?
Solved

Server Certificate keeps installing itself into remote desktop store

Posted on 2012-09-13
6
Medium Priority
?
1,139 Views
Last Modified: 2012-09-17
I have two 2008 servers that are running in a TS server farm.  I was having a certificate issue when clients log into the server farm so I created a SAN certificate from a root CA authority on network.  Now it works fine when clients log into the first terminal server but when they log into the second server they get certificate error and then if I look on the second terminal server in the certificate stores the self server certificate that causes the error has been reinstalled into the directory and thus causing the errors.  I have rebooted the server. I have checked my certificate stores on my PC and certificate is not located anywhere.  I am not super strong on certificates so I am hoping someone else who knows more about certs than I might be able to help?
0
Comment
Question by:DaveKall42
  • 3
  • 3
6 Comments
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 38397002
On your second server you need to remove the self-signed certificate and install your san certificate.. do this from the remote

http://blogs.msdn.com/b/rds/archive/2010/04/09/configuring-remote-desktop-certificates.aspx
0
 

Author Comment

by:DaveKall42
ID: 38397258
Thanks for the info.  So just to verify I am getting what is in that link correctly, if I setup the template and publish it then do a GPO.  Anytime someone logs into a server for RD it will use that certificate template I published?  This will also work in a 2008 TS farm?
0
 
LVL 84

Accepted Solution

by:
David Johnson, CD, MVP earned 1500 total points
ID: 38397280
your problem is that 1 server is presenting the WRONG certificate.

how to add a ssl cert
There are some general steps below to import a certificate on RDS services:
 
1.       Start by importing the SSL certificate into the Computer Account.  MMC (Add/Remove Snapins - Certificates -Computer Account).  I imported the certificate into the Personal and Remote Desktop stores.
 
2.       Import the SSL certificate into IIS.  Run IIS Manager, select the ServerName (left side Connections), under the IIS section, open Server Certificates, import the SSL certificate here.  Select the Web site (left side Connections), open Bindings (on the right side Actions) and associate/bind the wildcard cert with the appropriate https,host,port(443).
 
3.       TS RemoteApp Manager, Overview Section, Digital Signature Settings, Change, Digital Signature, Sign with a digital certificate checked Change, select the SSL certificate.
 
4.       TS Gateway Manager, select ServerName, Properties, SSL Certifcate tab, select an existing certificate for SSL encryption (recommended), Browse Certificates, select the SSL certificate.
 
5.      Remote Desktop Session Host Configuration, Connections area, select appropriate connection, Properties, General tab, Select, select the SSL certificate.
 http://social.technet.microsoft.com/Forums/en/winserverTS/thread/b4c8a034-27db-4dd5-b951-140bd89d718d
0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 

Author Comment

by:DaveKall42
ID: 38397312
Basically all I am doing is RDS with 1 session broker setup that is load balancing between 2 terminal servers.  I am guessing I don't need to do steps 2,3 and 4.  I have done steps 1 and 5.  I am now presenting the right certificate but it is now saying that it cannot verify revocation status and cannot find the issuing authority when I try and login through RDP on a windows 7 RDP client.  Any ideas?
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 38397363
On your gateway computer you need to import the certificate authorities certificate into the Trusted Root Certification Authorities store.
0
 

Author Comment

by:DaveKall42
ID: 38399052
When you say Gateway are you referring to the Session Broker?  I don't believe you need the actual TS gateway to just run load balancing do you?
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question