Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

RDP server giving the local machine certificate and not the SSL certificate

Posted on 2013-11-19
5
Medium Priority
?
424 Views
Last Modified: 2014-04-02
Here is the setup
2008 terminal server
domain abc.com
SSL rdp.abc.com
machine internal name rdp.abc 192.168.1.10
External DNS rdp.abc.com 2.2.2.2
firewall routes ports to terminal server

I have imported the certificate into the terminal server in mmc ( add snap-in certificates, computer account). I go into certificates > Remote Desktop> certificates and see the certificate in there.

I go into RemoteApp Manager and look at Digital Signature Settings and see it is green check signing as : rdp.abc.com

When I go and try to connect from external It prompts me for user/password then gives me the error:
The identity of the remote computer cannot be verified. Do you want to connect anyway?
Certificate name
Name in the certificate from the remote computer:
rdp.abc
Certificate errors
The certificate is not from a trusted certifying authority

Why is it using the internal certificate and not the SSL certificate that is installed?
I have rebooted several times
Searches on Google are not giving any tips...

I have the option to connect despite these certificate errors, but I don't want to. I want it to give the correct SSL ( rdp.abc.com) for the session.

Knightdog
0
Comment
Question by:knightdogs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 1

Assisted Solution

by:agieryic
agieryic earned 1000 total points
ID: 39660412
I just went thru what you're going thru. I needed a secure Terminal Server (RDS) connection from a remote location to the server using FQDN instead of the IP address. I got it working
- Before you setup the SSL certificate, did you create a new A-Record pointing to your public IP address using a DNS name?
- did you create the pass key from the server and copied the entire key into your request?
0
 

Author Comment

by:knightdogs
ID: 39660514
agieryic,
Actually I just took over here.  All i did was renew the expiring SSL certificate.  Now I have to admit that I had not used the RDS server so I don't know if the error was there before I started or not.

DNS resolves correctly from external.
0
 
LVL 14

Accepted Solution

by:
Ram Balachandran earned 1000 total points
ID: 39660539
Have you Enabled New Certificate on a Server

On the Start menu, click Administrative Tools > Internet Information Services (IIS) Manager.
In the IIS manager, right-click the site that you want to use the certificate for and select Properties.
Navigate to Directory Security > Server Certificate. This will start the server certificate wizard.
If given the option, choose to Assign an existing certificate to the site and choose the certificate that you just imported.
If you do not have that option, you should be asked what you want to do with the current certificate on the site. Choose the option to replace your current certificate.
Browse to the .pfx file that you created earlier and then finish the certificate wizard. You may have to restart IIS or the server for it to recognize the new certificate.
0
 
LVL 1

Expert Comment

by:agieryic
ID: 39661103
ram_kerala
- very well said. Most of my experience has been with Terminal Server on Server 2003 and not Server 2008 until recently. Now they call it RDS which makes it confusing.
0
 

Author Comment

by:knightdogs
ID: 39697154
I will be working on this tomorrow.
Thanks for all the suggestions.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question