Certificate Revokation check failed on RD Gateway Client

wsc-it
wsc-it used Ask the Experts™
on
Hey guys

We run a Remote Desktop Services Sever 2008 R2 environment here for our remote access

We have

4x RD Host Servers
1x RD Session Broker Server
1x RD Gateway Server

On each of the session host servers and broker, we have internal certificates, say
server1.internaldomainname.com

On the gateway server we have a purchased SSL certficate which is bound to say gateway.companyname.com

As you can see they are different, our internal domain name is slightly different from our external.

Anyway when trying to get a Windows 7 client to open the remote desktop client (mstsc.exe) and connect in, using the gateway we get back with an error after providing our username and password saying

"The certificate revocation check could not be performed for the certificate" and does not let us any further, I have tried clicking view certificate and installing it into the "Trusted Root Authorities" store but still no go

The interesting thing is the name of the certificate is coming from the server name, ie, the latest attempt to connect had a certificate name of server1.internaldomainname.com

I thought the certificate was supposed to come from the external ssl one we purchased ?

Others have mentioned that for this to work i need to publish our my CRL

Can anyone elaborate on this?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Professional Troublemaker^h^h^h^h^hshooter
Commented:
On the certificate that is giving you trouble -- view the certificate.  In the details on the certificate should be field for 'CRL Distributions Points'.  The value should be a pointer to a location... usually an http: or ldap: location.  This error would usually mean that the location isn't reachable, or that the CRL isn't published.

One thing to double check, if you are using the Windows CA, open the CA MMC, point it at your CA server.  I believe one of the folders will be Revoked Certificates.  Right click the folder, and there should be an option either for the Revocation list directly, or view the properties of the Revoked list... and look for the CRL publication options.  In there, there is an option to schedule updates and view the status/dates of the list.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial