Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 650
  • Last Modified:

Server 2012 R2 RDWEB SSL Issue

I currently have a 2012 R2 server confgured to deploy apps using RDWEB.  Apps are published and working both internally and externally.  I have purchased and installed an SSL cert. from GoDaddy as well.

We are using split-brain DNS... Internal domain ends in .LOCAL and external domain ends in .COM.

When accessing the RDWEB page all is well...  The site uses the external name and SSL cert properly.

The issue is once logged into the site, and I launch an app I get the following dialogue box in attachment 1.  Then I get prompted for Username and Password, and then I get the dialogue box pop up in attachment 2.

If you notice the external name is there on attachment 1, and the internal name is there on attachment 2.....

External: apps.xxx.com
Internal: rds1.xxx.local

ATTACHMENT 1
ATTACHMENT 2
So the 2 questions are:

How can I get rid of the 2 dialogue boxes referring to SSL?

Why is it prompting me for Username and password when I launch an app AFTER I already successfully logged into the site?
0
BSModlin
Asked:
BSModlin
1 Solution
 
Cliff GaliherCommented:
If your AD name is .local then there is no way to eliminate the dialog boxes from any/all non-corporate devices. The issue here is that later RDP clients verify the internal server is who it says via SSL, and since the internal server name is .local, that is what is presented. Further, publicly trusted SSL certificates will no longer allow .local names (rightly) so you have this situation where you can't create a reliable trust.

You can always create an SSL cert from an internal CA and you can then distribute the trusted root cert, but only devices that have had the trusted root cert installed will present without the dialog box. This is also the reason for the repeated prompts. The untrusted nature prevents the authentication token from being automatically delegated through.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now