Solved

Remote desktop session host shows old self signed SSL certificate instead of SAN certificate

Posted on 2012-03-16
12
2,669 Views
Last Modified: 2012-03-20
I am setting up a remote desktop solution on Windows Server 2008 R2 for external and internal access.
ssl.greenreefers.no running Remote Desktop Web Access and Gateway.
bgo-vm-116.greenreefers.no running Remote Desktop Connection Manager and Session host.
Port 443 is forwarded to ssl in the firewall.
All servers are joined to active directory.
When everything is working a 2-factor authentication solution will be added.

The problem I am facing is a self signed ssl certificate on the session host.
When things started working as intended I applied for an EV SAN certificate from GeoTrust issued to ssl.greenreefers.no, with bgo-vm-116.greenreefers.no among others added as subject alternate name. This certificate has been set up on the IIS, and the gateway running on ssl, and is working. It has also been exported from ssl and imported to the computer account on bgo-vm-116. Then it was added to connection manager and session host on bgo-vm-116. But the remote app/desktop is still signed by the old self-signed certificate when I open it. Internally it is working because the self signed certificate is trusted in the domain.
0
Comment
Question by:siggjen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 500 total points
ID: 37731314
Under Remote Desktop Session Host Configuration, go to Properties on the RDP-Tcp entry under Connections. On the General tab, near the botton it will show the current certificate in use. Click on Select and you should be able to select the other certificate.
0
 

Author Comment

by:siggjen
ID: 37732602
Thank you, it seems that this is the right place to solve the problem. However I only get information that "There are no certificates installed on this Remote Desktop Session Host server."
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 37733385
Have you installed the certificate on the session host?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:siggjen
ID: 37733388
Yes, and I have selected it in the rdsh and rdcm tool.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 37733760
Can you post screenshot of the certificate selection in Remote Desktop Session Host tool? I don't understand how you can say that it is selected and also that there are no certificates installed.
0
 

Author Comment

by:siggjen
ID: 37734744
I am sorry I was a bit unprecise. I have selected the certificate in RemoteaApp Manager and Connection Manager. I have attached screenshots from all these tools relevant certificate information.

Remote Desktop Session Host:
Remote Desktop Session Host Certificate sectionRemote Desktop RemoteApp Manager:
Remote Desktop RemoteApp Manager Certificate sectionRemote Desktop Connection Manager:
Remote Desktop Connection Manager Certificate section
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 37734977
Take a look at the Certificate Store for the computer. The GeoTrust certificate should be in the Personal store. Can you grab a screenshot of the Personal store under Certificates (Local Computer)? You normally get there by starting mmc.exe, and then add the Certificates snap-in.
0
 

Author Comment

by:siggjen
ID: 37735053
Yes. that's where I added the certificate.

certificates mmc snapin
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 37735073
That looks right. Have you rebooted since the certificate was installed?
0
 

Author Comment

by:siggjen
ID: 37735094
I have now rebooted and was again presented the self signed certificate when I tried to open something from the RDWeb page.
0
 

Author Comment

by:siggjen
ID: 37735107
I couldn't select the GeoTrust certificate in RDSH config tool either
0
 

Author Comment

by:siggjen
ID: 37741330
I needed to change the SAN certificate because I added another Subject Alternate Name to it. When it was imported properly I was able to select the certificate and now it works. Thank you very much for the help.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s list some of the technologies that enable smooth teleworking. 
Know what services you can and cannot, should and should not combine on your server.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question