Solved

RDP server giving the local machine certificate and not the SSL certificate

Posted on 2013-11-19
5
409 Views
Last Modified: 2014-04-02
Here is the setup
2008 terminal server
domain abc.com
SSL rdp.abc.com
machine internal name rdp.abc 192.168.1.10
External DNS rdp.abc.com 2.2.2.2
firewall routes ports to terminal server

I have imported the certificate into the terminal server in mmc ( add snap-in certificates, computer account). I go into certificates > Remote Desktop> certificates and see the certificate in there.

I go into RemoteApp Manager and look at Digital Signature Settings and see it is green check signing as : rdp.abc.com

When I go and try to connect from external It prompts me for user/password then gives me the error:
The identity of the remote computer cannot be verified. Do you want to connect anyway?
Certificate name
Name in the certificate from the remote computer:
rdp.abc
Certificate errors
The certificate is not from a trusted certifying authority

Why is it using the internal certificate and not the SSL certificate that is installed?
I have rebooted several times
Searches on Google are not giving any tips...

I have the option to connect despite these certificate errors, but I don't want to. I want it to give the correct SSL ( rdp.abc.com) for the session.

Knightdog
0
Comment
Question by:knightdogs
  • 2
  • 2
5 Comments
 
LVL 1

Assisted Solution

by:agieryic
agieryic earned 250 total points
ID: 39660412
I just went thru what you're going thru. I needed a secure Terminal Server (RDS) connection from a remote location to the server using FQDN instead of the IP address. I got it working
- Before you setup the SSL certificate, did you create a new A-Record pointing to your public IP address using a DNS name?
- did you create the pass key from the server and copied the entire key into your request?
0
 

Author Comment

by:knightdogs
ID: 39660514
agieryic,
Actually I just took over here.  All i did was renew the expiring SSL certificate.  Now I have to admit that I had not used the RDS server so I don't know if the error was there before I started or not.

DNS resolves correctly from external.
0
 
LVL 14

Accepted Solution

by:
Ram Balachandran earned 250 total points
ID: 39660539
Have you Enabled New Certificate on a Server

On the Start menu, click Administrative Tools > Internet Information Services (IIS) Manager.
In the IIS manager, right-click the site that you want to use the certificate for and select Properties.
Navigate to Directory Security > Server Certificate. This will start the server certificate wizard.
If given the option, choose to Assign an existing certificate to the site and choose the certificate that you just imported.
If you do not have that option, you should be asked what you want to do with the current certificate on the site. Choose the option to replace your current certificate.
Browse to the .pfx file that you created earlier and then finish the certificate wizard. You may have to restart IIS or the server for it to recognize the new certificate.
0
 
LVL 1

Expert Comment

by:agieryic
ID: 39661103
ram_kerala
- very well said. Most of my experience has been with Terminal Server on Server 2003 and not Server 2008 until recently. Now they call it RDS which makes it confusing.
0
 

Author Comment

by:knightdogs
ID: 39697154
I will be working on this tomorrow.
Thanks for all the suggestions.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question