Help with remote desktop / terminal services on 2008 R2 SP1
Hello,
Having a few issues. I'll break these off into individual questions if needed. So, simple set up. A 2008 R2 SP1 server running gateway, host session, and RemoteApp. All remote desktop services, if I missed any. DNS set up. Can get to server in LAN and over Internet. Installed go daddy ssl cert. http redirected to https.
When I go to RDS.domain.com in RDP client, I'm not prompted with a security warning and connect without issue. When I got to http://RDS.domain.com, I'm redirected to https and am not prompted with any security warning. When I click a published program, nothing happens. When I click the RDP connection published app, it opens but prompts me for credentials. After entering those, I get a security warning regarding the certificate for the published app. I do not get this warning if I open rdp directly on the computer and connect.
I think I'm having an issue with the firewall (sonic wall NSA 220) as far as the app not opening. However, at one point in testing I was able to open apps without issue, but had to provide credentials twice (SSO issue based on what I have read) and accept a security warning. Nothing has changed on the firewall. The only thing I've changed is installing the cert. Any ideas on what to do on the firewall (open ports, allow something I'm not, etc.)?
I only installed the cert in IIS default website, not in RemoteApp manager or on the gateway. Should I have? If so, same cert or a new one?
Any help is greatly appreciated. Need to get this into production yesterday.
Having a few issues. I'll break these off into individual questions if needed. So, simple set up. A 2008 R2 SP1 server running gateway, host session, and RemoteApp. All remote desktop services, if I missed any. DNS set up. Can get to server in LAN and over Internet. Installed go daddy ssl cert. http redirected to https.
When I go to RDS.domain.com in RDP client, I'm not prompted with a security warning and connect without issue. When I got to http://RDS.domain.com, I'm redirected to https and am not prompted with any security warning. When I click a published program, nothing happens. When I click the RDP connection published app, it opens but prompts me for credentials. After entering those, I get a security warning regarding the certificate for the published app. I do not get this warning if I open rdp directly on the computer and connect.
I think I'm having an issue with the firewall (sonic wall NSA 220) as far as the app not opening. However, at one point in testing I was able to open apps without issue, but had to provide credentials twice (SSO issue based on what I have read) and accept a security warning. Nothing has changed on the firewall. The only thing I've changed is installing the cert. Any ideas on what to do on the firewall (open ports, allow something I'm not, etc.)?
I only installed the cert in IIS default website, not in RemoteApp manager or on the gateway. Should I have? If so, same cert or a new one?
Any help is greatly appreciated. Need to get this into production yesterday.
ASKER
first, thanks for responding.
The warning is the typical, maybe expected, 'A website wants to run a RemoteApp program. Do not connect...' Publisher shows unknown publisher, type is remote desktop connection, remote computer is rds.domain.com
in remoteapp manager, remoteapp deployment settings > rd session host server tab > server name field is rds.domain.com. same window but the digital signature tab > sign with digital cert checkbox is not selected. Should I add the cert here?
in remote desktop services default connection website on the configuration page, the source name is rds.domain.local. when accessing rdweb from the internet, it also shows local. Should that be .com instead?
where would I use the cert in the RDP host config? Is that the digital signature settings option in remoteapp manager?
thanks again for helping
The warning is the typical, maybe expected, 'A website wants to run a RemoteApp program. Do not connect...' Publisher shows unknown publisher, type is remote desktop connection, remote computer is rds.domain.com
in remoteapp manager, remoteapp deployment settings > rd session host server tab > server name field is rds.domain.com. same window but the digital signature tab > sign with digital cert checkbox is not selected. Should I add the cert here?
in remote desktop services default connection website on the configuration page, the source name is rds.domain.local. when accessing rdweb from the internet, it also shows local. Should that be .com instead?
where would I use the cert in the RDP host config? Is that the digital signature settings option in remoteapp manager?
thanks again for helping
ASKER
so I had to reboot the server today. I just added calc and it opened with the same warning as the rdp app. so at least the apps, besides rdp, are opening again. just wanted to mention.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
did it. thanks. still get the security warning from above when opening remoteapps.
I did not set the remoteapps digital signature settings to use the cert. should I do that as well?
I also added this remote server to the TS Web Access Computers security group.
thanks again
I did not set the remoteapps digital signature settings to use the cert. should I do that as well?
I also added this remote server to the TS Web Access Computers security group.
thanks again
nah, the digital signature doesn't cause this.
Could you advise the actual warning you get as it may be relevant.
Could you advise the actual warning you get as it may be relevant.
ASKER
OK. So, I went to rds.domain.com to get the error and link it here for you to see. However, I am unable to click on calc and have it open. This is what was happening the other day. The calc app shows up but nothing happens when I click it. This is in the office. When I was at home earlier, I clicked calc, got the warning, accepted it, then calc opened. So it appears it is not opening within the LAN. I wonder if this could be a firewall setting. RDP did open, but it opened with the last server I connected to. I would like to set it so rds.domain.com is entered for users when they click it. Is that possible? Hate to ask since we are working on something else, but since we are working on the remote server...
thanks again.
thanks again.
ASKER
To note, the server is in a datacenter. We have a TW e-line (point-to-point) connection between the office and the datacenter. The office is .25 subnet and the datacenter is .35 subnet. When I go to a server in the datacenter, I can go to rds.domain.com and open the calc app, albeit with the error. Again, in the office I am unable to open it at all. I am thinking firewall but it does work over the internet outside of the office.
I have attached the error from a datacenter server (same as the one I get over the internet outside of the office).
Thanks again. This is driving me nuts. ;-)
remotepp-error1.pdf
I have attached the error from a datacenter server (same as the one I get over the internet outside of the office).
Thanks again. This is driving me nuts. ;-)
remotepp-error1.pdf
ASKER
I noticed that when the remoteapp opens outside the office, a pop-up opens and shows that a remote connection is being made to remotebr.domain.local. I had some DNS issues with this server that ended up being external DNS. However, in the process of troubleshooting that, I changed the computer name to RDS. So, somewhere the old name is still being applied, since that pop-up shows it. I don't even know where to begin to look for that setting.
ASKER
so I found this and it resolved the incorrect name showing up when connecting.
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/80813c27-60f7-45e4-bdc3-76e6f2d6224f/
still can't open in the office though.
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/80813c27-60f7-45e4-bdc3-76e6f2d6224f/
still can't open in the office though.
ASKER
this is still not working correctly but I appreciate the help and the comment marked as correct helped in applying the cert.
When setting up the remote apps, does the fqdn yoi are using match one the fqdns in the certificate?
Yes you should select and use the ssl cert in RDP host config.