Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

TSGW and TS certificates are over

Posted on 2014-09-05
12
347 Views
Last Modified: 2014-09-09
Hi Experts,

our certificates for the TSGW and TS are over and not valid anymore.
What can I do that the department can work on ?
The TSGW and TS are on WIN2008
This is now critical.
0
Comment
Question by:Eprs_Admin
  • 6
  • 5
12 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40306635
Usually when a certificate expires, a person would renew it with the CA it was issued from. Is that what you are asking?
0
 
LVL 29

Accepted Solution

by:
becraig earned 500 total points
ID: 40306636
Here is a good step by step on how to complete this:
http://www.urtech.ca/2010/08/how-to-renew-a-terminal-server-remote-desktop-certificate/


If you are not using a third party certificate and you are using a self-sgined then you can start from the install a certificate section.
0
 

Author Comment

by:Eprs_Admin
ID: 40309265
yes we have a CA but when its expired you cannot renew it, right ?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 29

Expert Comment

by:becraig
ID: 40309286
Whether you opt to renew or replace is not a big issue, once your certificate is valid and installed as per the steps in the guide above.
0
 

Author Comment

by:Eprs_Admin
ID: 40309304
Hi thanks for the manual.
Now we have a new cert from the root CA.

Please , for the overview, can you show me  where to renew or install the cert ?
Where do I have to start ?

I have here 1 TSGW and 2 TS.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40309310
The link above shows a good outline for updating the gateway servers.
0
 

Author Comment

by:Eprs_Admin
ID: 40309321
Please , for the overview, can you show me  where to renew or install the cert ?
Where do I have to start ?
I have here 1 TSGW and 2 TS.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40309340
I will paste the information from the link if you are unable to reach it:
INSTALL A CERTIFICATE ON THE TS/RD GATEWAY SERVER:

    Open the Certificates snap-in console. If you have not already added the Certificates snap-in console, you can do so by doing the following:
    Click Start, click Run, type mmc, and then click OK.
    On the File menu, click Add/Remove Snap-in.
    In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, click Certificates, and then click Add.
    In the Certificates snap-in dialog box, click Computer account, and then click Next.
    In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.
    In the Add or Remove snap-ins dialog box, click OK.
    In the Certificates snap-in console, in the console tree, expand Certificates (Local Computer), and then click Personal.
    Right-click the Personal folder, point to All Tasks, and then click Import.
    On the Welcome to the Certificate Import Wizard page, click Next.
    On the File to Import page, in the File name box, specify the name of the certificate that you want to import, and then click Next.
    On the Password page, do the following:
    If you specified a password for the private key associated with the certificate earlier, type the password.
    If you want to mark the private key for the certificate as exportable, ensure that Mark this key as exportable is selected.
    If you want to include all extended properties for the certificate, ensure that Include all extended properties is selected.
    Click Next.
    On the Certificate Store page, accept the default option, and then click Next.
    On the Completing the Certificate Import Wizard page, confirm that the correct certificate has been selected.
    Click Finish.
    After the certificate import has successfully completed, a message appears confirming that the import was successful. Click OK.
    With Certificates selected in the console tree, in the details pane, verify that the correct certificate appears in the list of certificates on the TS Gateway server. The certificate must be under the Personal store of the local computer.

MAP A CERTIFICATE TO THE LOCAL TS / RD GATEWAY SERVER:

    You must use TS Gateway Manager to map the TS Gateway server certificate. If you map a TS Gateway server certificate by using any other method, TS Gateway will not function correctly.
    Open TS Gateway Manager. To open TS Gateway Manager, click Start, point to Administrative Tools, point to Terminal Services, and then click TS Gateway Manager.
    In the TS Gateway Manager console tree, right-click the local TS Gateway server, and then click Properties.
    On the SSL Certificate tab, click Select an existing certificate for SSL encryption (recommended), and then click Browse Certificates.
    In the Install Certificate dialog box, click the certificate that you want to use, and then click Install.
    Click OK to close the Properties dialog box for the TS Gateway server.
    If this is the first time that you have mapped the TS Gateway certificate, after the certificate mapping is completed, you can verify that the mapping was successful by viewing the TS Gateway Server Status area in TS Gateway Manager. Under Configuration Status and Configuration Tasks, the warning stating that a server certificate is not yet installed or selected and the View or modify certificate properties hyperlink are no longer displayed

Reprinted from
http://www.urtech.ca/2010/08/how-to-renew-a-terminal-server-remote-desktop-certificate/
0
 

Author Comment

by:Eprs_Admin
ID: 40309359
I am not unable to read it !!

But my problem is, where to put alwys the cert ?

Because you have many place to put it.

At the TSGW server properties....
At the TSGW IIS....
On the TS in the protocol properties...

I just want to know where to start.
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 40309372
First import the certificate into the local certificate store:
The guide is VERY clear on this:
   Click Start, click Run, type mmc, and then click OK.
    On the File menu, click Add/Remove Snap-in.
    In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, click Certificates, and then click Add.
    In the Certificates snap-in dialog box, click Computer account, and then click Next.
    In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.
    In the Add or Remove snap-ins dialog box, click OK.
    In the Certificates snap-in console, in the console tree, expand Certificates (Local Computer), and then click Personal.
    Right-click the Personal folder, point to All Tasks, and then click Import.
    On the Welcome to the Certificate Import Wizard page, click Next.
    On the File to Import page, in the File name box, specify the name of the certificate that you want to import, and then click Next.
    On the Password page, do the following:
    If you specified a password for the private key associated with the certificate earlier, type the password.
    If you want to mark the private key for the certificate as exportable, ensure that Mark this key as exportable is selected.
    If you want to include all extended properties for the certificate, ensure that Include all extended properties is selected.
    Click Next.
    On the Certificate Store page, accept the default option, and then click Next.
    On the Completing the Certificate Import Wizard page, confirm that the correct certificate has been selected.
    Click Finish.
    After the certificate import has successfully completed, a message appears confirming that the import was successful. Click OK.
    With Certificates selected in the console tree, in the details pane, verify that the correct certificate appears in the list of certificates on the TS Gateway server. The certificate must be under the Personal store of the local computer.


Once this is done and you are ready to apply the certificate:
Gateway:
Open TS Gateway Manager. To open TS Gateway Manager, click Start, point to Administrative Tools, point to Terminal Services, and then click TS Gateway Manager.
    In the TS Gateway Manager console tree, right-click the local TS Gateway server, and then click Properties.
    On the SSL Certificate tab, click Select an existing certificate for SSL encryption (recommended), and then click Browse Certificates.
    In the Install Certificate dialog box, click the certificate that you want to use, and then click Install.
    Click OK to close the Properties dialog box for the TS Gateway server.
    If this is the first time that you have mapped the TS Gateway certificate, after the certificate mapping is completed, you can verify that the mapping was successful by viewing the TS Gateway Server Status area in TS Gateway Manager. Under Configuration Status and Configuration Tasks, the warning stating that a server certificate is not yet installed or selected and the View or modify certificate properties hyperlink are no longer displayed


TS server:
Open “Remote Desktop Session Host Configuration”.
Right click on “RDP-tcp” in the center of the window and select “Properties”.
On the “General” tab, click the “Select” button, Select your certificate, and then click “OK”.
Click “OK” one more time, and then all future connections will be secured by the certificate.


I hope this is clear enough.
0
 

Author Comment

by:Eprs_Admin
ID: 40309394
yes it is thanks.

In my case I have ISA Firewall servers.
Do I have to do this here too ?
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 40309397
With no idea of how your ISA config is, this link from Microsoft will help:
http://technet.microsoft.com/en-us/library/cc731353%28v=ws.10%29.aspx

The link above provides very clear instructions for updating ISA for RD Gateway.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question