Avatar of brainsurf1
brainsurf1Flag for United States of America

asked on 

Remote Desktop Gateway connection intermittent with certificate error

When attempting to remote desktop into an RDS gateway server, we are receiving the following error:

"Your computer can't connect to the remote computer because the Remote Desktop Gateway server's certificate has expired or has been revoked. Contact your network administrator for assistance."

The server is Windows Server 2008 R2, and we are positive the SSL certificate is valid. RDWeb is working fine and can be used to remote desktop other computers on the network without issue.

We have already tried reinstalling the RDS role and had the certificate reissued. We have been seeing this issue connecting from Windows 7, Server 2008, and from the Microsoft Remote Desktop app from iTunes. Oddly enough, if you keep trying, the connection will eventually succeed after a random number of times. On some systems, the connection succeeds nearly 100% of the time.
Windows Server 2008Remote AccessActive Directory

Avatar of undefined
Last Comment
brainsurf1
Avatar of VB ITS
VB ITS
Flag of Australia image

On the RD Gateway server, open Administrative ToolsRemote Desktop Services > launch the Remote Desktop Gateway Manager > right click on your server name in the left pane > Properties > click on the SSL Certificate tab > verify that the correct certificate is showing underneath The following certificate is installed on <SERVER NAME>

If it's showing the old certificate that has expired, click Select an existing certificate from the RD Gateway SERVER Certificates (Local Computer)/Personal store > then click on the Import Certificate button > select your recently renewed certificate > OK > RD Gateway Manager show now show the correct certificate. Test the RD Gateway again.
User generated image
If you still don't see the new SSL certificate, restart the Remote Desktop Gateway service (NB: this may kick out everyone currently logged in via RD Gateway).

Let me know how you go.
Avatar of brainsurf1
brainsurf1
Flag of United States of America image

ASKER

We have already imported a valid SSL certificate into the RDS gateway MMC. This certificate was recently purchased and doesn't expire for several years.
Avatar of VB ITS
VB ITS
Flag of Australia image

What happens when you open the Certificates MMC for the Local Computer/Personal store and double click on the new SSL certificate? Does it show up as valid?
Avatar of brainsurf1
brainsurf1
Flag of United States of America image

ASKER

The certificate does show up as valid.

User generated image
User generated image
Avatar of VB ITS
VB ITS
Flag of Australia image

I'm assuming you deleted the old expired certificate from the store as well once it was replaced? Sorry, have to cross off the standard stuff first.

Do you see any warnings/errors in the logs when you attempt to connect remotely via RD Gateway?
SOLUTION
Avatar of v_2abhis2
v_2abhis2

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of brainsurf1
brainsurf1
Flag of United States of America image

ASKER

Thanks everyone for your responses. Abhishek, I downloaded the certificate revocation list from the URL provided in the details for the certificate. However, I was unable to find the serial number for our certificate in the revocation list.

One complication to this is that we have actually just reissued our RDS gateway certificates to use SHA-256 after they were previously all SHA-1. The certs were working fine until recently, but we have deleted the old certs from the server (issue persists).
ASKER CERTIFIED SOLUTION
Avatar of brainsurf1
brainsurf1
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Avatar of brainsurf1
brainsurf1
Flag of United States of America image

ASKER

The server was not improperly configured. Our clients likely had issues with a larger bit length in the SSL certificate.
Windows Server 2008
Windows Server 2008

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.

86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo