• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 682
  • Last Modified:

Configure RDS 2012 Access with certificates

Hello,

I have installed :

3 RDS 2012 Servers

- SRV-RDS1.test.local
- SRV-RDS2.test.local
- SRV-RDS3.test.local

2 Brokers
- SRV-BROKER1
- SRV-BROKER2

1 SQL Server
- SRV-SQL

1 RD web and RD Gateway on same server

- SRV-RDSGW
When I connect from local I use the name farm.test.local to connect to brokers who redirect me to RDS1 RDS2 or RDS3. All works good.

Now I am fighting to configure certificate and I need some help please.

I would like to connect to farm trough the RD Gateway.

I'd like to use the external name : farm.test.com

How many certificates I need ?

I heard about the certification authority doesn't deliver certificate for . local domains.


Thank you very much.
0
wahrani16
Asked:
wahrani16
  • 3
1 Solution
 
bmurray-vbCommented:
1 Certificate, if you are using farm.test.com and do not create an internal authoritative DNS zone then even when on the inside of the network, machines will connect to the external name (which I assume you will NAT through a firewall of some kind).   A simple name certificate is all that is required, requested by, and installed on the RD Gateway server through IIS.
0
 
wahrani16Author Commented:
Hi thank you for your help. I will try to explain my problem.

Actually here's what I have in the certificate rds settings :
the CN is farm.test.com
 rds cert settings
a csr was generated from the rd Gateway server (on IIS) for the common name farm.test.com
I have used startssl certificate authority and I have placed the answer it in the rd Gateway settings :
 rd gateway cert
Actually when I try to connect to RD Gateway ans specify farm.test.com, I can connect but I have a lot of warnings :
1st one concern the name farm.test.local (it's the dns name for the RR for brokers)
cert warning2nd one concern the name of the connection broker itself SRV-BROKER1.test.local

3rd one concern the name of one of the RDS Servers for example SRV-RDS1.test.local

after click on Yes and connection, I am able to access to the remote desktop.

- I think that it's a certificate issue for SSO etc .... Maybe Need a wildcard certificate ?
- I have read a lot of document but I am not familiar with wilcard certificate ?
- Will I use a an internal authority to protect the local domains ?

Thank you very much and to summon up one's patience
sorry for my English too :)
0
 
Ryan ManganCommented:
Hi, have a look at the following article which shows how to configure Certificate services for RDS 2012:

http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/ 

You can use certificates from a internal certificate authority if you have one or a third party.

Best regards,

Ryan
0
 
wahrani16Author Commented:
Hi,
Thanks Ryan but
Finally, I have used a Godaddy certificate for access Gateway.
I have used a self signed Certificate for SSO and rdp signing because when I used a wildcard certificate delivered from an Internal CA, i had a lot of problems with Windows XP computers connecting from external due to CRL validation.
0
 
wahrani16Author Commented:
Found by myself.
Regards,
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now