Solved

Configure RDS 2012 Access with certificates

Posted on 2014-04-30
5
583 Views
Last Modified: 2014-06-22
Hello,

I have installed :

3 RDS 2012 Servers

- SRV-RDS1.test.local
- SRV-RDS2.test.local
- SRV-RDS3.test.local

2 Brokers
- SRV-BROKER1
- SRV-BROKER2

1 SQL Server
- SRV-SQL

1 RD web and RD Gateway on same server

- SRV-RDSGW
When I connect from local I use the name farm.test.local to connect to brokers who redirect me to RDS1 RDS2 or RDS3. All works good.

Now I am fighting to configure certificate and I need some help please.

I would like to connect to farm trough the RD Gateway.

I'd like to use the external name : farm.test.com

How many certificates I need ?

I heard about the certification authority doesn't deliver certificate for . local domains.


Thank you very much.
0
Comment
Question by:wahrani16
  • 3
5 Comments
 
LVL 3

Expert Comment

by:bmurray-vb
ID: 40031622
1 Certificate, if you are using farm.test.com and do not create an internal authoritative DNS zone then even when on the inside of the network, machines will connect to the external name (which I assume you will NAT through a firewall of some kind).   A simple name certificate is all that is required, requested by, and installed on the RD Gateway server through IIS.
0
 

Author Comment

by:wahrani16
ID: 40031932
Hi thank you for your help. I will try to explain my problem.

Actually here's what I have in the certificate rds settings :
the CN is farm.test.com
 rds cert settings
a csr was generated from the rd Gateway server (on IIS) for the common name farm.test.com
I have used startssl certificate authority and I have placed the answer it in the rd Gateway settings :
 rd gateway cert
Actually when I try to connect to RD Gateway ans specify farm.test.com, I can connect but I have a lot of warnings :
1st one concern the name farm.test.local (it's the dns name for the RR for brokers)
cert warning2nd one concern the name of the connection broker itself SRV-BROKER1.test.local

3rd one concern the name of one of the RDS Servers for example SRV-RDS1.test.local

after click on Yes and connection, I am able to access to the remote desktop.

- I think that it's a certificate issue for SSO etc .... Maybe Need a wildcard certificate ?
- I have read a lot of document but I am not familiar with wilcard certificate ?
- Will I use a an internal authority to protect the local domains ?

Thank you very much and to summon up one's patience
sorry for my English too :)
0
 
LVL 1

Expert Comment

by:Ryan Mangan
ID: 40140875
Hi, have a look at the following article which shows how to configure Certificate services for RDS 2012:

http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/

You can use certificates from a internal certificate authority if you have one or a third party.

Best regards,

Ryan
0
 

Accepted Solution

by:
wahrani16 earned 0 total points
ID: 40141507
Hi,
Thanks Ryan but
Finally, I have used a Godaddy certificate for access Gateway.
I have used a self signed Certificate for SSO and rdp signing because when I used a wildcard certificate delivered from an Internal CA, i had a lot of problems with Windows XP computers connecting from external due to CRL validation.
0
 

Author Closing Comment

by:wahrani16
ID: 40150153
Found by myself.
Regards,
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now