Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Remote Desktop - Get Certificate error when connecting with IP vs Machine Name

Posted on 2014-10-15
4
Medium Priority
?
703 Views
Last Modified: 2014-10-15
i just installed an Enterprise Cert Authority on my Domain and have set up a certificate template for Remote Desktop. That template is now part of a global policy for remote desktop, and seems to be working fine (no certificate issues) when I remote into a server using it's machine name. However, I get a "Name Mismatch" certificate error when I try to connect using the same servers IP address.

Is there any way to resolve this? We have a ton of servers, and most admin/developer users connect remotely to them via IP address rather than machine name.

-Colman
0
Comment
Question by:Colman Andrews, PMP
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 1000 total points
ID: 40382697
the purpose of a certificate is to verify that the host name you are using is verified. When you connect with IP you are bypassing and just going straight to the server. Unfortunately, there is not a way around this except to use the name when connecting.
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 1000 total points
ID: 40382707
The explanation here is simple:
The way certificates work: They rely on matching the keypair as well as the CN or subject name or SAN Subject alternative names.

Since your certificate is probably issues in SERVERNAME as the CN then any requests that do not match SERVERNAME will show an error.

There is no way around this as Ip addresses are not accepted as Subject names for digital certificates:
http://tools.ietf.org/html/rfc6125#section-1.7.2

You can create a SAN and add the ip address if you want to, again this is not recommended.
0
 

Author Closing Comment

by:Colman Andrews, PMP
ID: 40382734
Thank you, I had suspected as much but having confirmation of my suspicions is what I needed. Thank you.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40382752
you're welcome
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question