Windows Server TechCenter >
Windows Server Forums
>
Terminal Services
>
RD Web Access -> Remote Desktop Tab: Having Some Issues
RD Web Access -> Remote Desktop Tab: Having Some Issues
- Hello,
I'm experiencing some issues with the user experience on Remote Desktop Web Access on Server 2008 R2. When I sign into Web Access as a user on a Windows 7 workstation, click the Remote Desktops tab, then enter any computer name (or even a Remote Desktop Services farm name), I get a pop-up message:
"A website wants to run a RemoteApp program. The publisher of this RemoteApp program cannot be identified."
Publisher: Unknown publisher
Type: Remote Desktop Connection
Remote computer: <name of the server, client, or Remote Desktop Services session host farm>
Gateway server: gateway.domain.com
Based on my understanding of the connection process, the Remote Desktop Web Access site is generating and downloading a RDP file to the client. It sounds as though the RDP file is coming down as unsigned.
The gateway is configured with a certificate that matches the DNS entry for it. Likewise, my RDS Session Host farm is configured with a certificate matching the name of the farm. I have Remote Desktop Connection Broker installed and configured properly for the farm -- if I access the RDS Session Host farm directly (without using RD Web Access), the connection works just fine with single sign-on (SSO) functionality. I can even force my RDS Session Host farm connections to use the gateway and it still works with SSO.
Anyone have any ideas? Is this by design, or is there a way to circumvent this behavior? I'd rather not have my users have to re-enter credentials.
Thanks!
Frank Lesniak
Answers
- Hi,
This is normal behavior. The Remote Desktops tab provides a way to manually connect to a server, and the connection parameters are not digitally signed since they are specified by the end user.
Digital signing an rdp file provides a way for the publisher to put their "stamp of approval" on a set of connection settings (server name, remoteapp name, rd gateway, redirection settings, etc.) so that an end user will know if any tampering has occurred, and if the settings originated from the genuine publisher. In the case of the Remote Desktops tab, the end user is the one controlling the contents of the rdp file, so the publisher has no way to vouch for the contents beforehand.
Thanks.
-TP- Proposed As Answer byTP [] Monday, November 09, 2009 2:43 PM
- Marked As Answer byFrank Lesniak Monday, November 09, 2009 2:46 PM
All Replies
- Hi,
This is normal behavior. The Remote Desktops tab provides a way to manually connect to a server, and the connection parameters are not digitally signed since they are specified by the end user.
Digital signing an rdp file provides a way for the publisher to put their "stamp of approval" on a set of connection settings (server name, remoteapp name, rd gateway, redirection settings, etc.) so that an end user will know if any tampering has occurred, and if the settings originated from the genuine publisher. In the case of the Remote Desktops tab, the end user is the one controlling the contents of the rdp file, so the publisher has no way to vouch for the contents beforehand.
Thanks.
-TP- Proposed As Answer byTP [] Monday, November 09, 2009 2:43 PM
- Marked As Answer byFrank Lesniak Monday, November 09, 2009 2:46 PM
- Makes sense... I was hoping that I was missing something. Thanks!
