Start Free TrialLog in
Avatar of Drew McCurdy
Drew McCurdy

asked on 

How to correctly apply RDS certificate.

Client computers receive "Do you trust the publisher of this remote connection" when attempting to connect to Connection Broker.
User generated image
I have a Windows 2016, 4-server terminal services system configured as follows (NOTE: There is no Gateway configured)

Server 1 = Connection Broker, Licensing, and Web Access.
Server 2 = Session Host
Server 3 = Session Host
Server 4 = Profile host

A wildcard certificate *.domain.local has been issued by an Internal CA and installed on all servers. The certificate has been imported into RDS binding with all roles as shown in screenshot. Created certificate using https://dilanweerasinghe.wordpress.com/2015/01/24/creating-a-wild-card-certificate-for-remote-desktop-services/

User generated image
The .RDP file has been signed with the Thumbprint (Sha1) of the certificate.

I have populated the following GPO with the cert's thumbprint and have verified that client computers have been successfully updated.  Computer Configuration\Administrative Templates\Windows Desktop Services\Remote Desktop Connection Client.
Remote AccessWindows OSDesktops
Avatar of undefined
Last Comment
David Johnson, CD
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image
The publisher must be in your list of trusted publishers.
Avatar of Drew McCurdy
Drew McCurdy

ASKER

Per your suggestion, I added the certificate via GPO Configuration\Windows Settings\Security Settings\Public Key Policies\Trusted Publishers.  Policy was successfully applied to all servers and test client machine (evident by screenshot below), but still now working. Is there some other "list of trusted publishers" that needs to be updated?

User generated image
ASKER CERTIFIED SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Windows OS
Windows OS

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent