Configure RDS 2012 Access with certificates

Posted on 2014-04-30
Medium Priority
Last Modified: 2014-06-22

I have installed :

3 RDS 2012 Servers

- SRV-RDS1.test.local
- SRV-RDS2.test.local
- SRV-RDS3.test.local

2 Brokers

1 SQL Server

1 RD web and RD Gateway on same server

When I connect from local I use the name farm.test.local to connect to brokers who redirect me to RDS1 RDS2 or RDS3. All works good.

Now I am fighting to configure certificate and I need some help please.

I would like to connect to farm trough the RD Gateway.

I'd like to use the external name : farm.test.com

How many certificates I need ?

I heard about the certification authority doesn't deliver certificate for . local domains.

Thank you very much.
Question by:wahrani16
  • 3

Expert Comment

ID: 40031622
1 Certificate, if you are using farm.test.com and do not create an internal authoritative DNS zone then even when on the inside of the network, machines will connect to the external name (which I assume you will NAT through a firewall of some kind).   A simple name certificate is all that is required, requested by, and installed on the RD Gateway server through IIS.

Author Comment

ID: 40031932
Hi thank you for your help. I will try to explain my problem.

Actually here's what I have in the certificate rds settings :
the CN is farm.test.com
 rds cert settings
a csr was generated from the rd Gateway server (on IIS) for the common name farm.test.com
I have used startssl certificate authority and I have placed the answer it in the rd Gateway settings :
 rd gateway cert
Actually when I try to connect to RD Gateway ans specify farm.test.com, I can connect but I have a lot of warnings :
1st one concern the name farm.test.local (it's the dns name for the RR for brokers)
cert warning2nd one concern the name of the connection broker itself SRV-BROKER1.test.local

3rd one concern the name of one of the RDS Servers for example SRV-RDS1.test.local

after click on Yes and connection, I am able to access to the remote desktop.

- I think that it's a certificate issue for SSO etc .... Maybe Need a wildcard certificate ?
- I have read a lot of document but I am not familiar with wilcard certificate ?
- Will I use a an internal authority to protect the local domains ?

Thank you very much and to summon up one's patience
sorry for my English too :)

Expert Comment

by:Ryan Mangan
ID: 40140875
Hi, have a look at the following article which shows how to configure Certificate services for RDS 2012:


You can use certificates from a internal certificate authority if you have one or a third party.

Best regards,


Accepted Solution

wahrani16 earned 0 total points
ID: 40141507
Thanks Ryan but
Finally, I have used a Godaddy certificate for access Gateway.
I have used a self signed Certificate for SSO and rdp signing because when I used a wildcard certificate delivered from an Internal CA, i had a lot of problems with Windows XP computers connecting from external due to CRL validation.

Author Closing Comment

ID: 40150153
Found by myself.

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question