Solved

Remote desktop session host shows old self signed SSL certificate instead of SAN certificate

Posted on 2012-03-16
12
2,544 Views
Last Modified: 2012-03-20
I am setting up a remote desktop solution on Windows Server 2008 R2 for external and internal access.
ssl.greenreefers.no running Remote Desktop Web Access and Gateway.
bgo-vm-116.greenreefers.no running Remote Desktop Connection Manager and Session host.
Port 443 is forwarded to ssl in the firewall.
All servers are joined to active directory.
When everything is working a 2-factor authentication solution will be added.

The problem I am facing is a self signed ssl certificate on the session host.
When things started working as intended I applied for an EV SAN certificate from GeoTrust issued to ssl.greenreefers.no, with bgo-vm-116.greenreefers.no among others added as subject alternate name. This certificate has been set up on the IIS, and the gateway running on ssl, and is working. It has also been exported from ssl and imported to the computer account on bgo-vm-116. Then it was added to connection manager and session host on bgo-vm-116. But the remote app/desktop is still signed by the old self-signed certificate when I open it. Internally it is working because the self signed certificate is trusted in the domain.
0
Comment
Question by:siggjen
  • 7
  • 5
12 Comments
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 500 total points
ID: 37731314
Under Remote Desktop Session Host Configuration, go to Properties on the RDP-Tcp entry under Connections. On the General tab, near the botton it will show the current certificate in use. Click on Select and you should be able to select the other certificate.
0
 

Author Comment

by:siggjen
ID: 37732602
Thank you, it seems that this is the right place to solve the problem. However I only get information that "There are no certificates installed on this Remote Desktop Session Host server."
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 37733385
Have you installed the certificate on the session host?
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:siggjen
ID: 37733388
Yes, and I have selected it in the rdsh and rdcm tool.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 37733760
Can you post screenshot of the certificate selection in Remote Desktop Session Host tool? I don't understand how you can say that it is selected and also that there are no certificates installed.
0
 

Author Comment

by:siggjen
ID: 37734744
I am sorry I was a bit unprecise. I have selected the certificate in RemoteaApp Manager and Connection Manager. I have attached screenshots from all these tools relevant certificate information.

Remote Desktop Session Host:
Remote Desktop Session Host Certificate sectionRemote Desktop RemoteApp Manager:
Remote Desktop RemoteApp Manager Certificate sectionRemote Desktop Connection Manager:
Remote Desktop Connection Manager Certificate section
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 37734977
Take a look at the Certificate Store for the computer. The GeoTrust certificate should be in the Personal store. Can you grab a screenshot of the Personal store under Certificates (Local Computer)? You normally get there by starting mmc.exe, and then add the Certificates snap-in.
0
 

Author Comment

by:siggjen
ID: 37735053
Yes. that's where I added the certificate.

certificates mmc snapin
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 37735073
That looks right. Have you rebooted since the certificate was installed?
0
 

Author Comment

by:siggjen
ID: 37735094
I have now rebooted and was again presented the self signed certificate when I tried to open something from the RDWeb page.
0
 

Author Comment

by:siggjen
ID: 37735107
I couldn't select the GeoTrust certificate in RDSH config tool either
0
 

Author Comment

by:siggjen
ID: 37741330
I needed to change the SAN certificate because I added another Subject Alternate Name to it. When it was imported properly I was able to select the certificate and now it works. Thank you very much for the help.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question