Solved

2008 RDS Security certificate name mismatch

Posted on 2015-01-26
6
131 Views
Last Modified: 2015-02-06
Hi guys,

I have a Windows 2008 RDS server farm with one session broker and two session hosts. When attempting to connect to the farm name (which is in DNS as a round robin setup), I get the attached certificate error. It doesn't matter if I install the certificate or trust it, I still am unable to connect without getting popups for both session hosts. Any help you can offer would be greatly appreciated. Thanks!

-Roy
0
Comment
Question by:roycbene
  • 3
  • 3
6 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40570826
There is no attachment.
0
 
LVL 3

Author Comment

by:roycbene
ID: 40570849
Not sure why that didn't attach. Here you are.
cert-error.JPG
0
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40571113
This error is displayed as by default RDS using self signed certificates and they are not part of a trusted root certificate server.  To get over this issue, you have two choices:  purchased SSL certificates from a vendor such as Verisign or if you have your own certificate server, generate a certificate on your root CA.  With AD, you can install your own Root CA.  Below is a link stating how you could do this:

http://www.derekseaman.com/2013/01/creating-custom-remote-desktop-services.html
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 3

Author Comment

by:roycbene
ID: 40571201
Ok. I have a GoDaddy certificate that I installed with the farm name as one of the Subject Alternative names. My farm is set up like this

-Session Broker (RDS02)
-Two session hosts (RDS03 and RDS04)
-Round Robin in DNS where A record for Farm name is set on each session host IP.

Questions:

1. Do I need to install the certificate on the Session broker AND The two session hosts? If so, what store?
2. Do I need RDS03 and RDS04 as Subject Alternative Names in the certificate? Or will the farm name be sufficient.

Thanks!

-Roy
0
 
LVL 25

Accepted Solution

by:
Mohammed Khawaja earned 500 total points
ID: 40572715
You need one certificate which should be SAN and contain the FQDN for the gateway as well as the fqdn for each RDS server.
0
 
LVL 3

Author Comment

by:roycbene
ID: 40573241
Ok,

So I've rekeyed my public cert 'mail.mydomain.com'. The SANs in the cert have the farm name, as well as all individual servers. I assigned the cert and intermediates (all in the pfx file) to the server. I put the primary in the personal store and the intermediates, obviously, in the intermediate store (on each server). However, when users go to connect, they still get a name mismatch error. Why is this? Is having all the names in the SANs not enough?

-Roy
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now