Server Certificate keeps installing itself into remote desktop store

I have two 2008 servers that are running in a TS server farm.  I was having a certificate issue when clients log into the server farm so I created a SAN certificate from a root CA authority on network.  Now it works fine when clients log into the first terminal server but when they log into the second server they get certificate error and then if I look on the second terminal server in the certificate stores the self server certificate that causes the error has been reinstalled into the directory and thus causing the errors.  I have rebooted the server. I have checked my certificate stores on my PC and certificate is not located anywhere.  I am not super strong on certificates so I am hoping someone else who knows more about certs than I might be able to help?
DaveKall42Asked:
Who is Participating?
 
David Johnson, CD, MVPConnect With a Mentor OwnerCommented:
your problem is that 1 server is presenting the WRONG certificate.

how to add a ssl cert
There are some general steps below to import a certificate on RDS services:
 
1.       Start by importing the SSL certificate into the Computer Account.  MMC (Add/Remove Snapins - Certificates -Computer Account).  I imported the certificate into the Personal and Remote Desktop stores.
 
2.       Import the SSL certificate into IIS.  Run IIS Manager, select the ServerName (left side Connections), under the IIS section, open Server Certificates, import the SSL certificate here.  Select the Web site (left side Connections), open Bindings (on the right side Actions) and associate/bind the wildcard cert with the appropriate https,host,port(443).
 
3.       TS RemoteApp Manager, Overview Section, Digital Signature Settings, Change, Digital Signature, Sign with a digital certificate checked Change, select the SSL certificate.
 
4.       TS Gateway Manager, select ServerName, Properties, SSL Certifcate tab, select an existing certificate for SSL encryption (recommended), Browse Certificates, select the SSL certificate.
 
5.      Remote Desktop Session Host Configuration, Connections area, select appropriate connection, Properties, General tab, Select, select the SSL certificate.
 http://social.technet.microsoft.com/Forums/en/winserverTS/thread/b4c8a034-27db-4dd5-b951-140bd89d718d
0
 
David Johnson, CD, MVPOwnerCommented:
On your second server you need to remove the self-signed certificate and install your san certificate.. do this from the remote

http://blogs.msdn.com/b/rds/archive/2010/04/09/configuring-remote-desktop-certificates.aspx
0
 
DaveKall42Author Commented:
Thanks for the info.  So just to verify I am getting what is in that link correctly, if I setup the template and publish it then do a GPO.  Anytime someone logs into a server for RD it will use that certificate template I published?  This will also work in a 2008 TS farm?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
DaveKall42Author Commented:
Basically all I am doing is RDS with 1 session broker setup that is load balancing between 2 terminal servers.  I am guessing I don't need to do steps 2,3 and 4.  I have done steps 1 and 5.  I am now presenting the right certificate but it is now saying that it cannot verify revocation status and cannot find the issuing authority when I try and login through RDP on a windows 7 RDP client.  Any ideas?
0
 
David Johnson, CD, MVPOwnerCommented:
On your gateway computer you need to import the certificate authorities certificate into the Trusted Root Certification Authorities store.
0
 
DaveKall42Author Commented:
When you say Gateway are you referring to the Session Broker?  I don't believe you need the actual TS gateway to just run load balancing do you?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.