Solved

Server 2012 R2 RDWEB SSL Issue

Posted on 2014-10-14
1
583 Views
Last Modified: 2014-10-14
I currently have a 2012 R2 server confgured to deploy apps using RDWEB.  Apps are published and working both internally and externally.  I have purchased and installed an SSL cert. from GoDaddy as well.

We are using split-brain DNS... Internal domain ends in .LOCAL and external domain ends in .COM.

When accessing the RDWEB page all is well...  The site uses the external name and SSL cert properly.

The issue is once logged into the site, and I launch an app I get the following dialogue box in attachment 1.  Then I get prompted for Username and Password, and then I get the dialogue box pop up in attachment 2.

If you notice the external name is there on attachment 1, and the internal name is there on attachment 2.....

External: apps.xxx.com
Internal: rds1.xxx.local

ATTACHMENT 1
ATTACHMENT 2
So the 2 questions are:

How can I get rid of the 2 dialogue boxes referring to SSL?

Why is it prompting me for Username and password when I launch an app AFTER I already successfully logged into the site?
0
Comment
Question by:BSModlin
1 Comment
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40380185
If your AD name is .local then there is no way to eliminate the dialog boxes from any/all non-corporate devices. The issue here is that later RDP clients verify the internal server is who it says via SSL, and since the internal server name is .local, that is what is presented. Further, publicly trusted SSL certificates will no longer allow .local names (rightly) so you have this situation where you can't create a reliable trust.

You can always create an SSL cert from an internal CA and you can then distribute the trusted root cert, but only devices that have had the trusted root cert installed will present without the dialog box. This is also the reason for the repeated prompts. The untrusted nature prevents the authentication token from being automatically delegated through.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Let’s list some of the technologies that enable smooth teleworking. 
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now