Remote desktop session host shows old self signed SSL certificate instead of SAN certificate

I am setting up a remote desktop solution on Windows Server 2008 R2 for external and internal access.
ssl.greenreefers.no running Remote Desktop Web Access and Gateway.
bgo-vm-116.greenreefers.no running Remote Desktop Connection Manager and Session host.
Port 443 is forwarded to ssl in the firewall.
All servers are joined to active directory.
When everything is working a 2-factor authentication solution will be added.

The problem I am facing is a self signed ssl certificate on the session host.
When things started working as intended I applied for an EV SAN certificate from GeoTrust issued to ssl.greenreefers.no, with bgo-vm-116.greenreefers.no among others added as subject alternate name. This certificate has been set up on the IIS, and the gateway running on ssl, and is working. It has also been exported from ssl and imported to the computer account on bgo-vm-116. Then it was added to connection manager and session host on bgo-vm-116. But the remote app/desktop is still signed by the old self-signed certificate when I open it. Internally it is working because the self signed certificate is trusted in the domain.
siggjenAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kevinhsiehCommented:
Under Remote Desktop Session Host Configuration, go to Properties on the RDP-Tcp entry under Connections. On the General tab, near the botton it will show the current certificate in use. Click on Select and you should be able to select the other certificate.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
siggjenAuthor Commented:
Thank you, it seems that this is the right place to solve the problem. However I only get information that "There are no certificates installed on this Remote Desktop Session Host server."
0
kevinhsiehCommented:
Have you installed the certificate on the session host?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

siggjenAuthor Commented:
Yes, and I have selected it in the rdsh and rdcm tool.
0
kevinhsiehCommented:
Can you post screenshot of the certificate selection in Remote Desktop Session Host tool? I don't understand how you can say that it is selected and also that there are no certificates installed.
0
siggjenAuthor Commented:
I am sorry I was a bit unprecise. I have selected the certificate in RemoteaApp Manager and Connection Manager. I have attached screenshots from all these tools relevant certificate information.

Remote Desktop Session Host:
Remote Desktop Session Host Certificate sectionRemote Desktop RemoteApp Manager:
Remote Desktop RemoteApp Manager Certificate sectionRemote Desktop Connection Manager:
Remote Desktop Connection Manager Certificate section
0
kevinhsiehCommented:
Take a look at the Certificate Store for the computer. The GeoTrust certificate should be in the Personal store. Can you grab a screenshot of the Personal store under Certificates (Local Computer)? You normally get there by starting mmc.exe, and then add the Certificates snap-in.
0
siggjenAuthor Commented:
Yes. that's where I added the certificate.

certificates mmc snapin
0
kevinhsiehCommented:
That looks right. Have you rebooted since the certificate was installed?
0
siggjenAuthor Commented:
I have now rebooted and was again presented the self signed certificate when I tried to open something from the RDWeb page.
0
siggjenAuthor Commented:
I couldn't select the GeoTrust certificate in RDSH config tool either
0
siggjenAuthor Commented:
I needed to change the SAN certificate because I added another Subject Alternate Name to it. When it was imported properly I was able to select the certificate and now it works. Thank you very much for the help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.