Solved

Windows 2012 R2 remote desktop gateway - "The identity of the remote computer cannot be verified.  Do you want to connect anyway?"

Posted on 2014-01-28
8
6,980 Views
Last Modified: 2014-02-03
Hi,

We have a enviroment with remote desktop configured.
The servers are:

Windows server 2012 R2 - RD Web connection broker (Publishing)/RD Web/RD Gateway
Windows server 2012 R2 x 2 - RD Session hosts

The servers are configured and we can logon to the sessions hosts externally both from RDWeb published remote desktop/remote app and using remote desktop/remote app application in windows manually configured.

But we have one problem when we logon, everytime we try to logon to an remote app or remote desktop session we get a certificate error for each RD Session host we have saying "The identity of the remote computer cannot be verified.  Do you want to connect anyway?"  

We have assigned a certificate to RD Gateway and through deployment settings for RD Web, RD Gateway and RD Connection broker (publishing)
The certificate is bought at godaddy.

The domain used internally is not the same as the external one, guessing that's the reason for the error but hopefully there is possible to resolve this problem.

Thanks!

Brg
Thomas B
0
Comment
Question by:thbor83
  • 4
  • 3
8 Comments
 
LVL 38

Expert Comment

by:Philip Elder
ID: 39815776
Workaround is to check the "Don't Bug Me Again" setting on the certificate warning since it is hung on the _local_ certificate generated by the RDS servers.

Make sure the GoDaddy cross_intermediate and intermediate certificates are installed on the RD Gateway server into the Intermediate Certificate Authorities container (Computer).

Philip
0
 

Author Comment

by:thbor83
ID: 39815874
Hello Philip, thanks for your suggestions.

Have added the intermediate and cross_intermediate certificates to the RD Gateway server, but this didn't help anything.

When we check the "Don't bug me again" setting but the certificate error pops up again next time I logged again.

Brg,
Thomas B
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 39815913
Under Deployment Properties make sure the GoDaddy certificate is only hooked into your RDWeb and RD Gateway setup.

Do not hook the GoDaddy certificate into the server itself as this will take away the option to turn off the cert nag. If that is what happened then change the certificate back to the server's self-issued certificate.

Philip
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:thbor83
ID: 39818346
Thanks Philip for your suggestion ,have tried this without any luck.

Starting to think I have to configure everything on the same external domain with wildcard certificate.

Or is there other configuration I should try? Or other setup that is better than the one I suggested now?
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 39819619
We have quite a few RD Gateway with RDWeb and RemoteApp along with RDS going with GoDaddy certificates with no issue.

RDS Certificates
That's the setup that allows users to click away the certificate nag.

Philip
0
 

Author Comment

by:thbor83
ID: 39820142
Thanks Philip,

I changed the settings for the certificate in the deployment properties but for me that didn't help.

So I changed the setup so that everything is on the same external domain external.com and bought a wildcard certificate.

When I now open app from the RDweb it doesn't ask for the internal certificate but if I open the app from remoteapp application in windows 7 it asks for the certificate (But I can click away the certificate nag)

The same goes for "connect to remote computer" from RDweb I get a certificate warning.
Have tried to figure out how I can change the certificate for remote desktop so that it choose the wildcard certificate instead of the local certificate.

Has anyone done this in RDS 2012 before? When checking online everyone is talking about RDS 2008 but since everything has been changed that doesn't work for me.
0
 
LVL 31

Accepted Solution

by:
Cláudio Rodrigues earned 500 total points
ID: 39820949
You need to issue a command to change the RDP-tcp listener on the RDS Session Host servers to use the certificate you have (the wildcard one). That should fix it.

wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="YOUR_CERT_THUMBPRINT"

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0
 

Author Comment

by:thbor83
ID: 39829238
Hi Cláudio,

Thanks for your reply :)
That resolved my issue. But it seems that it might have opened a new one.

When a users logons to remoteapp they get a message saying that they can't find \\tsclient\c\
(It's an ini file used by the program this string is located in.)

This behaviour seems to mostly be in IE and not with remoteapp in windows or chrome. And doesn't happen all the time.
If you receive the error message you can then just connect again to the application and you don't get any error.

Has any of you seen this problem before?
0

Featured Post

ScreenConnect 6.0 Free Trial

Check out the updates in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI that improves session organization and overall user experience. See the enhancements for yourself!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question