Solved

2008 RDS Security certificate name mismatch

Posted on 2015-01-26
6
151 Views
Last Modified: 2015-02-06
Hi guys,

I have a Windows 2008 RDS server farm with one session broker and two session hosts. When attempting to connect to the farm name (which is in DNS as a round robin setup), I get the attached certificate error. It doesn't matter if I install the certificate or trust it, I still am unable to connect without getting popups for both session hosts. Any help you can offer would be greatly appreciated. Thanks!

-Roy
0
Comment
Question by:roycbene
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40570826
There is no attachment.
0
 
LVL 3

Author Comment

by:roycbene
ID: 40570849
Not sure why that didn't attach. Here you are.
cert-error.JPG
0
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40571113
This error is displayed as by default RDS using self signed certificates and they are not part of a trusted root certificate server.  To get over this issue, you have two choices:  purchased SSL certificates from a vendor such as Verisign or if you have your own certificate server, generate a certificate on your root CA.  With AD, you can install your own Root CA.  Below is a link stating how you could do this:

http://www.derekseaman.com/2013/01/creating-custom-remote-desktop-services.html
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 3

Author Comment

by:roycbene
ID: 40571201
Ok. I have a GoDaddy certificate that I installed with the farm name as one of the Subject Alternative names. My farm is set up like this

-Session Broker (RDS02)
-Two session hosts (RDS03 and RDS04)
-Round Robin in DNS where A record for Farm name is set on each session host IP.

Questions:

1. Do I need to install the certificate on the Session broker AND The two session hosts? If so, what store?
2. Do I need RDS03 and RDS04 as Subject Alternative Names in the certificate? Or will the farm name be sufficient.

Thanks!

-Roy
0
 
LVL 25

Accepted Solution

by:
Mohammed Khawaja earned 500 total points
ID: 40572715
You need one certificate which should be SAN and contain the FQDN for the gateway as well as the fqdn for each RDS server.
0
 
LVL 3

Author Comment

by:roycbene
ID: 40573241
Ok,

So I've rekeyed my public cert 'mail.mydomain.com'. The SANs in the cert have the farm name, as well as all individual servers. I assigned the cert and intermediates (all in the pfx file) to the server. I put the primary in the personal store and the intermediates, obviously, in the intermediate store (on each server). However, when users go to connect, they still get a name mismatch error. Why is this? Is having all the names in the SANs not enough?

-Roy
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Like many organizations, your foray into cloud computing may have started with an ancillary or security service, like email spam and virus protection. For some, the first or second step into the cloud was moving email off-premise. For others, a clou…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question