Solved

Windows 2012 R2 remote desktop gateway - "The identity of the remote computer cannot be verified.  Do you want to connect anyway?"

Posted on 2014-01-28
8
7,607 Views
Last Modified: 2014-02-03
Hi,

We have a enviroment with remote desktop configured.
The servers are:

Windows server 2012 R2 - RD Web connection broker (Publishing)/RD Web/RD Gateway
Windows server 2012 R2 x 2 - RD Session hosts

The servers are configured and we can logon to the sessions hosts externally both from RDWeb published remote desktop/remote app and using remote desktop/remote app application in windows manually configured.

But we have one problem when we logon, everytime we try to logon to an remote app or remote desktop session we get a certificate error for each RD Session host we have saying "The identity of the remote computer cannot be verified.  Do you want to connect anyway?"  

We have assigned a certificate to RD Gateway and through deployment settings for RD Web, RD Gateway and RD Connection broker (publishing)
The certificate is bought at godaddy.

The domain used internally is not the same as the external one, guessing that's the reason for the error but hopefully there is possible to resolve this problem.

Thanks!

Brg
Thomas B
0
Comment
Question by:thbor83
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 39

Expert Comment

by:Philip Elder
ID: 39815776
Workaround is to check the "Don't Bug Me Again" setting on the certificate warning since it is hung on the _local_ certificate generated by the RDS servers.

Make sure the GoDaddy cross_intermediate and intermediate certificates are installed on the RD Gateway server into the Intermediate Certificate Authorities container (Computer).

Philip
0
 

Author Comment

by:thbor83
ID: 39815874
Hello Philip, thanks for your suggestions.

Have added the intermediate and cross_intermediate certificates to the RD Gateway server, but this didn't help anything.

When we check the "Don't bug me again" setting but the certificate error pops up again next time I logged again.

Brg,
Thomas B
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 39815913
Under Deployment Properties make sure the GoDaddy certificate is only hooked into your RDWeb and RD Gateway setup.

Do not hook the GoDaddy certificate into the server itself as this will take away the option to turn off the cert nag. If that is what happened then change the certificate back to the server's self-issued certificate.

Philip
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:thbor83
ID: 39818346
Thanks Philip for your suggestion ,have tried this without any luck.

Starting to think I have to configure everything on the same external domain with wildcard certificate.

Or is there other configuration I should try? Or other setup that is better than the one I suggested now?
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 39819619
We have quite a few RD Gateway with RDWeb and RemoteApp along with RDS going with GoDaddy certificates with no issue.

RDS Certificates
That's the setup that allows users to click away the certificate nag.

Philip
0
 

Author Comment

by:thbor83
ID: 39820142
Thanks Philip,

I changed the settings for the certificate in the deployment properties but for me that didn't help.

So I changed the setup so that everything is on the same external domain external.com and bought a wildcard certificate.

When I now open app from the RDweb it doesn't ask for the internal certificate but if I open the app from remoteapp application in windows 7 it asks for the certificate (But I can click away the certificate nag)

The same goes for "connect to remote computer" from RDweb I get a certificate warning.
Have tried to figure out how I can change the certificate for remote desktop so that it choose the wildcard certificate instead of the local certificate.

Has anyone done this in RDS 2012 before? When checking online everyone is talking about RDS 2008 but since everything has been changed that doesn't work for me.
0
 
LVL 31

Accepted Solution

by:
Cláudio Rodrigues earned 500 total points
ID: 39820949
You need to issue a command to change the RDP-tcp listener on the RDS Session Host servers to use the certificate you have (the wildcard one). That should fix it.

wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="YOUR_CERT_THUMBPRINT"

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0
 

Author Comment

by:thbor83
ID: 39829238
Hi Cláudio,

Thanks for your reply :)
That resolved my issue. But it seems that it might have opened a new one.

When a users logons to remoteapp they get a message saying that they can't find \\tsclient\c\
(It's an ini file used by the program this string is located in.)

This behaviour seems to mostly be in IE and not with remoteapp in windows or chrome. And doesn't happen all the time.
If you receive the error message you can then just connect again to the application and you don't get any error.

Has any of you seen this problem before?
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Determining the an SCCM package name from the Package ID
Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question