Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Remote Desktop Services Certificate Mismatch

Posted on 2015-01-05
Medium Priority
Last Modified: 2015-01-11
I am setting up a remote desktop services farm, and I'm getting a certificate mismatch when connecting to the session host. The notification says that the requested computer has a local domain, but the certificate on the remote computer is a .com domain. Does anyone know what I'm missing to make this work? It would seem that I have to change the FQDN of each TS to remote.company.com, but I don't know how to do that. Any help is greatly appreciated.
Question by:Brad212
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3

Author Comment

ID: 40531888
Screenshot of the certificate mismatch notification

Author Comment

ID: 40531890
These are the details of my deployment: My farm has 4 servers all running Windows Server 2012 R2. One server, let's call it TS-Services, holds 3 roles - RD Web Access, RD Gateway, and RD Connection Broker. The other 3 servers are session hosts. Let's call them TS1, TS2, and TS3. All 4 servers use the same wildcard certificate - *.company.com, and my RD Gateway external FQDN is set to remote.company.com. I believe I had to change the published RDS name of the Connection Broker (TS-Services) from the local FQDN to remote.company.com. However, I can't seem do that on the TSs because they are not connection brokers. My clients are connecting from Windows 7 PCs.

Author Comment

ID: 40531931
This is the notification that appears when trying to connect externally over the internet.
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

LVL 12

Assisted Solution

by:David Paris Vicente
David Paris Vicente earned 400 total points
ID: 40531941

You can find here in EE an answer to a similar problem.

If you continue to struggle with the problem let us know.

Hope it helps.


Author Comment

ID: 40532399
Update: My second screenshot is unrelated. I had neglected to setup a computer group in Remote Desktop Gateway Manager. Once that was I done, I was able to connect to the session hosts.
LVL 12

Expert Comment

by:David Paris Vicente
ID: 40533034

But the certification problem persists?
Did you check the EE link?

Accepted Solution

Brad212 earned 0 total points
ID: 40533817
Thanks for you comment. While the post you referenced is similar, I found a different solution. The other post recommends a SAN certificate, but because I had already purchased a wildcard cert - as most of the documentation I found online suggested, I was reluctant to change the cert. After some digging I found that RDP 8.0 (included with Windows 8) somehow works around the problem and doesn't present the certificate mismatch notification. My solution will be to update my Windows 7 clients to RDP 8.1 which is the latest version. Hopefully this will help someone else save some time and effort.
LVL 12

Expert Comment

by:David Paris Vicente
ID: 40533900
Great, keep the good work.


Author Closing Comment

ID: 40542922
I believe that using RDP 8.0 in conjunction with a Windows Server 2012 R2 RDS farm configured with 3rd party and self-signed certificates is the more modern approach than using SAN certificates. Some SSL cert providers have discontinued SAN certs.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s list some of the technologies that enable smooth teleworking. 
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question