Server 2012 RemoteApps External Web Access Wildcard Certificate Issue
-
Friday, February 15, 2013 10:48 PM
Hello Everyone -
I'm hoping that someone here can help me with an issues that I'm having. I'm having an issues getting the RD Gateway to work correctly. Basically, I've bought a wildcard certificate *.domain.com and put that on all the services (RDWeb, SSO, Gate, etc). Internally everything works very smooth. Even have SSO going with no problems. This is all done using the web access https://remoteapps.domain.com or by adding the url to the remoteapp and desktop connection (That URL is also the https://remoteapps.domain.com/RDweb/feed/webfeed.aspx). Everything works great internally. The problem that I have is when I go external. I either get a certificate error about the name not matching or I get a "can not access Remote Access Server" error. If I change the RD Gateway to the FQDN (server.domain.local), I get the can't access error. If I put the external domain name (remoteapps.domain.com) I get the certificate error. The error with the certificate is that the name doesn't match which in some ways makes sense. The certificate is for the domain and it's calling the FQDN of the computer which is not the same. I don't understand why it's calling the FQDN when I've told it to use the remoteapps.domain.com name.
Hopefully someone can point me in the right direction on using the wildcard certificate and getting the correct address assigned to the RDP protocol.
Please let me know if you need any other information. I'll be glad to share what I can to help get this resolved.
Thanks,
Joey**EDIT***
I should mention that this is running on server 2012. I've also been reading where it looks like the sll certificate requirements have changed from 2008 to 2012. It looks like you have to have the local server name in the SSL certificate using a SAN. Can anyone confirm this for me as this may be my problem?
h t t p / / social.technet.microsoft.com/Forums/en-US/winserverTS/thread/36e19971-c154-4230-ad3d-2f197a49b6c7/
Thanks,
Joey- Edited by JoeyM304 Sunday, February 17, 2013 9:35 PM
All Replies
-
Monday, February 18, 2013 5:51 AMModerator
Hi,
Thanks for your post.
Firstly, you need to make sure the name of RD gateway server can be solved from External.
-> If I change the RD Gateway to the FQDN (server.domain.local), I get the can't access error. If I put the external domain name (remoteapps.domain.com) I get the certificate error.
Based on this, I assume that remoteapps.domain.com is resolvable from public. If this, you need to ensure the remoteapps.domain.com was contained in the wildcard certificate.
Best Regards,
AidenIf you have any feedback on our support, please click here
Aiden Cao
TechNet Community Support
- Edited by Aiden_CaoMicrosoft Contingent Staff, Moderator Monday, February 18, 2013 5:52 AM
-
Monday, February 18, 2013 2:53 PM
Hello Aiden -
remoteapps.domain.com is contained in the wildcard certificate. The problem is the FQDN isn't, which is when I get the certificate error when lauching a program. I'm pretty sure that I'm going to have to buy a UC certificate and add a SAN for the FQDN in the certificate for this to work correctly.
I would post a pictuer of the error, but the site won't let me.
Thanks,
Joey -
Monday, February 18, 2013 9:06 PM
I can confrim that by getting a UCC certificate with a SANs of the FQDN server worked.
Certificate UC:
remoteapps.domain.com
SAN's = servername.domain.localBy doing this and creating GP's for the thumb print and delegating default credentials removed all popup and warnings internal and external.
Hope this helps someone else!
- Marked As Answer by JoeyM304 Monday, February 18, 2013 9:06 PM
.png)
