Solved

Server 2012 R2 RDWEB SSL Issue

Posted on 2014-10-14
1
620 Views
Last Modified: 2014-10-14
I currently have a 2012 R2 server confgured to deploy apps using RDWEB.  Apps are published and working both internally and externally.  I have purchased and installed an SSL cert. from GoDaddy as well.

We are using split-brain DNS... Internal domain ends in .LOCAL and external domain ends in .COM.

When accessing the RDWEB page all is well...  The site uses the external name and SSL cert properly.

The issue is once logged into the site, and I launch an app I get the following dialogue box in attachment 1.  Then I get prompted for Username and Password, and then I get the dialogue box pop up in attachment 2.

If you notice the external name is there on attachment 1, and the internal name is there on attachment 2.....

External: apps.xxx.com
Internal: rds1.xxx.local

ATTACHMENT 1
ATTACHMENT 2
So the 2 questions are:

How can I get rid of the 2 dialogue boxes referring to SSL?

Why is it prompting me for Username and password when I launch an app AFTER I already successfully logged into the site?
0
Comment
Question by:BSModlin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40380185
If your AD name is .local then there is no way to eliminate the dialog boxes from any/all non-corporate devices. The issue here is that later RDP clients verify the internal server is who it says via SSL, and since the internal server name is .local, that is what is presented. Further, publicly trusted SSL certificates will no longer allow .local names (rightly) so you have this situation where you can't create a reliable trust.

You can always create an SSL cert from an internal CA and you can then distribute the trusted root cert, but only devices that have had the trusted root cert installed will present without the dialog box. This is also the reason for the repeated prompts. The untrusted nature prevents the authentication token from being automatically delegated through.
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question