Fizicist
asked on
2012 R2 Terminal Server UCC Cert SAN Name
Hi,
We have a 2012 R2 Terminal Server that has a UCC cert that was created on an Exchange Server on the domain. The SAN name is remote.xxx.xxx. When I attempt to log into the Terminal Server using RDP on an 8.1 client, I get the warning "Name mismatch". The requested remote computer reports the internal server name, not the outside FQDN. I'm including a pic with the error. If I figure this out before a reply, I'll include a fix for anyone else running into this.
rdp-error.png
We have a 2012 R2 Terminal Server that has a UCC cert that was created on an Exchange Server on the domain. The SAN name is remote.xxx.xxx. When I attempt to log into the Terminal Server using RDP on an 8.1 client, I get the warning "Name mismatch". The requested remote computer reports the internal server name, not the outside FQDN. I'm including a pic with the error. If I figure this out before a reply, I'll include a fix for anyone else running into this.
rdp-error.png
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Didn't go the route of adding a SAN of the internal server. As you know GoDaddy doesn't do .local and the others we use probably will follow. A co-worker figured it out and I'm posting here. If anyone else needs to do this, here are the things we had to do.
1) We used a powershell script from microsoft.https://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80 (Set-RDPublishedName.ps1)
This changed the servers published name to match the SAN Certificate name we selected.
2) We then followed http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/
This involved first making Session Collection. You right-click "RD Session Host" and select "Create Session Collection". If you read the 2nd URL, a link to the 1st URL is in the instructions.
3) Under RDP Gateway Manager. Right-click server and select properties. Go to the "Server Farm" tab and add
your SAN name under "RD Gateway server farm member:".
Hope this helps others who run into the issue of using a SAN certificate.
Enjoy
1) We used a powershell script from microsoft.https://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80 (Set-RDPublishedName.ps1)
This changed the servers published name to match the SAN Certificate name we selected.
2) We then followed http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/
This involved first making Session Collection. You right-click "RD Session Host" and select "Create Session Collection". If you read the 2nd URL, a link to the 1st URL is in the instructions.
3) Under RDP Gateway Manager. Right-click server and select properties. Go to the "Server Farm" tab and add
your SAN name under "RD Gateway server farm member:".
Hope this helps others who run into the issue of using a SAN certificate.
Enjoy
ASKER