Solved

Remote desktop session host shows old self signed SSL certificate instead of SAN certificate

Posted on 2012-03-16
12
2,768 Views
Last Modified: 2012-03-20
I am setting up a remote desktop solution on Windows Server 2008 R2 for external and internal access.
ssl.greenreefers.no running Remote Desktop Web Access and Gateway.
bgo-vm-116.greenreefers.no running Remote Desktop Connection Manager and Session host.
Port 443 is forwarded to ssl in the firewall.
All servers are joined to active directory.
When everything is working a 2-factor authentication solution will be added.

The problem I am facing is a self signed ssl certificate on the session host.
When things started working as intended I applied for an EV SAN certificate from GeoTrust issued to ssl.greenreefers.no, with bgo-vm-116.greenreefers.no among others added as subject alternate name. This certificate has been set up on the IIS, and the gateway running on ssl, and is working. It has also been exported from ssl and imported to the computer account on bgo-vm-116. Then it was added to connection manager and session host on bgo-vm-116. But the remote app/desktop is still signed by the old self-signed certificate when I open it. Internally it is working because the self signed certificate is trusted in the domain.
0
Comment
Question by:siggjen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 500 total points
ID: 37731314
Under Remote Desktop Session Host Configuration, go to Properties on the RDP-Tcp entry under Connections. On the General tab, near the botton it will show the current certificate in use. Click on Select and you should be able to select the other certificate.
0
 

Author Comment

by:siggjen
ID: 37732602
Thank you, it seems that this is the right place to solve the problem. However I only get information that "There are no certificates installed on this Remote Desktop Session Host server."
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 37733385
Have you installed the certificate on the session host?
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 

Author Comment

by:siggjen
ID: 37733388
Yes, and I have selected it in the rdsh and rdcm tool.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 37733760
Can you post screenshot of the certificate selection in Remote Desktop Session Host tool? I don't understand how you can say that it is selected and also that there are no certificates installed.
0
 

Author Comment

by:siggjen
ID: 37734744
I am sorry I was a bit unprecise. I have selected the certificate in RemoteaApp Manager and Connection Manager. I have attached screenshots from all these tools relevant certificate information.

Remote Desktop Session Host:
Remote Desktop Session Host Certificate sectionRemote Desktop RemoteApp Manager:
Remote Desktop RemoteApp Manager Certificate sectionRemote Desktop Connection Manager:
Remote Desktop Connection Manager Certificate section
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 37734977
Take a look at the Certificate Store for the computer. The GeoTrust certificate should be in the Personal store. Can you grab a screenshot of the Personal store under Certificates (Local Computer)? You normally get there by starting mmc.exe, and then add the Certificates snap-in.
0
 

Author Comment

by:siggjen
ID: 37735053
Yes. that's where I added the certificate.

certificates mmc snapin
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 37735073
That looks right. Have you rebooted since the certificate was installed?
0
 

Author Comment

by:siggjen
ID: 37735094
I have now rebooted and was again presented the self signed certificate when I tried to open something from the RDWeb page.
0
 

Author Comment

by:siggjen
ID: 37735107
I couldn't select the GeoTrust certificate in RDSH config tool either
0
 

Author Comment

by:siggjen
ID: 37741330
I needed to change the SAN certificate because I added another Subject Alternate Name to it. When it was imported properly I was able to select the certificate and now it works. Thank you very much for the help.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question