Solved

Configure RDS 2012 Access with certificates

Posted on 2014-04-30
5
590 Views
Last Modified: 2014-06-22
Hello,

I have installed :

3 RDS 2012 Servers

- SRV-RDS1.test.local
- SRV-RDS2.test.local
- SRV-RDS3.test.local

2 Brokers
- SRV-BROKER1
- SRV-BROKER2

1 SQL Server
- SRV-SQL

1 RD web and RD Gateway on same server

- SRV-RDSGW
When I connect from local I use the name farm.test.local to connect to brokers who redirect me to RDS1 RDS2 or RDS3. All works good.

Now I am fighting to configure certificate and I need some help please.

I would like to connect to farm trough the RD Gateway.

I'd like to use the external name : farm.test.com

How many certificates I need ?

I heard about the certification authority doesn't deliver certificate for . local domains.


Thank you very much.
0
Comment
Question by:wahrani16
  • 3
5 Comments
 
LVL 3

Expert Comment

by:bmurray-vb
ID: 40031622
1 Certificate, if you are using farm.test.com and do not create an internal authoritative DNS zone then even when on the inside of the network, machines will connect to the external name (which I assume you will NAT through a firewall of some kind).   A simple name certificate is all that is required, requested by, and installed on the RD Gateway server through IIS.
0
 

Author Comment

by:wahrani16
ID: 40031932
Hi thank you for your help. I will try to explain my problem.

Actually here's what I have in the certificate rds settings :
the CN is farm.test.com
 rds cert settings
a csr was generated from the rd Gateway server (on IIS) for the common name farm.test.com
I have used startssl certificate authority and I have placed the answer it in the rd Gateway settings :
 rd gateway cert
Actually when I try to connect to RD Gateway ans specify farm.test.com, I can connect but I have a lot of warnings :
1st one concern the name farm.test.local (it's the dns name for the RR for brokers)
cert warning2nd one concern the name of the connection broker itself SRV-BROKER1.test.local

3rd one concern the name of one of the RDS Servers for example SRV-RDS1.test.local

after click on Yes and connection, I am able to access to the remote desktop.

- I think that it's a certificate issue for SSO etc .... Maybe Need a wildcard certificate ?
- I have read a lot of document but I am not familiar with wilcard certificate ?
- Will I use a an internal authority to protect the local domains ?

Thank you very much and to summon up one's patience
sorry for my English too :)
0
 
LVL 1

Expert Comment

by:Ryan Mangan
ID: 40140875
Hi, have a look at the following article which shows how to configure Certificate services for RDS 2012:

http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/ 

You can use certificates from a internal certificate authority if you have one or a third party.

Best regards,

Ryan
0
 

Accepted Solution

by:
wahrani16 earned 0 total points
ID: 40141507
Hi,
Thanks Ryan but
Finally, I have used a Godaddy certificate for access Gateway.
I have used a self signed Certificate for SSO and rdp signing because when I used a wildcard certificate delivered from an Internal CA, i had a lot of problems with Windows XP computers connecting from external due to CRL validation.
0
 

Author Closing Comment

by:wahrani16
ID: 40150153
Found by myself.
Regards,
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question