Solved

Remote desktop session host shows old self signed SSL certificate instead of SAN certificate

Posted on 2012-03-16
12
2,426 Views
Last Modified: 2012-03-20
I am setting up a remote desktop solution on Windows Server 2008 R2 for external and internal access.
ssl.greenreefers.no running Remote Desktop Web Access and Gateway.
bgo-vm-116.greenreefers.no running Remote Desktop Connection Manager and Session host.
Port 443 is forwarded to ssl in the firewall.
All servers are joined to active directory.
When everything is working a 2-factor authentication solution will be added.

The problem I am facing is a self signed ssl certificate on the session host.
When things started working as intended I applied for an EV SAN certificate from GeoTrust issued to ssl.greenreefers.no, with bgo-vm-116.greenreefers.no among others added as subject alternate name. This certificate has been set up on the IIS, and the gateway running on ssl, and is working. It has also been exported from ssl and imported to the computer account on bgo-vm-116. Then it was added to connection manager and session host on bgo-vm-116. But the remote app/desktop is still signed by the old self-signed certificate when I open it. Internally it is working because the self signed certificate is trusted in the domain.
0
Comment
Question by:siggjen
  • 7
  • 5
12 Comments
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 500 total points
ID: 37731314
Under Remote Desktop Session Host Configuration, go to Properties on the RDP-Tcp entry under Connections. On the General tab, near the botton it will show the current certificate in use. Click on Select and you should be able to select the other certificate.
0
 

Author Comment

by:siggjen
ID: 37732602
Thank you, it seems that this is the right place to solve the problem. However I only get information that "There are no certificates installed on this Remote Desktop Session Host server."
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 37733385
Have you installed the certificate on the session host?
0
 

Author Comment

by:siggjen
ID: 37733388
Yes, and I have selected it in the rdsh and rdcm tool.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 37733760
Can you post screenshot of the certificate selection in Remote Desktop Session Host tool? I don't understand how you can say that it is selected and also that there are no certificates installed.
0
 

Author Comment

by:siggjen
ID: 37734744
I am sorry I was a bit unprecise. I have selected the certificate in RemoteaApp Manager and Connection Manager. I have attached screenshots from all these tools relevant certificate information.

Remote Desktop Session Host:
Remote Desktop Session Host Certificate sectionRemote Desktop RemoteApp Manager:
Remote Desktop RemoteApp Manager Certificate sectionRemote Desktop Connection Manager:
Remote Desktop Connection Manager Certificate section
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 42

Expert Comment

by:kevinhsieh
ID: 37734977
Take a look at the Certificate Store for the computer. The GeoTrust certificate should be in the Personal store. Can you grab a screenshot of the Personal store under Certificates (Local Computer)? You normally get there by starting mmc.exe, and then add the Certificates snap-in.
0
 

Author Comment

by:siggjen
ID: 37735053
Yes. that's where I added the certificate.

certificates mmc snapin
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 37735073
That looks right. Have you rebooted since the certificate was installed?
0
 

Author Comment

by:siggjen
ID: 37735094
I have now rebooted and was again presented the self signed certificate when I tried to open something from the RDWeb page.
0
 

Author Comment

by:siggjen
ID: 37735107
I couldn't select the GeoTrust certificate in RDSH config tool either
0
 

Author Comment

by:siggjen
ID: 37741330
I needed to change the SAN certificate because I added another Subject Alternate Name to it. When it was imported properly I was able to select the certificate and now it works. Thank you very much for the help.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now