Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows 2012 R2 remote desktop gateway - "The identity of the remote computer cannot be verified.  Do you want to connect anyway?"

Posted on 2014-01-28
8
Medium Priority
?
7,902 Views
Last Modified: 2014-02-03
Hi,

We have a enviroment with remote desktop configured.
The servers are:

Windows server 2012 R2 - RD Web connection broker (Publishing)/RD Web/RD Gateway
Windows server 2012 R2 x 2 - RD Session hosts

The servers are configured and we can logon to the sessions hosts externally both from RDWeb published remote desktop/remote app and using remote desktop/remote app application in windows manually configured.

But we have one problem when we logon, everytime we try to logon to an remote app or remote desktop session we get a certificate error for each RD Session host we have saying "The identity of the remote computer cannot be verified.  Do you want to connect anyway?"  

We have assigned a certificate to RD Gateway and through deployment settings for RD Web, RD Gateway and RD Connection broker (publishing)
The certificate is bought at godaddy.

The domain used internally is not the same as the external one, guessing that's the reason for the error but hopefully there is possible to resolve this problem.

Thanks!

Brg
Thomas B
0
Comment
Question by:thbor83
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 39

Expert Comment

by:Philip Elder
ID: 39815776
Workaround is to check the "Don't Bug Me Again" setting on the certificate warning since it is hung on the _local_ certificate generated by the RDS servers.

Make sure the GoDaddy cross_intermediate and intermediate certificates are installed on the RD Gateway server into the Intermediate Certificate Authorities container (Computer).

Philip
0
 

Author Comment

by:thbor83
ID: 39815874
Hello Philip, thanks for your suggestions.

Have added the intermediate and cross_intermediate certificates to the RD Gateway server, but this didn't help anything.

When we check the "Don't bug me again" setting but the certificate error pops up again next time I logged again.

Brg,
Thomas B
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 39815913
Under Deployment Properties make sure the GoDaddy certificate is only hooked into your RDWeb and RD Gateway setup.

Do not hook the GoDaddy certificate into the server itself as this will take away the option to turn off the cert nag. If that is what happened then change the certificate back to the server's self-issued certificate.

Philip
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:thbor83
ID: 39818346
Thanks Philip for your suggestion ,have tried this without any luck.

Starting to think I have to configure everything on the same external domain with wildcard certificate.

Or is there other configuration I should try? Or other setup that is better than the one I suggested now?
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 39819619
We have quite a few RD Gateway with RDWeb and RemoteApp along with RDS going with GoDaddy certificates with no issue.

RDS Certificates
That's the setup that allows users to click away the certificate nag.

Philip
0
 

Author Comment

by:thbor83
ID: 39820142
Thanks Philip,

I changed the settings for the certificate in the deployment properties but for me that didn't help.

So I changed the setup so that everything is on the same external domain external.com and bought a wildcard certificate.

When I now open app from the RDweb it doesn't ask for the internal certificate but if I open the app from remoteapp application in windows 7 it asks for the certificate (But I can click away the certificate nag)

The same goes for "connect to remote computer" from RDweb I get a certificate warning.
Have tried to figure out how I can change the certificate for remote desktop so that it choose the wildcard certificate instead of the local certificate.

Has anyone done this in RDS 2012 before? When checking online everyone is talking about RDS 2008 but since everything has been changed that doesn't work for me.
0
 
LVL 31

Accepted Solution

by:
Cláudio Rodrigues earned 2000 total points
ID: 39820949
You need to issue a command to change the RDP-tcp listener on the RDS Session Host servers to use the certificate you have (the wildcard one). That should fix it.

wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="YOUR_CERT_THUMBPRINT"

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0
 

Author Comment

by:thbor83
ID: 39829238
Hi Cláudio,

Thanks for your reply :)
That resolved my issue. But it seems that it might have opened a new one.

When a users logons to remoteapp they get a message saying that they can't find \\tsclient\c\
(It's an ini file used by the program this string is located in.)

This behaviour seems to mostly be in IE and not with remoteapp in windows or chrome. And doesn't happen all the time.
If you receive the error message you can then just connect again to the application and you don't get any error.

Has any of you seen this problem before?
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question