Solved

Windows 2012 R2 remote desktop gateway - "The identity of the remote computer cannot be verified.  Do you want to connect anyway?"

Posted on 2014-01-28
8
6,331 Views
Last Modified: 2014-02-03
Hi,

We have a enviroment with remote desktop configured.
The servers are:

Windows server 2012 R2 - RD Web connection broker (Publishing)/RD Web/RD Gateway
Windows server 2012 R2 x 2 - RD Session hosts

The servers are configured and we can logon to the sessions hosts externally both from RDWeb published remote desktop/remote app and using remote desktop/remote app application in windows manually configured.

But we have one problem when we logon, everytime we try to logon to an remote app or remote desktop session we get a certificate error for each RD Session host we have saying "The identity of the remote computer cannot be verified.  Do you want to connect anyway?"  

We have assigned a certificate to RD Gateway and through deployment settings for RD Web, RD Gateway and RD Connection broker (publishing)
The certificate is bought at godaddy.

The domain used internally is not the same as the external one, guessing that's the reason for the error but hopefully there is possible to resolve this problem.

Thanks!

Brg
Thomas B
0
Comment
Question by:thbor83
  • 4
  • 3
8 Comments
 
LVL 38

Expert Comment

by:Philip Elder
ID: 39815776
Workaround is to check the "Don't Bug Me Again" setting on the certificate warning since it is hung on the _local_ certificate generated by the RDS servers.

Make sure the GoDaddy cross_intermediate and intermediate certificates are installed on the RD Gateway server into the Intermediate Certificate Authorities container (Computer).

Philip
0
 

Author Comment

by:thbor83
ID: 39815874
Hello Philip, thanks for your suggestions.

Have added the intermediate and cross_intermediate certificates to the RD Gateway server, but this didn't help anything.

When we check the "Don't bug me again" setting but the certificate error pops up again next time I logged again.

Brg,
Thomas B
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 39815913
Under Deployment Properties make sure the GoDaddy certificate is only hooked into your RDWeb and RD Gateway setup.

Do not hook the GoDaddy certificate into the server itself as this will take away the option to turn off the cert nag. If that is what happened then change the certificate back to the server's self-issued certificate.

Philip
0
 

Author Comment

by:thbor83
ID: 39818346
Thanks Philip for your suggestion ,have tried this without any luck.

Starting to think I have to configure everything on the same external domain with wildcard certificate.

Or is there other configuration I should try? Or other setup that is better than the one I suggested now?
0
ScreenConnect 6.0 Free Trial

Explore all the enhancements in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI, app configurations and chat acknowledgement to improve customer engagement!

 
LVL 38

Expert Comment

by:Philip Elder
ID: 39819619
We have quite a few RD Gateway with RDWeb and RemoteApp along with RDS going with GoDaddy certificates with no issue.

RDS Certificates
That's the setup that allows users to click away the certificate nag.

Philip
0
 

Author Comment

by:thbor83
ID: 39820142
Thanks Philip,

I changed the settings for the certificate in the deployment properties but for me that didn't help.

So I changed the setup so that everything is on the same external domain external.com and bought a wildcard certificate.

When I now open app from the RDweb it doesn't ask for the internal certificate but if I open the app from remoteapp application in windows 7 it asks for the certificate (But I can click away the certificate nag)

The same goes for "connect to remote computer" from RDweb I get a certificate warning.
Have tried to figure out how I can change the certificate for remote desktop so that it choose the wildcard certificate instead of the local certificate.

Has anyone done this in RDS 2012 before? When checking online everyone is talking about RDS 2008 but since everything has been changed that doesn't work for me.
0
 
LVL 31

Accepted Solution

by:
Cláudio Rodrigues earned 500 total points
ID: 39820949
You need to issue a command to change the RDP-tcp listener on the RDS Session Host servers to use the certificate you have (the wildcard one). That should fix it.

wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="YOUR_CERT_THUMBPRINT"

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0
 

Author Comment

by:thbor83
ID: 39829238
Hi Cláudio,

Thanks for your reply :)
That resolved my issue. But it seems that it might have opened a new one.

When a users logons to remoteapp they get a message saying that they can't find \\tsclient\c\
(It's an ini file used by the program this string is located in.)

This behaviour seems to mostly be in IE and not with remoteapp in windows or chrome. And doesn't happen all the time.
If you receive the error message you can then just connect again to the application and you don't get any error.

Has any of you seen this problem before?
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Several part series to implement Internet Explorer 11 Enterprise Mode
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now