Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

RemoteApp - GoDaddy Revocation Checklist

Posted on 2011-02-24
14
1,511 Views
Last Modified: 2012-06-27
I have a production terminal server running Server 2008 and publishing a few RemoteApps. The same system provides TS gateway,web access, network policy server, everything. The site is published through an ISA 2006 server. All publishing is performed with a GoDaddy certificate. I have verified that the certificate and it's intermediate root are published correctly.

Recently a few of my clients have been receiving "a revocation check could not be performed for the certificate". I'm not 100% sure but I believe the problem is restricted to Windows 7 clients. The CRL path in the certificate is http://crl.godaddy.com/gds1-18.crl. Uptrends.com doesn't indicate any connectivity problems with this path so I'm at a loss as to the cause of this problem. I'm really at a loss. How can I correct this?
0
Comment
Question by:timbrigham
  • 7
  • 7
14 Comments
 
LVL 4

Expert Comment

by:Llacy80
ID: 34970647
Hi. Please go to Remote Desktop Session Host Configuration and right click on RDP-TCP under connections. Go to Properties, on the general tab at the bottom does the correct name of your certificate appear?

0
 
LVL 1

Author Comment

by:timbrigham
ID: 34970712
It does. I've also verified that the correct certificate is used in the ISA, IIS and RemoteApp digital signature pages.
0
 
LVL 4

Assisted Solution

by:Llacy80
Llacy80 earned 500 total points
ID: 34970795
Ok. On that same setting that I mentioned earlier, I ended up having to click Default --> to set it to Auto Generated only on that configuration setting, all others pointed to third party cert. It worked for me and the revocation error dissappeared for my win 7 clients. Since it is a production server, you may make try it during off hours when no one is connected to it.

0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 1

Author Comment

by:timbrigham
ID: 34974129
Unfortunately that didn't do the trick. I actually locked myself out of the remoteapps entirely.
I'm going to try adding "enablecredsspsupport:i:0" to my options (per http://blog.wapnet.nl/2010/11/a-revocation-check-could-not-be-performed-for-the-certificate/) to see if it helps.
0
 
LVL 4

Expert Comment

by:Llacy80
ID: 34974168
Ok. Let me know if it works. The information I provided above worked for me so perhaps our setup is a little different and that is why it did not work for you. it was worth a shot and I am sure you were able to change it right back to the third party certificate to access the remoteapps again. Let me do some searching around and see if there any other fixes for it.
0
 
LVL 4

Assisted Solution

by:Llacy80
Llacy80 earned 500 total points
ID: 34974292
0
 
LVL 1

Author Comment

by:timbrigham
ID: 34980415
It looks like this problem may be related to Windows 7 SP 1 - http://forum.wegotserved.com/index.php/topic/17786-win7-sp1-rdp-certificate-error/.

I'm going to install on a test box and see if I can reproduce this error.
0
 
LVL 1

Author Comment

by:timbrigham
ID: 34983478
I wasn't able to replicate this problem on my test box. I did however come across a hotfix from MS that looks like it may be of some use. http://support.microsoft.com/kb/2203302. There were a couple references to a hotfix as a potential solution for this problem. I believe this is the right one.

The GoDaddy certificate does use an intermediate certificate in the chain. I think at this point I'll wait to get onto one of the remote computers experiencing this issue and give this hotfix a go. If not I'm at a total loss. Thanks for your help Llacy80.
0
 
LVL 4

Expert Comment

by:Llacy80
ID: 34983895
Hi. Were you able to verify that is indeed only an issue with Windows 7 clients? You posted in your original question that you were not 100% sure at that point if it was only affecting Win 7 clients.
0
 
LVL 4

Assisted Solution

by:Llacy80
Llacy80 earned 500 total points
ID: 34983985
An additional link that might be of use...

http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/12f2761b-457d-4b4d-b0de-8a0ebb4aaeec

See last post on that URL --

0
 
LVL 1

Accepted Solution

by:
timbrigham earned 0 total points
ID: 35008905
Thanks again Llacy80.
This odd behavior began to expand beyond the Windows 7 clients to the point where 100% of the users coming in through TSWeb were failing at which time I rebooted. That seems to have cleared it up. Very odd - nothing in the logs or performance counters would have indicated this would have helped.
0
 
LVL 4

Expert Comment

by:Llacy80
ID: 35009318
That is odd...Well I am glad it is resolved and if it comes back let me know because I have some more ideas on the cause.
0
 
LVL 1

Author Comment

by:timbrigham
ID: 35036835
For anyone that comes across this question - A few of my remote clients were still experiencing problems. Those systems turned out to need to have their dates and times adjusted. Those folks were in the Philippines and had the timezone set to US\Pacific but the date and time set to their local times. Since they are a day ahead and the CRL expires daily it wasn't possible for them to connect.
0
 
LVL 1

Author Closing Comment

by:timbrigham
ID: 35045583
Final solution was a server reboot; all steps up to that point really good diagnostics.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question