troubleshooting Question

This computer can't verify the identity of the RD Gatewat "remote.domain.com". Its not safe to connect to servers that cant be identified. Contact your network admin

Avatar of N B
N BFlag for Canada asked on
Networking
3 Comments3 Solutions2406 ViewsLast Modified:
Hi guys,

I am not too expert at certificates and need to resolve this issue soon.

I took over one client to help with IT work who have a RDS server. Basically couple of users work from home to use some RDS apps those are installed on this server, namely, QuickBooks and Outlook 2013. It is server 2012 R2. There are only two users who sometimes work from home.

I noticed that the last SSL was issue by godaddy which recently expired and therefore when I was trying to login to the "remote app" the error I was getting was pointing to the expired SSL and hence the app wont open.

Steps that users follow to run RDS apps on their local machine are as following:

- Visit: https://remote.domain.com/rdweb

- it shows a cert error that site is not secure. Your PC doesn’t trust this website’s security certificate.
The hostname in the website’s security certificate differs from the website you are trying to visit.
Error Code: DLG_FLAGS_INVALID_CA
DLG_FLAGS_SEC_CERT_CN_INVALID

- We continue regardless
- After login as the user -   domain\username
- We see the remote apps and desktop
- Click on QuickBooks app to run locally on the computer
- Click open and then Allow
- It ask for username and password in a window, enter the domain\user and password
- Box pop up with an error message.

In order to avoid this message and have users still work, I created a self-signed certificate using following steps:

- Opened RD Gateway manager on the RDS server
- Right click properties
- SSL Certificate tab
- Clicked on "create a self-signed certificate"
- Created a new self-signed ceritifThis computer can't verify the identity of the RD Gatewat "remote.domain.com". Its not safe to connect to servers that cant be identified. Contact your network adminicate and then copied it to "Trusted Root certificates"

It is now showing that The following cert is installed on "RDS server"

Issued to:  Myselfsignedcert-RDSServer.domain.local
Issued by: Myselfsignedcert-RDSServer.domain.local
Expiration: 2018-05-06

However after making these changes I am still not able to run the RDS apps from remote client computers ( windows 10 home computer ) and the error is coming as:

 This computer can't verify the identity of the RD Gatewat "remote.domain.com". Its not safe to connect to servers that cant be identified. Contact your network admin


Does this mean that I need to buy the certificate from other companies like Godaddy and only then it will work ?  
If yes for sure, what kind of cert I need to buy and what are the steps involved.

Can self-signed certificate work some how ?
( Sorry my knowledge in this area is very limited )

thank you in advance.
ASKER CERTIFIED SOLUTION
Hemil Aquino
Network Security Engineer
Join our community to see this answer!
Unlock 3 Answers and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 3 Answers and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros