?
Solved

RDP Gateway and Certificates

Posted on 2011-05-11
10
Medium Priority
?
877 Views
Last Modified: 2012-05-11
Hi,
I have setup an RDP Gateway with windows 2008 R2. Let's call it remote01. It's IP is 192.168.75.75

I want users to RDP to remote01 via the internet.

There is a sonicwall in front of the server.

I added an A record that points remote.mydomain.com to our public IP of 168.x.x.x
I added a rule that forwards 443 to the 192 address.

I created a self signed certificate with an FQN of remote01.remote.mydomain.com

I imported this certificate on my windows 7 client which is not on the same network as remote01.

I setup the RDP by going to advanced, settings and putting in remote01.remote.mydomain.com

When I try to connect, i get the erorr that remote01.remote.mydomain.com is not trusted and when i look at the cert, it shows an ip of 192.168.168.168.

What am I doing wrong =(;
Thanks.
0
Comment
Question by:melegant99
  • 6
  • 4
10 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 35740843
Your RDP client should be connecting to remote.mydomain.com, not remote01.remote.mydomain.com.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 35740880
I'm sorry - that's really not clear at all. Your RDP client should be connecting to remote01 using the TS Gateway address of remote.mydomain.com.  In other words, the name of the remote computer would be "remote01" and the RD gateway server name would be "remote.mydomain.com."
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 35740918
Also, your certificate name should be "remote.mydomain.com." I'm not sure what exactly you are looking at on the cert, but if it is showing an IP address instead of a server name, there is something wrong. You should probably create a new certificate using "remote.mydomain.com" as the domain name and then reconfigure the TS gateway server to use that certificate instead of the original one you created.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 

Author Comment

by:melegant99
ID: 35741060
Hi,
I changed the RD Gateway cert to be remote.mydomain.com, edited the RDP, re-imported the new cert to my local client and now I get an error that your computer can't connect because the remote gateway server address is incorrect or invalid.

If I put back remote01.remote.mydomain.com as the gateway server address, it then gives me the cert error from earlier:
Computer can't veriify the idenity of the RD Gateway remote01.remote.mydomain.com...There is a button that says view certificate. when i do it shows theissued to and issued by as 192.168.168.168
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 2000 total points
ID: 35741182
Did you make sure that the server is set to use the new cert instead of the old one? You can check this by going to the Server Manager console, click on Roles/Terminal Services/TS Gateway Manager, and then right-click the server name and go to Properties/SSL tab.  If the certificate listed at the top is not the new one you just created, Click "Select an existing certificate...."  and then the Browse button to select the right certificate.

On your workstation, make sure you remove the original certificate before installing the new one.

To be honest, I've had problems with self-signed certs on TS gateway servers in the past. I remember in one case I just couldn't get it to work at all for some reason. So, now I usually opt for a GoDaddy certificate instead and have never had any problems using those.
0
 

Author Comment

by:melegant99
ID: 35741216
I did check those...and it is correct. However, I noticed that the local machine cert is in the Certificates-Current User. It shoulbe be on the Local Machine, right? I can't figure out how to connect it to the 'local machine' though on the windows 7 client...
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 35741334
Not sure where you are looking to see what you're describing. If you go into Internet Options, click on the Content tab and then click the Certificates button, do you see it there?
0
 

Author Comment

by:melegant99
ID: 35741836
MMC , add snap in, certificates. the certificate installed on the client correctly, but the probelm is with the certificate, i think =/
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 35741919
Yes, I think you're correct. As you're describing the certificate, it sounds like it is not formatted correctly. Can you post a screen capture of the certificate that is in use on the server and one of the certificate that is installed on your workstation?
0
 

Author Comment

by:melegant99
ID: 36168222
All righty hypercat, I got it all working. As it turns out the issue was multi-facated. First off, there were a # of things I had to change on my router. (Well, somoene better with networks did =/)> I think this was the issue all along. (Basically the port fowarding was messed up).
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question