Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Remote Desktop - Get Certificate error when connecting with IP vs Machine Name

Posted on 2014-10-15
4
Medium Priority
?
740 Views
Last Modified: 2014-10-15
i just installed an Enterprise Cert Authority on my Domain and have set up a certificate template for Remote Desktop. That template is now part of a global policy for remote desktop, and seems to be working fine (no certificate issues) when I remote into a server using it's machine name. However, I get a "Name Mismatch" certificate error when I try to connect using the same servers IP address.

Is there any way to resolve this? We have a ton of servers, and most admin/developer users connect remotely to them via IP address rather than machine name.

-Colman
0
Comment
Question by:Colman Andrews, PMP
  • 2
4 Comments
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 1000 total points
ID: 40382697
the purpose of a certificate is to verify that the host name you are using is verified. When you connect with IP you are bypassing and just going straight to the server. Unfortunately, there is not a way around this except to use the name when connecting.
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 1000 total points
ID: 40382707
The explanation here is simple:
The way certificates work: They rely on matching the keypair as well as the CN or subject name or SAN Subject alternative names.

Since your certificate is probably issues in SERVERNAME as the CN then any requests that do not match SERVERNAME will show an error.

There is no way around this as Ip addresses are not accepted as Subject names for digital certificates:
http://tools.ietf.org/html/rfc6125#section-1.7.2

You can create a SAN and add the ip address if you want to, again this is not recommended.
0
 

Author Closing Comment

by:Colman Andrews, PMP
ID: 40382734
Thank you, I had suspected as much but having confirmation of my suspicions is what I needed. Thank you.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40382752
you're welcome
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
In this modest contribution, I want to share with the IT community (especially system administrators, IT Support Engineers and IT Help Desks) about Windows crashes/hangs and how to deal with these particular problems.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question