Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

W2k8 R2 RDP-TCP Settings  - Can not assign SelfSigned certificate

Posted on 2013-11-27
4
Medium Priority
?
720 Views
Last Modified: 2013-12-19
Hello Experts,

I am getting mad here :(

I have created a self signed, server authenticated certificate for my Terminalserver Farm named
“TSF-Office.domain.local” the certificate is valid but I can not assign it to the RDP-TCP Settings in Remote Desktop Session Host Configuration.

I choose the RDP-TCP properties, then  I go to certificate which names “auto generated” in the moment.
Then I choose “Select” to assign my Certificate, but instead of showing a list of my certificates there is a popup message telling me  “There are no installed Certificates on this remotedesktop Sessionhost”
But the certificates are listed under “personal\certifcates” in the certificate Snap-in what do I miss?
0
Comment
Question by:Phoenixfeuer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 9

Expert Comment

by:VirastaR
ID: 39680500
Hi,

The certificate is installed into computer’s “Personal” certificate store correct?

if you access the certificate does it has a  private key in it?

Private Key
if you have a private key and still not working

then check this (Similar Issue),
Remote Desktop Services - How to generate and select a certificate
http://social.technet.microsoft.com/Forums/windowsserver/en-US/46888694-c85a-4c48-bd90-c5fd0c3d7fc8/remote-desktop-services-how-to-generate-and-select-a-certificate

Additonal Reference:
Securing Remote Desktop Services in Windows Server 2008 R2
http://www.windowsecurity.com/articles-tutorials/misc_network_security/Securing-Remote-Desktop-Services-Windows-Server-2008-R2.html

Hope that helps :)
0
 

Author Comment

by:Phoenixfeuer
ID: 39680794
Hi Virastar.
Thanks for this. I am getting closer. There was no privat Key in this Serverauthentication Certifikat.
The Problem is I want to certify a TerminalServerFarm. Lets name it
TS-Farm.contose.com
In this Farm i have to Terminal Server w2k8-tsrv01 and w2k8tsrv02. When I connect to the Farm i always get the error Message that the certificate is wron becaus i like to connect to TS-Farm.contose.com but the Server I physically reach is w2k8-tsrv01 or w2k8tsrv02
so the warning is right.

Can you help me with this?
0
 
LVL 9

Accepted Solution

by:
VirastaR earned 1200 total points
ID: 39683257
Hi,

Glad to hear that you got close to the issue.

OK,going as per your example;

TerminalServerFarm - TS-Farm.contose.com (Common Name)
Two Terminal Servers : w2k8-tsrv01.contose.com or w2k8tsrv02.contose.com

In your case you are getting warning sign when you try to connect becuase Certificate Authority is trying to authenticate your login based on your common name,however it does not match with the FQDN of the server you are trying to login on the common name or anywhere else,so to overcome this sceanario in case of multiple-server authentication using a single certificate we need to have something called SAN Certificate (Subject Alternate Name)

Apply SAN Certificate to your scenario:
TerminalServerFarm - TS-Farm.contose.com (Common Name)
                                       w2k8-tsrv01.contose.com (Subject Alternative Name1)
                                       w2k8tsrv02.contose.com  (Subject Alternative Name2)

So, in the above case what will have is that when a common name lookup fails it looks into Subject Alternative Name and if the FQDN matches then it will validate against it, even thiough the Common Name does not match ;)

How to generate a certificate with subject alternative names (SAN)
http://blogs.technet.com/b/isablog/archive/2011/10/09/how-to-generate-a-certificate-with-subject-alternative-names-san.aspx

Hope that helps :)
0
 

Author Closing Comment

by:Phoenixfeuer
ID: 39729252
Thanks for oyur help and sorry for my late replay
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question