Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Server 2012 R2 RDWEB SSL Issue

Posted on 2014-10-14
1
600 Views
Last Modified: 2014-10-14
I currently have a 2012 R2 server confgured to deploy apps using RDWEB.  Apps are published and working both internally and externally.  I have purchased and installed an SSL cert. from GoDaddy as well.

We are using split-brain DNS... Internal domain ends in .LOCAL and external domain ends in .COM.

When accessing the RDWEB page all is well...  The site uses the external name and SSL cert properly.

The issue is once logged into the site, and I launch an app I get the following dialogue box in attachment 1.  Then I get prompted for Username and Password, and then I get the dialogue box pop up in attachment 2.

If you notice the external name is there on attachment 1, and the internal name is there on attachment 2.....

External: apps.xxx.com
Internal: rds1.xxx.local

ATTACHMENT 1
ATTACHMENT 2
So the 2 questions are:

How can I get rid of the 2 dialogue boxes referring to SSL?

Why is it prompting me for Username and password when I launch an app AFTER I already successfully logged into the site?
0
Comment
Question by:BSModlin
1 Comment
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 40380185
If your AD name is .local then there is no way to eliminate the dialog boxes from any/all non-corporate devices. The issue here is that later RDP clients verify the internal server is who it says via SSL, and since the internal server name is .local, that is what is presented. Further, publicly trusted SSL certificates will no longer allow .local names (rightly) so you have this situation where you can't create a reliable trust.

You can always create an SSL cert from an internal CA and you can then distribute the trusted root cert, but only devices that have had the trusted root cert installed will present without the dialog box. This is also the reason for the repeated prompts. The untrusted nature prevents the authentication token from being automatically delegated through.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question