Omangom Infosystems Pvt Ltd
asked on
RDS farm in Windows Server 2012 R2
Hi Everyone,
Issues
Certificate mismatch issue.
Setup
- This is three server setup.
- RDS1 - Gateway, Broker, Web Access and Licensing.
- RDS2 and RDS3 are session host servers.
- Our local domain name is configured with .local name.
- I have setup split DNS forwards zone with gateway.mydomain.com and then point it to RDS1 server.
- Then i created farm.mydomain.com zone and addded both session host to it (Round Robin).
- I purchased a SAN cert with both name and applied it on all three servers.
Now when i try to connect if session goes to RDS3, it will go directly without any certification warning.
But if session goes to RDS2, it shows certificate mismatch error with its local name (RDS2.mydomain.local)
Please advise how I can overcome this issue? I thought DNS round robin should work in this case and should both server be detected as farm.mydomain.com instead of their local name.
Issues
Certificate mismatch issue.
Setup
- This is three server setup.
- RDS1 - Gateway, Broker, Web Access and Licensing.
- RDS2 and RDS3 are session host servers.
- Our local domain name is configured with .local name.
- I have setup split DNS forwards zone with gateway.mydomain.com and then point it to RDS1 server.
- Then i created farm.mydomain.com zone and addded both session host to it (Round Robin).
- I purchased a SAN cert with both name and applied it on all three servers.
Now when i try to connect if session goes to RDS3, it will go directly without any certification warning.
But if session goes to RDS2, it shows certificate mismatch error with its local name (RDS2.mydomain.local)
Please advise how I can overcome this issue? I thought DNS round robin should work in this case and should both server be detected as farm.mydomain.com instead of their local name.
*self signed cert
ASKER
HI RantCan,
Yes, I had tried that already.
After deleting cert, it still show me same warning, i thought i need to reboot the session server, i rebooted and that cert comes again.
Yes, I had tried that already.
After deleting cert, it still show me same warning, i thought i need to reboot the session server, i rebooted and that cert comes again.
So your SAN cert is for farm.domain.com? Or does it simply include both hostnames? The scenario described in the article below sounds close to your situation. I have also built a multi server farm and have not experienced your issue, but my servers are signed with a wildcard.
https://social.technet.microsoft.com/Forums/en-US/d4106ee6-2c80-46f1-b0f0-74ff27e9775e/rds-session-host-certificates-2012-r2?forum=winserverTS
https://social.technet.microsoft.com/Forums/en-US/d4106ee6-2c80-46f1-b0f0-74ff27e9775e/rds-session-host-certificates-2012-r2?forum=winserverTS
ASKER
I created a SAN cert with name of my gateway server.. desktop.mydomain.com and then i added SAN as farm.mydomain.com
I am using RDS web to take create session from external network.
I am using RDS web to take create session from external network.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
https://kx.cloudingenium.com/microsoft/servers/windows-servers/replacing-self-signed-remote-desktop-services-certificate-windows/