Solved

Remote Desktop - Get Certificate error when connecting with IP vs Machine Name

Posted on 2014-10-15
4
522 Views
Last Modified: 2014-10-15
i just installed an Enterprise Cert Authority on my Domain and have set up a certificate template for Remote Desktop. That template is now part of a global policy for remote desktop, and seems to be working fine (no certificate issues) when I remote into a server using it's machine name. However, I get a "Name Mismatch" certificate error when I try to connect using the same servers IP address.

Is there any way to resolve this? We have a ton of servers, and most admin/developer users connect remotely to them via IP address rather than machine name.

-Colman
0
Comment
Question by:ca_nimrod
  • 2
4 Comments
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 250 total points
Comment Utility
the purpose of a certificate is to verify that the host name you are using is verified. When you connect with IP you are bypassing and just going straight to the server. Unfortunately, there is not a way around this except to use the name when connecting.
0
 
LVL 28

Assisted Solution

by:becraig
becraig earned 250 total points
Comment Utility
The explanation here is simple:
The way certificates work: They rely on matching the keypair as well as the CN or subject name or SAN Subject alternative names.

Since your certificate is probably issues in SERVERNAME as the CN then any requests that do not match SERVERNAME will show an error.

There is no way around this as Ip addresses are not accepted as Subject names for digital certificates:
http://tools.ietf.org/html/rfc6125#section-1.7.2

You can create a SAN and add the ip address if you want to, again this is not recommended.
0
 

Author Closing Comment

by:ca_nimrod
Comment Utility
Thank you, I had suspected as much but having confirmation of my suspicions is what I needed. Thank you.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
Comment Utility
you're welcome
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Suggested Solutions

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
Several part series to implement Internet Explorer 11 Enterprise Mode
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now