Solved

Help with remote desktop / terminal services on 2008 R2 SP1

Posted on 2013-05-29
11
653 Views
Last Modified: 2013-06-07
Hello,

Having a few issues. I'll break these off into individual questions if needed. So, simple set up. A 2008 R2 SP1 server running gateway, host session, and RemoteApp. All remote desktop services, if I missed any. DNS set up. Can get to server in LAN and over Internet. Installed go daddy ssl cert. http redirected to https.

When I go to RDS.domain.com in RDP client, I'm not prompted with a security warning and connect without issue. When I got to http://RDS.domain.com, I'm redirected to https and am not prompted with any security warning. When I click a published program, nothing happens. When I click the RDP connection published app, it opens but prompts me for credentials. After entering those, I get a security warning regarding the certificate for the published app. I do not get this warning if I open rdp directly on the computer and connect.

I think I'm having an issue with the firewall (sonic wall NSA 220) as far as the app not opening. However, at one point in testing I was able to open apps without issue, but had to provide credentials twice (SSO issue based on what I have read) and accept a security warning. Nothing has changed on the firewall. The only thing I've changed is installing the cert. Any ideas on what to do on the firewall (open ports, allow something I'm not, etc.)?

I only installed the cert in IIS default website, not in RemoteApp manager or on the gateway. Should I have? If so, same cert or a new one?

Any help is greatly appreciated. Need to get this into production yesterday.
0
Comment
Question by:rpliner
  • 8
  • 3
11 Comments
 
LVL 27

Expert Comment

by:Steve
ID: 39209263
Firstly, what cert warning do you get when clicking the rdp published app.

When setting up the remote apps, does the fqdn yoi are using match one the fqdns in the certificate?

Yes you should select and use the ssl cert in RDP host config.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39209393
first, thanks for responding.

The warning is the typical, maybe expected, 'A website wants to run a RemoteApp program. Do not connect...' Publisher shows unknown publisher, type is remote desktop connection, remote computer is rds.domain.com

in remoteapp manager, remoteapp deployment settings > rd session host server tab >  server name field is rds.domain.com. same window but the digital signature tab > sign with digital cert checkbox is not selected. Should I add the cert here?

in remote desktop services default connection website on the configuration page, the source name is rds.domain.local. when accessing rdweb from the internet, it also shows local. Should that be .com instead?

where would I use the cert in the RDP host config? Is that the digital signature settings option in remoteapp manager?

thanks again for helping
0
 
LVL 7

Author Comment

by:rpliner
ID: 39209400
so I had to reboot the server today. I just added calc and it opened with the same warning as the rdp app. so at least the apps, besides rdp, are opening again. just wanted to mention.
0
 
LVL 27

Accepted Solution

by:
Steve earned 500 total points
ID: 39210130
open remote desktop session host config
on the general tab, look towards the bottom and click 'select' to choose a certificate for the TS.

this wont cause any downtime.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39210608
did it. thanks. still get the security warning from above when opening remoteapps.

I did not set the remoteapps digital signature settings to use the cert. should I do that as well?

I also added this remote server to the TS Web Access Computers security group.

thanks again
0
The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

 
LVL 27

Expert Comment

by:Steve
ID: 39210952
nah, the digital signature doesn't cause this.

Could you advise the actual warning you get as it may be relevant.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39211149
OK. So, I went to rds.domain.com to get the error and link it here for you to see. However, I am unable to click on calc and have it open. This is what was happening the other day. The calc app shows up but nothing happens when I click it. This is in the office. When I was at home earlier, I clicked calc, got the warning, accepted it, then calc opened. So it appears it is not opening within the LAN. I wonder if this could be a firewall setting. RDP did open, but it opened with the last server I connected to. I would like to set it so rds.domain.com is entered for users when they click it. Is that possible? Hate to ask since we are working on something else, but since we are working on the remote server...

thanks again.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39211289
To note, the server is in a datacenter. We have a TW e-line (point-to-point) connection between the office and the datacenter. The office is .25 subnet and the datacenter is .35 subnet. When I go to a server in the datacenter, I can go to rds.domain.com and open the calc app, albeit with the error. Again, in the office I am unable to open it at all. I am thinking firewall but it does work over the internet outside of the office.

I have attached the error from a datacenter server (same as the one I get over the internet outside of the office).

Thanks again. This is driving me nuts. ;-)
remotepp-error1.pdf
0
 
LVL 7

Author Comment

by:rpliner
ID: 39211941
I noticed that when the remoteapp opens outside the office, a pop-up opens and shows that a remote connection is being made to remotebr.domain.local. I had some DNS issues with this server that ended up being external DNS. However, in the process of troubleshooting that, I changed the computer name to RDS. So, somewhere the old name is still being applied, since that pop-up shows it. I don't even know where to begin to look for that setting.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39216736
so I found this and it resolved the incorrect name showing up when connecting.

http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/80813c27-60f7-45e4-bdc3-76e6f2d6224f/

still can't open in the office though.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39229822
this is still not working correctly but I appreciate the help and the comment marked as correct helped in applying the cert.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Remote Desktop Shadowing often has a lot of benefits. When helping end users determine problems, it is much easier to see what is going on, what is being slecected and what is being clicked on. While the industry has many products to help with this,…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now