We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

RD Farm Setup

Medium Priority
2,671 Views
Last Modified: 2013-11-21
Hello,
We are starting with 3 servers.
1 for the RD Licensing; RD Connection Broker; RD Gateway
2 for the RD Session Host; and RD Web Access
4 additional servers are planned to be added to the 2 within 5 months
Goals:  To let users inside of the corporation connect via Remote App with an RDP icon or RD Web Access.
To let users externally connect to a full desktop or RD Web Access.
I followed the following article and that helped alot.  http://aaronwalrath.wordpress.com/2010/05/28/configuring-windows-2008-r2-remote-desktop-farm-with-connection-broker/
I have our farm named RDFarm , I am doing DNS currenlty and no NLB.
Questions:
Do users outside go straight to the farm or can they to be routed through the Broker/Gateway Server?    Currently I can connect to the full desktop from the outside via RDP icon.
Second I am confused as all get out about the certificates.  I have it self signed on the RD Farm and signed by GoDaddy for the Broker/Gateway server.   For some reason I get certificate erros saying not trusted.  Even when using a domain laptop windows 7 connection I can not take advantage of Remote App and Desktop connections.  It tells me the remote computer cannot be configured due to problems with security cert.  
Thanks,
Comment
Watch Question

Top Expert 2015

Commented:

Author

Commented:
RD  or Remote Desktop   It is called RDS now correct no longer Terminal Services.
I will edit to be RDS

Author

Commented:
I guess you can not edit the title after the first comment. Oh well, RD would be Remote desktop services farm or Terminal Services Farm.
Thanks
Ray
Top Expert 2015

Commented:
Basically your setup is valid.
Where do you get cert errors? On web connection or native connection?

Author

Commented:
If I am configuring my firewall do I have it route directly to the farm for TSWeb or do I need to setup or configure something on my gateway firewall server?
On the Certificate, I get the error message issued by local(servername).domain.local  and isssued to server.domain.local  Valid for 6 months
This CA root certificate is not trusted.
 I have it correct everywhere I can look. I get this every time on the server or remote PC.
So yes Web connection.
Cláudio RodriguesFounder and CEO
CERTIFIED EXPERT

Commented:
Did you set the RDP-tcp listener on the RDS Session Hosts to use the proper certificate? Out of the box it will use the self signed one.
Launch the RDS Session Host management tool and you will see the RDP-tcp listener right there.
Double click it and you will see where to choose the certificate to be presented.

Cláudio Rodrigues
Citrix CTP
Microsoft MVP - RDS

Author

Commented:
I checked just now and both servers are rdfarm.domain.local from the local DC Server.
I also rechecked both RemoteApp Managers.  The correct one is chosen there as well.
Cláudio RodriguesFounder and CEO
CERTIFIED EXPERT

Commented:
In this case:
- Do you have the root CA certificate for your internally issued certificated on all client machines as a trusted certificate?
- Did you get the certificate thumbprint and then pushed that as a policy (the thumbprint hash) or registry key to all the PCs relying on that certificate? Explained in these two articles:
http://morgansimonsen.wordpress.com/2011/03/21/sha1-thumbprints-for-trusted-rdp-publishers/
http://blogs.msdn.com/b/rds/archive/2010/04/09/configuring-remote-desktop-certificates.aspx

Cláudio Rodrigues
Citrix CTP
Microsoft MVP - RDS

Author

Commented:
Yes I have the CA cert internally issued by the domain controller.  Which should let all domain PC's know it is trusted from my readings is this not correct?
I did read the articles and they might solve the issue.  If I were to go with someone like Godaddy could I get a cert for an internal domain name?  Then I would not have to do the push and scripting.
Founder and CEO
CERTIFIED EXPERT
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
Your solution was the closest and you made a good suggestion.  The problem ended up being the servers initially do their own cert and you have to change it in the IIS manager which is the info I attached.
Problem
========
Remote Desktop Farm Certificate problem.

Cause
======
IIS console setting.

Solution
=====================
1. Log on to SC43 and open the IIS Manager console.
2. Explore to the rdweb site. Right click the site name and select Edit Bindings from the menu.
3. Highlight the HTTPS entry, then click Edit button to verify the current SSL certificate.
4. Ensure the rdfarm.sc.local certificate is selected. We could click View button to check the certificate.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.