Solved

RDP server giving the local machine certificate and not the SSL certificate

Posted on 2013-11-19
5
397 Views
Last Modified: 2014-04-02
Here is the setup
2008 terminal server
domain abc.com
SSL rdp.abc.com
machine internal name rdp.abc 192.168.1.10
External DNS rdp.abc.com 2.2.2.2
firewall routes ports to terminal server

I have imported the certificate into the terminal server in mmc ( add snap-in certificates, computer account). I go into certificates > Remote Desktop> certificates and see the certificate in there.

I go into RemoteApp Manager and look at Digital Signature Settings and see it is green check signing as : rdp.abc.com

When I go and try to connect from external It prompts me for user/password then gives me the error:
The identity of the remote computer cannot be verified. Do you want to connect anyway?
Certificate name
Name in the certificate from the remote computer:
rdp.abc
Certificate errors
The certificate is not from a trusted certifying authority

Why is it using the internal certificate and not the SSL certificate that is installed?
I have rebooted several times
Searches on Google are not giving any tips...

I have the option to connect despite these certificate errors, but I don't want to. I want it to give the correct SSL ( rdp.abc.com) for the session.

Knightdog
0
Comment
Question by:knightdogs
  • 2
  • 2
5 Comments
 
LVL 1

Assisted Solution

by:agieryic
agieryic earned 250 total points
Comment Utility
I just went thru what you're going thru. I needed a secure Terminal Server (RDS) connection from a remote location to the server using FQDN instead of the IP address. I got it working
- Before you setup the SSL certificate, did you create a new A-Record pointing to your public IP address using a DNS name?
- did you create the pass key from the server and copied the entire key into your request?
0
 

Author Comment

by:knightdogs
Comment Utility
agieryic,
Actually I just took over here.  All i did was renew the expiring SSL certificate.  Now I have to admit that I had not used the RDS server so I don't know if the error was there before I started or not.

DNS resolves correctly from external.
0
 
LVL 14

Accepted Solution

by:
Ram Balachandran earned 250 total points
Comment Utility
Have you Enabled New Certificate on a Server

On the Start menu, click Administrative Tools > Internet Information Services (IIS) Manager.
In the IIS manager, right-click the site that you want to use the certificate for and select Properties.
Navigate to Directory Security > Server Certificate. This will start the server certificate wizard.
If given the option, choose to Assign an existing certificate to the site and choose the certificate that you just imported.
If you do not have that option, you should be asked what you want to do with the current certificate on the site. Choose the option to replace your current certificate.
Browse to the .pfx file that you created earlier and then finish the certificate wizard. You may have to restart IIS or the server for it to recognize the new certificate.
0
 
LVL 1

Expert Comment

by:agieryic
Comment Utility
ram_kerala
- very well said. Most of my experience has been with Terminal Server on Server 2003 and not Server 2008 until recently. Now they call it RDS which makes it confusing.
0
 

Author Comment

by:knightdogs
Comment Utility
I will be working on this tomorrow.
Thanks for all the suggestions.
0

Featured Post

Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

Join & Write a Comment

Suggested Solutions

The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now