Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 438
  • Last Modified:

RDP server giving the local machine certificate and not the SSL certificate

Here is the setup
2008 terminal server
domain abc.com
SSL rdp.abc.com
machine internal name rdp.abc 192.168.1.10
External DNS rdp.abc.com 2.2.2.2
firewall routes ports to terminal server

I have imported the certificate into the terminal server in mmc ( add snap-in certificates, computer account). I go into certificates > Remote Desktop> certificates and see the certificate in there.

I go into RemoteApp Manager and look at Digital Signature Settings and see it is green check signing as : rdp.abc.com

When I go and try to connect from external It prompts me for user/password then gives me the error:
The identity of the remote computer cannot be verified. Do you want to connect anyway?
Certificate name
Name in the certificate from the remote computer:
rdp.abc
Certificate errors
The certificate is not from a trusted certifying authority

Why is it using the internal certificate and not the SSL certificate that is installed?
I have rebooted several times
Searches on Google are not giving any tips...

I have the option to connect despite these certificate errors, but I don't want to. I want it to give the correct SSL ( rdp.abc.com) for the session.

Knightdog
0
knightdogs
Asked:
knightdogs
  • 2
  • 2
2 Solutions
 
agieryicCommented:
I just went thru what you're going thru. I needed a secure Terminal Server (RDS) connection from a remote location to the server using FQDN instead of the IP address. I got it working
- Before you setup the SSL certificate, did you create a new A-Record pointing to your public IP address using a DNS name?
- did you create the pass key from the server and copied the entire key into your request?
0
 
knightdogsAuthor Commented:
agieryic,
Actually I just took over here.  All i did was renew the expiring SSL certificate.  Now I have to admit that I had not used the RDS server so I don't know if the error was there before I started or not.

DNS resolves correctly from external.
0
 
Ram BalachandranCommented:
Have you Enabled New Certificate on a Server

On the Start menu, click Administrative Tools > Internet Information Services (IIS) Manager.
In the IIS manager, right-click the site that you want to use the certificate for and select Properties.
Navigate to Directory Security > Server Certificate. This will start the server certificate wizard.
If given the option, choose to Assign an existing certificate to the site and choose the certificate that you just imported.
If you do not have that option, you should be asked what you want to do with the current certificate on the site. Choose the option to replace your current certificate.
Browse to the .pfx file that you created earlier and then finish the certificate wizard. You may have to restart IIS or the server for it to recognize the new certificate.
0
 
agieryicCommented:
ram_kerala
- very well said. Most of my experience has been with Terminal Server on Server 2003 and not Server 2008 until recently. Now they call it RDS which makes it confusing.
0
 
knightdogsAuthor Commented:
I will be working on this tomorrow.
Thanks for all the suggestions.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now