none
Weird Remote WebApp issue...certificate being pulled by connection has no connection to server or domain in question

    Question

  • The RD gateway and RD session host are on the same computer.

    I am setting up a proof of concept WebApp for a client that has a FL and NYC site. Basically, a published WebApp site with MS Access for them to be able to hit from anywhere. We haven't purchased an SSL yet so I exported the server cert and imported it into the cert store of several test computers (in the trusted root cert authority). The subject name on the cert matches the FQDN of the server. I can log into the WebApp portal but when I try to launch MS access I get the error 'Your computer can't connect to the remote computer because the Remote Desktop Gateway server address requested and the certificate subject name do not match'. When I view the certificate I get a *.opendns.com cert!?!

    We opened up port 3389 to test and are able to launch the MS Access WebApp from anywhere without issue but this is unacceptable - we only want to allow 443 in.

    ...more info to follow. Still testing a few things

    TIA!

    Saturday, September 28, 2013 2:22 PM

Answers

  • Hi,
    Have you used Open DNS any time in your environment?

    Might it happens that the setting got place, try to clear the DNS cache with “ipconfig/flushdns” command.

    Also you can clear cache\Browse History on ‘Internet Explorer’ by following method:
    Go to the Tools menu, select Delete Browsing History, check all boxes (except passwords, if desired) and click Delete
    Refer OpenDNS link, for more information.

    As per the error message shown in your comment, it states that does not match the name. This might be happened because you have used RD Gateway NetBIOS name to connect. Have a look at this link for information.

    Hope This Helps!
    Thanks.

    Wednesday, October 02, 2013 7:17 AM

All replies

  • Hi,
    Thank you for your post in Windows Server Forum.

    Firstly, can you let me know the Operating System of your Server?

    As per my research, your certificate does not match the name you are trying to connect. May be it happens that your certificate name is “server.domain.local” and you are trying to connect to “server.domain.com”.  So they can’t match with each other. For this you need to generate the certificate so it matches the public name you are trying to use.

    You need to create a SSL Certificate for RD Gateway Server as it’s must to function properly. Refer Prerequisites for RD Gateway Installation which can help to understand and also find a link to create SSL Certificate.

    If you are using RD Gateway Server 2012, then refer this article. Try Best Practices Analyzer scan for RDS.

    Hope This Helps!
    Thanks.

    Monday, September 30, 2013 6:15 AM
  • Server 2008 R2

    The name on my cert (server.domain.com) and the server I am connecting to match. The cert is self signed. I exported it from the server and imported it into a couple test workstations.

     I am wondering why it's picking up a *.opendns.com cert when I click on the 'view cert' button.

    Thx

    Edit - please see image. I exported the rd host cert and imported it locally but it still won't connect. The cert that comes up when I hit view cert to completely different than any of the certs I'm working with (where did it get it?). This is in IE 10.


    • Edited by Alceryes Monday, September 30, 2013 3:20 PM
    Monday, September 30, 2013 12:46 PM
  • Hi,

    There might be some time delay to further look at this issue. Appreciate your patience.

    Thank you for your understanding and support.

    Thanks.

    Wednesday, October 02, 2013 1:39 AM
  • Hi,
    Have you used Open DNS any time in your environment?

    Might it happens that the setting got place, try to clear the DNS cache with “ipconfig/flushdns” command.

    Also you can clear cache\Browse History on ‘Internet Explorer’ by following method:
    Go to the Tools menu, select Delete Browsing History, check all boxes (except passwords, if desired) and click Delete
    Refer OpenDNS link, for more information.

    As per the error message shown in your comment, it states that does not match the name. This might be happened because you have used RD Gateway NetBIOS name to connect. Have a look at this link for information.

    Hope This Helps!
    Thanks.

    Wednesday, October 02, 2013 7:17 AM