Help with remote desktop / terminal services on 2008 R2 SP1

Hello,

Having a few issues. I'll break these off into individual questions if needed. So, simple set up. A 2008 R2 SP1 server running gateway, host session, and RemoteApp. All remote desktop services, if I missed any. DNS set up. Can get to server in LAN and over Internet. Installed go daddy ssl cert. http redirected to https.

When I go to RDS.domain.com in RDP client, I'm not prompted with a security warning and connect without issue. When I got to http://RDS.domain.com, I'm redirected to https and am not prompted with any security warning. When I click a published program, nothing happens. When I click the RDP connection published app, it opens but prompts me for credentials. After entering those, I get a security warning regarding the certificate for the published app. I do not get this warning if I open rdp directly on the computer and connect.

I think I'm having an issue with the firewall (sonic wall NSA 220) as far as the app not opening. However, at one point in testing I was able to open apps without issue, but had to provide credentials twice (SSO issue based on what I have read) and accept a security warning. Nothing has changed on the firewall. The only thing I've changed is installing the cert. Any ideas on what to do on the firewall (open ports, allow something I'm not, etc.)?

I only installed the cert in IIS default website, not in RemoteApp manager or on the gateway. Should I have? If so, same cert or a new one?

Any help is greatly appreciated. Need to get this into production yesterday.
LVL 7
king daddyAsked:
Who is Participating?
 
SteveConnect With a Mentor Commented:
open remote desktop session host config
on the general tab, look towards the bottom and click 'select' to choose a certificate for the TS.

this wont cause any downtime.
0
 
SteveCommented:
Firstly, what cert warning do you get when clicking the rdp published app.

When setting up the remote apps, does the fqdn yoi are using match one the fqdns in the certificate?

Yes you should select and use the ssl cert in RDP host config.
0
 
king daddyAuthor Commented:
first, thanks for responding.

The warning is the typical, maybe expected, 'A website wants to run a RemoteApp program. Do not connect...' Publisher shows unknown publisher, type is remote desktop connection, remote computer is rds.domain.com

in remoteapp manager, remoteapp deployment settings > rd session host server tab >  server name field is rds.domain.com. same window but the digital signature tab > sign with digital cert checkbox is not selected. Should I add the cert here?

in remote desktop services default connection website on the configuration page, the source name is rds.domain.local. when accessing rdweb from the internet, it also shows local. Should that be .com instead?

where would I use the cert in the RDP host config? Is that the digital signature settings option in remoteapp manager?

thanks again for helping
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
king daddyAuthor Commented:
so I had to reboot the server today. I just added calc and it opened with the same warning as the rdp app. so at least the apps, besides rdp, are opening again. just wanted to mention.
0
 
king daddyAuthor Commented:
did it. thanks. still get the security warning from above when opening remoteapps.

I did not set the remoteapps digital signature settings to use the cert. should I do that as well?

I also added this remote server to the TS Web Access Computers security group.

thanks again
0
 
SteveCommented:
nah, the digital signature doesn't cause this.

Could you advise the actual warning you get as it may be relevant.
0
 
king daddyAuthor Commented:
OK. So, I went to rds.domain.com to get the error and link it here for you to see. However, I am unable to click on calc and have it open. This is what was happening the other day. The calc app shows up but nothing happens when I click it. This is in the office. When I was at home earlier, I clicked calc, got the warning, accepted it, then calc opened. So it appears it is not opening within the LAN. I wonder if this could be a firewall setting. RDP did open, but it opened with the last server I connected to. I would like to set it so rds.domain.com is entered for users when they click it. Is that possible? Hate to ask since we are working on something else, but since we are working on the remote server...

thanks again.
0
 
king daddyAuthor Commented:
To note, the server is in a datacenter. We have a TW e-line (point-to-point) connection between the office and the datacenter. The office is .25 subnet and the datacenter is .35 subnet. When I go to a server in the datacenter, I can go to rds.domain.com and open the calc app, albeit with the error. Again, in the office I am unable to open it at all. I am thinking firewall but it does work over the internet outside of the office.

I have attached the error from a datacenter server (same as the one I get over the internet outside of the office).

Thanks again. This is driving me nuts. ;-)
remotepp-error1.pdf
0
 
king daddyAuthor Commented:
I noticed that when the remoteapp opens outside the office, a pop-up opens and shows that a remote connection is being made to remotebr.domain.local. I had some DNS issues with this server that ended up being external DNS. However, in the process of troubleshooting that, I changed the computer name to RDS. So, somewhere the old name is still being applied, since that pop-up shows it. I don't even know where to begin to look for that setting.
0
 
king daddyAuthor Commented:
so I found this and it resolved the incorrect name showing up when connecting.

http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/80813c27-60f7-45e4-bdc3-76e6f2d6224f/

still can't open in the office though.
0
 
king daddyAuthor Commented:
this is still not working correctly but I appreciate the help and the comment marked as correct helped in applying the cert.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.