a comment and reply to it. Again, you want that, pay for it. 'Nuf said.

Good luck with your future endeavors, and I hope you find a solutoin for your RD issue that fits your needs.

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Case Summary: In this Article we introduce the new method to configure the default user profile using Automated profile copy with sysprep rather than the old ways such as the manual copy of a configured profile to default user profile Old meth…
Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question