Remote Desktop - Get Certificate error when connecting with IP vs Machine Name

i just installed an Enterprise Cert Authority on my Domain and have set up a certificate template for Remote Desktop. That template is now part of a global policy for remote desktop, and seems to be working fine (no certificate issues) when I remote into a server using it's machine name. However, I get a "Name Mismatch" certificate error when I try to connect using the same servers IP address.

Is there any way to resolve this? We have a ton of servers, and most admin/developer users connect remotely to them via IP address rather than machine name.

-Colman
Colman Andrews, PMPSystems EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joshua GrantomSenior Systems AdministratorCommented:
the purpose of a certificate is to verify that the host name you are using is verified. When you connect with IP you are bypassing and just going straight to the server. Unfortunately, there is not a way around this except to use the name when connecting.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
becraigCommented:
The explanation here is simple:
The way certificates work: They rely on matching the keypair as well as the CN or subject name or SAN Subject alternative names.

Since your certificate is probably issues in SERVERNAME as the CN then any requests that do not match SERVERNAME will show an error.

There is no way around this as Ip addresses are not accepted as Subject names for digital certificates:
http://tools.ietf.org/html/rfc6125#section-1.7.2

You can create a SAN and add the ip address if you want to, again this is not recommended.
0
Colman Andrews, PMPSystems EngineerAuthor Commented:
Thank you, I had suspected as much but having confirmation of my suspicions is what I needed. Thank you.
0
Joshua GrantomSenior Systems AdministratorCommented:
you're welcome
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.