Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Help with remote desktop / terminal services on 2008 R2 SP1

Posted on 2013-05-29
11
Medium Priority
?
663 Views
Last Modified: 2013-06-07
Hello,

Having a few issues. I'll break these off into individual questions if needed. So, simple set up. A 2008 R2 SP1 server running gateway, host session, and RemoteApp. All remote desktop services, if I missed any. DNS set up. Can get to server in LAN and over Internet. Installed go daddy ssl cert. http redirected to https.

When I go to RDS.domain.com in RDP client, I'm not prompted with a security warning and connect without issue. When I got to http://RDS.domain.com, I'm redirected to https and am not prompted with any security warning. When I click a published program, nothing happens. When I click the RDP connection published app, it opens but prompts me for credentials. After entering those, I get a security warning regarding the certificate for the published app. I do not get this warning if I open rdp directly on the computer and connect.

I think I'm having an issue with the firewall (sonic wall NSA 220) as far as the app not opening. However, at one point in testing I was able to open apps without issue, but had to provide credentials twice (SSO issue based on what I have read) and accept a security warning. Nothing has changed on the firewall. The only thing I've changed is installing the cert. Any ideas on what to do on the firewall (open ports, allow something I'm not, etc.)?

I only installed the cert in IIS default website, not in RemoteApp manager or on the gateway. Should I have? If so, same cert or a new one?

Any help is greatly appreciated. Need to get this into production yesterday.
0
Comment
Question by:rpliner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 3
11 Comments
 
LVL 27

Expert Comment

by:Steve
ID: 39209263
Firstly, what cert warning do you get when clicking the rdp published app.

When setting up the remote apps, does the fqdn yoi are using match one the fqdns in the certificate?

Yes you should select and use the ssl cert in RDP host config.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39209393
first, thanks for responding.

The warning is the typical, maybe expected, 'A website wants to run a RemoteApp program. Do not connect...' Publisher shows unknown publisher, type is remote desktop connection, remote computer is rds.domain.com

in remoteapp manager, remoteapp deployment settings > rd session host server tab >  server name field is rds.domain.com. same window but the digital signature tab > sign with digital cert checkbox is not selected. Should I add the cert here?

in remote desktop services default connection website on the configuration page, the source name is rds.domain.local. when accessing rdweb from the internet, it also shows local. Should that be .com instead?

where would I use the cert in the RDP host config? Is that the digital signature settings option in remoteapp manager?

thanks again for helping
0
 
LVL 7

Author Comment

by:rpliner
ID: 39209400
so I had to reboot the server today. I just added calc and it opened with the same warning as the rdp app. so at least the apps, besides rdp, are opening again. just wanted to mention.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 27

Accepted Solution

by:
Steve earned 1500 total points
ID: 39210130
open remote desktop session host config
on the general tab, look towards the bottom and click 'select' to choose a certificate for the TS.

this wont cause any downtime.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39210608
did it. thanks. still get the security warning from above when opening remoteapps.

I did not set the remoteapps digital signature settings to use the cert. should I do that as well?

I also added this remote server to the TS Web Access Computers security group.

thanks again
0
 
LVL 27

Expert Comment

by:Steve
ID: 39210952
nah, the digital signature doesn't cause this.

Could you advise the actual warning you get as it may be relevant.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39211149
OK. So, I went to rds.domain.com to get the error and link it here for you to see. However, I am unable to click on calc and have it open. This is what was happening the other day. The calc app shows up but nothing happens when I click it. This is in the office. When I was at home earlier, I clicked calc, got the warning, accepted it, then calc opened. So it appears it is not opening within the LAN. I wonder if this could be a firewall setting. RDP did open, but it opened with the last server I connected to. I would like to set it so rds.domain.com is entered for users when they click it. Is that possible? Hate to ask since we are working on something else, but since we are working on the remote server...

thanks again.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39211289
To note, the server is in a datacenter. We have a TW e-line (point-to-point) connection between the office and the datacenter. The office is .25 subnet and the datacenter is .35 subnet. When I go to a server in the datacenter, I can go to rds.domain.com and open the calc app, albeit with the error. Again, in the office I am unable to open it at all. I am thinking firewall but it does work over the internet outside of the office.

I have attached the error from a datacenter server (same as the one I get over the internet outside of the office).

Thanks again. This is driving me nuts. ;-)
remotepp-error1.pdf
0
 
LVL 7

Author Comment

by:rpliner
ID: 39211941
I noticed that when the remoteapp opens outside the office, a pop-up opens and shows that a remote connection is being made to remotebr.domain.local. I had some DNS issues with this server that ended up being external DNS. However, in the process of troubleshooting that, I changed the computer name to RDS. So, somewhere the old name is still being applied, since that pop-up shows it. I don't even know where to begin to look for that setting.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39216736
so I found this and it resolved the incorrect name showing up when connecting.

http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/80813c27-60f7-45e4-bdc3-76e6f2d6224f/

still can't open in the office though.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39229822
this is still not working correctly but I appreciate the help and the comment marked as correct helped in applying the cert.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question