I have an environment that is exploding into about 3000+ virtual Windows 7 PCs across 14 Windows 2008R2 and Windows 2012R2 clusters and users sitting at Wyse thin clients running Win7e. We were using the connection broker in Windows 2008R2 but
that was a pain and when we started upgrading to Windows 2012R2 server to host the virtual PCs the broker changed and in general Microsoft's brokers didn't work too well especially if a cluster member crashed (Win2008R2) and all the VMs abandoned ship, the
broker did not know how was hosting the VMs now and you'd get errors trying to connect.....
We designed our own broker, a simple webpage that asks the user their username, looks it up in the tsMSPrimaryDesktop field like Windows 2008R2's connection broker used to. This is also the field under the Personal Virtual Desktop tab in AD Users and
Computers. Since we just use the Hostname of the virtual PC it works across all the clusters no matter the version. The webpage does some other stuff like ping your virtual to make sure it's online, see if the user account is locked, etc but in
general it then simply generates an .RDP file (with our preset settings), sticks the PC name in the "full address" line and also drops in the username supplied previously to "username" line (why ask the user twice).
Problem is the "Publisher of this remote connection can't be identified" popup. This entire environment is a closed network, NO internet access whatsoever.
I've seen articles talking about using certificats to sign the RDP files and such but I have ONE .RDP that is "generated" on the fly called GOTOMYPC.RDP. This .RDP actually contains simple ASP code and the IIS server is told to run *.RDP
files through the ASP compiler so when the users thin client sees it it knows the default app for an .RDP file is MSTSC.
Can't I just set a setting on the thin clients in the registry that we don't care don't check for certificates or whatever? Similarly the way you can tell IE "Don't do certificate revocation checks" etc... Making 3000 RDP files that
are signed does not seem like a logical solution.
Please check that you have properly configured certificate in your environment. For a try you can enable
Specify SHA1 thumbprints of certificates representing trusted .rdp publishers group policy setting for your client PCs. By doing this it will remove the warning which user will receive for trusted certificate also. You can find this setting
under below path.
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.