Solved

RDGateway certificate problem

Posted on 2011-02-15
7
1,776 Views
Last Modified: 2013-11-21
I am having trouble accessing remote app's externally. If I try from within the company all works perfectly. Externally I have tried https://mail.domain.com.xx I can display the remote apps but I get a certificate error if I try to run them. The certificate name is not one that I know, not the wild-card rapidssl certificate I have successfully set up internally. Our web site is hosted by an isp and the main domain name is used there. The "mail" portion of the domain name seems to point it back to the company. Do I need the isp to add some other records in order to correctly access my internal server?
   external rds access
0
Comment
Question by:RapidityAU
  • 4
  • 3
7 Comments
 

Author Comment

by:RapidityAU
ID: 34895186
Plesk the name that appears as the certificate when RDS is attempted externally (not internally using my local server name eg https://server1.domain.com.au) seems to be some kind of control panel that might be used my the ISP?

http://en.wikipedia.org/wiki/Plesk
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 34901538
Plesk is indeed a very popular control panel company used by many webhosts (which may or may not be your ISP if you host a website elsewhere.)

Sounds like you either have a wildcard DNS record that is pointing all traffic to your webhost or you published your web-app links using domain name in the URL that is not the same as the DNS record(s) that point to the RD-Gateway.
0
 

Author Comment

by:RapidityAU
ID: 34902562
Yes you are correct that my domain name forms part of the url. The company has an externally hosted web site and an internally hosted exchange mail server.

Externally using an address mail.domain.com.au finds the remote apps but I can not run them without getting the plesk certificate error.

the internal servers name that hosts RDS is indeed different eg rdsserver.domain.com.au

Does this mean that the webhost people have to fix this. Adding records for rdsserver.domain.com.au  In order to us to use remote desktop externally.

Can I also get external access too and host both  https OWA webmail and the https RDWeb that reside on two different internal servers. With my internal gateway router just pointing to the exchange mail server?

0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 34902755
No, it means you have to fix this by changing your published apps. They have been published using the wrong domain name. When properly configured, the apps themselves will use the RD Gateway which has a proper certificate. You will need to modify your RD infrastructure, but without *a lot* more info (more than can be done on any online forum) I cannot be more specific.

As far as accessing OWA and RDWeb, ideally you'd use two public IP addresses so you don't have to use convoluted port remapping. Your edge device would need to support this as well and then you can map each public IP address to a different internal server forming a 1-to-1 NAT traversal. Pretty common scenario and business-class edge devices support this regularly.

-Cliff
0
 

Author Comment

by:RapidityAU
ID: 34903652
They have been published using our own domain name, our company name forms our domain name. If that case it would be like asking dell.com.au to call themselves something else, changing their internal domain just to use the apps through RDGateway and RDWeb?

or On the other hand we would have to change our name on the web calling ourselves ibm instead of dell? an advertising nightmare...

so you are implying that for instance Dell could not use https://server2.dell.com.au/RDWeb if their web site was hosted by another web hosting company?

To fix this I need to register a new domain, buy another certificate for the new domain, and set up a new internet connection to a standalone new RDGateway server that then talks to to my existing RDWeb sever on my existing domain?

The web hosting company cannot just forward the url request to my existing server? It is already so close to working as I can see login in and see apps available.


0
 

Author Closing Comment

by:RapidityAU
ID: 34914812
Would not respond to further questions on this topic to discuss a better workable and feasible solution. I think a VPN solution may be answer I am looking for using a Netgear Prosafe VPN SRX5308 router to access the apps from other locations on our internal local domain. A more cost effective and viable solution.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 34918917
I appreciate the points, but I do have a couple of comments that may help you in the future:

1) No, I did not discuss "further questions" nor would I have, even if I had read them. I'd have urged you to post them as new questions. How to configure redirection or DNS or your other questions are NOT the same as your initial question, or even close.

If you look here:

====
http://www.experts-exchange.com/questionTips.jsp

Break Up Your Question, if Necessary
As a Premium Service Member or a Qualified Expert you have unlimited points and are allowed to ask unlimited questions. If you have a very long difficult question that could be broken down into smaller, easier questions, do so. If the initial question is answered accept the solution and post a new question. Include the link to the old question as reference to help the Experts put things in context.
====

Stringing along questions is really poor etiquette and I'd have encouraged you to ask a new question as a new post so that I, or others) can properly credit answers.

2) If you want *immediate* answers or in depth help, there are plenty of people out in the world that offer paid support. EE is great for the stuck or one-off question, but don't make the mistake of thinking it replaces paid support. Everyone hee, myself included, does this as volunteer work. I don't get paid, I don't get material benefit, I do this because I love technology and if I can help someone improve their life and the lives of othres, I want to try and help. But I have bills to pay, mouths to feed, and I will not be on EE 24/7 just to look to see if you posted a comment and reply to it. Again, you want that, pay for it. 'Nuf said.

Good luck with your future endeavors, and I hope you find a solutoin for your RD issue that fits your needs.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now