windows 2008 r2 terminal server SSL not using SSL from godaddy

On a windows 7 client, when you open up RDP and enter in my terminal server name and click connect

terminalserver1
or
terminalserver1.mydomain.com

it wants your user/password

then it gives you the error box

The identity of the remote computer cannot be verified. Do you want to connect anyway?
it gives you the certificate from the remote server
terminalserver1.mydomain.local

Certificate errors
the certificate is not from a trusted certifying authority

I have purchased a wild card SSL from godaddy
*.mydomain.com

the terminal server is a 2008r2

If I open up MMC > Certificates
under Certificates (Local Computer) > Personal > Certificates
I see both certificates
*.mydomain.com
terminalserver1.mydomain.local

If i look at under Certificates (Local Computer) > Remote Desktop > Certificates
I see both certificates
*.mydomain.com
terminalserver1.mydomain.local


Looking at RD Gateway Manager
terminalserver1 (Local) > right click Properties
SSL Certificate tab
It shows my certificate
*.mydomain.com

Why wont it use the SSL from godaddy?
knightdogsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gajendra RathodSr. System AdministratorCommented:
Please install latest service pack in windows 2008 R2.

Download and install latest RDP client on windows 7 machine.
0
Tony JLead Technical ArchitectCommented:
I suspect the clue here is in the line "the certificate is not from a trusted certifying authority".

Try downloading and installing the root and intermediate GoDaddy certificates from here:

https://certs.godaddy.com/repository

If this works, you can use group policies to deploy them to all your computers.

There is a great description here about using wildcard certificates in RDS environments: http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
knightdogsAuthor Commented:
Gajendra,  both systems are fully patched.

Tony1044,  What I think the issue is is that it is handing out a local domain certificate instead of the godaddy certificate.
0
Tony JLead Technical ArchitectCommented:
Yes...from that article I linked to, there is a workaround for that:

~~~~~~~~~~~~~~~~~~~~~~snip~~~~~~~~~~~~~~~~~~~~

In scenarios where you have external clients connecting in and you have a private internal domain suffix (DOMAIN.LOCAL), you can get a certificate from a Public CA with the external (RDWEB.DOMAIN.COM) name and bind it to the RD Web Access and RD Gateway roles, because these are the only roles that are exposed to the internet.  For RD Connection Broker – Publishing and RD Connection Broker* – Enable Single Sign On, you can make use of an internal certificate with the ‘DOMAIN.LOCAL’ name on it.  This however, as mentioned earlier, will only work with clients connecting through RDC 8.0 or above.

~~~~~~~~~~~~~~~~~~end snip~~~~~~~~~~~~~~~~~~~~

Of course it's worth noting that .local is/has been dropped from public CA certificates. If you want to continue using .local then you really need an internal CA to handle them.

Ah in fact, from the same article:

~~~~~~~~~~~~~~~~~~~~~~snip~~~~~~~~~~~~~~~~~~~~

The following blog contains information regarding the type of certificates and how you can create them using the Internal CA of the domain.

http://blogs.msdn.com/b/rds/archive/2010/04/09/configuring-remote-desktop-certificates.aspx

~~~~~~~~~~~~~~~~~~end snip~~~~~~~~~~~~~~~~~~~~

*In this case, the RDS server.
0
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.