Solved

Help with remote desktop / terminal services on 2008 R2 SP1

Posted on 2013-05-29
11
655 Views
Last Modified: 2013-06-07
Hello,

Having a few issues. I'll break these off into individual questions if needed. So, simple set up. A 2008 R2 SP1 server running gateway, host session, and RemoteApp. All remote desktop services, if I missed any. DNS set up. Can get to server in LAN and over Internet. Installed go daddy ssl cert. http redirected to https.

When I go to RDS.domain.com in RDP client, I'm not prompted with a security warning and connect without issue. When I got to http://RDS.domain.com, I'm redirected to https and am not prompted with any security warning. When I click a published program, nothing happens. When I click the RDP connection published app, it opens but prompts me for credentials. After entering those, I get a security warning regarding the certificate for the published app. I do not get this warning if I open rdp directly on the computer and connect.

I think I'm having an issue with the firewall (sonic wall NSA 220) as far as the app not opening. However, at one point in testing I was able to open apps without issue, but had to provide credentials twice (SSO issue based on what I have read) and accept a security warning. Nothing has changed on the firewall. The only thing I've changed is installing the cert. Any ideas on what to do on the firewall (open ports, allow something I'm not, etc.)?

I only installed the cert in IIS default website, not in RemoteApp manager or on the gateway. Should I have? If so, same cert or a new one?

Any help is greatly appreciated. Need to get this into production yesterday.
0
Comment
Question by:rpliner
  • 8
  • 3
11 Comments
 
LVL 27

Expert Comment

by:Steve
ID: 39209263
Firstly, what cert warning do you get when clicking the rdp published app.

When setting up the remote apps, does the fqdn yoi are using match one the fqdns in the certificate?

Yes you should select and use the ssl cert in RDP host config.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39209393
first, thanks for responding.

The warning is the typical, maybe expected, 'A website wants to run a RemoteApp program. Do not connect...' Publisher shows unknown publisher, type is remote desktop connection, remote computer is rds.domain.com

in remoteapp manager, remoteapp deployment settings > rd session host server tab >  server name field is rds.domain.com. same window but the digital signature tab > sign with digital cert checkbox is not selected. Should I add the cert here?

in remote desktop services default connection website on the configuration page, the source name is rds.domain.local. when accessing rdweb from the internet, it also shows local. Should that be .com instead?

where would I use the cert in the RDP host config? Is that the digital signature settings option in remoteapp manager?

thanks again for helping
0
 
LVL 7

Author Comment

by:rpliner
ID: 39209400
so I had to reboot the server today. I just added calc and it opened with the same warning as the rdp app. so at least the apps, besides rdp, are opening again. just wanted to mention.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 27

Accepted Solution

by:
Steve earned 500 total points
ID: 39210130
open remote desktop session host config
on the general tab, look towards the bottom and click 'select' to choose a certificate for the TS.

this wont cause any downtime.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39210608
did it. thanks. still get the security warning from above when opening remoteapps.

I did not set the remoteapps digital signature settings to use the cert. should I do that as well?

I also added this remote server to the TS Web Access Computers security group.

thanks again
0
 
LVL 27

Expert Comment

by:Steve
ID: 39210952
nah, the digital signature doesn't cause this.

Could you advise the actual warning you get as it may be relevant.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39211149
OK. So, I went to rds.domain.com to get the error and link it here for you to see. However, I am unable to click on calc and have it open. This is what was happening the other day. The calc app shows up but nothing happens when I click it. This is in the office. When I was at home earlier, I clicked calc, got the warning, accepted it, then calc opened. So it appears it is not opening within the LAN. I wonder if this could be a firewall setting. RDP did open, but it opened with the last server I connected to. I would like to set it so rds.domain.com is entered for users when they click it. Is that possible? Hate to ask since we are working on something else, but since we are working on the remote server...

thanks again.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39211289
To note, the server is in a datacenter. We have a TW e-line (point-to-point) connection between the office and the datacenter. The office is .25 subnet and the datacenter is .35 subnet. When I go to a server in the datacenter, I can go to rds.domain.com and open the calc app, albeit with the error. Again, in the office I am unable to open it at all. I am thinking firewall but it does work over the internet outside of the office.

I have attached the error from a datacenter server (same as the one I get over the internet outside of the office).

Thanks again. This is driving me nuts. ;-)
remotepp-error1.pdf
0
 
LVL 7

Author Comment

by:rpliner
ID: 39211941
I noticed that when the remoteapp opens outside the office, a pop-up opens and shows that a remote connection is being made to remotebr.domain.local. I had some DNS issues with this server that ended up being external DNS. However, in the process of troubleshooting that, I changed the computer name to RDS. So, somewhere the old name is still being applied, since that pop-up shows it. I don't even know where to begin to look for that setting.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39216736
so I found this and it resolved the incorrect name showing up when connecting.

http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/80813c27-60f7-45e4-bdc3-76e6f2d6224f/

still can't open in the office though.
0
 
LVL 7

Author Comment

by:rpliner
ID: 39229822
this is still not working correctly but I appreciate the help and the comment marked as correct helped in applying the cert.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Desktop Connections allow you to control remote host machines via the magic of the Internet and RDP (Remote Desktop Protocol). For the purposes of this article we will assume you are connecting from your home PC or laptop to a remote offic…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question