Solved

Terminal Server 2008 WildCard Certificate Error

Posted on 2013-02-01
5
915 Views
Last Modified: 2013-02-06
I have a basic Windows 2008 terminal server that I have installed my wildcard Comodo certificate on to try to rid my users of the annoying certificate error when they connect via the RDP client.  Unfortunately, it is not working.  The certificate in the error message has definitely changed from the self-generated one to the *.domain.com cert that I installed, but Windows is still throwing a fit because it does not match the hostname that the users must enter to access the host.  Do wildcards work in TS 2008?  I don't have TS Gateway or Web App set up, just a plain jane 2008 Terminal Server.
0
Comment
Question by:marrj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 25

Accepted Solution

by:
Coralon earned 500 total points
ID: 38845991
Are they entering the full name as they go to access it?  Even if you have a wildcard cert, if you don't use a truly matching name, it will throw an error.

i.e. - if use the shortname of server1 to RDP in, it will throw an error.  But, with the wildcard cert, I should be able to server1.domain.com and it should not throw the error.

Coralon
0
 
LVL 63

Expert Comment

by:btan
ID: 38846181
Understand that Windows Server 2003 Terminal Services implementations don't support wildcard certificates in any of its features. You have to buy named SSL certificates. Server 2008 supports wildcard certificates for all features, such as TS Gateway and TS Web Access

Needed also RDC 6.1 and above on the client.
And For a certificate to be used for RDP it must have Server Authentication ( 1.3.6.1.5.5.7.3.1 )

http://serverfault.com/questions/201451/install-certificate-in-rdp-tcp-properties

Event ID 1054 — Terminal Services Authentication and Encryption
http://technet.microsoft.com/en-us/library/cc775272%28WS.10%29.aspx
0
 
LVL 1

Author Comment

by:marrj
ID: 38852536
The users are entering an alias of the server name created by an alias in DNS so that they don't have to remember the hostname.
0
 
LVL 25

Expert Comment

by:Coralon
ID: 38853525
That won't work.. If you don't want to throw any kind of SSL error, they have to use the full URL.  

Coralon
0
 
LVL 63

Expert Comment

by:btan
ID: 38853685
I am thinking of two possibilities:

a) think it may be more of a need for Subject Alternative Name (SAN) in the certificate.

E.g. SAN attributes take the following form: san:dns=dns.name[&dns=dns.name]

Multiple DNS names are separated by an ampersand (&). For example, if the name of the domain controller is corpdc1.fabrikam.com and the alias is ldap.fabrikam.com, both of these names must be included in the SAN attributes. The resulting attribute string appears as follows: san:dns=corpdc1.fabrikam.com&dns=ldap.fabrikam.com

@ http://support.microsoft.com/kb/931351
@ http://www.bunkerhollow.com/blogs/matt/archive/2009/01/28/install-amp-configure-ts-web-access-for-external-use.aspx


b) I also saw another forum that may have related issue DNS alias issue
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/001981f5-62a5-4234-9a09-2b442e7bbccf
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Extending VM Disk to be larger than 2 TB ? 11 186
AD account Auto logoff 1 58
Tips on reducing the size of AD (DIT) database 5 47
testing a port being open in firewall 6 54
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question