none
RemoteApp Desktop Connection deployment in 2012 error 1004

    Question

  • Hi,

    I'm struggling to get Desktop Connection working for a small RemoteApp deployment, the error I get on the Windows client is:

    The URL you typed does not have a connection.

    Make sure that:

    -    You typed the correct connection URL                       

    Connection name:

    Connection URL: https://****.com.au/RDWeb/Feed/webfeed.aspx

    Error code: 0x80072EFC, 0x194

    My guess is that it has to do with this warning when clicking on the icons from RDWeb:

    As you can see from that my RDWeb, RDGateway and everything else uses a Trusted Wildcard certificate, however that certificate does not match the server AD FQDN. Is this the cause of the #1004 error above?

    If so how do I change the RDWeb server to use its correct name not internal name?

    All services are hosted on the same server and all clients are remote non-domain based users.

    Thanks,


    Martin Laukkanen (Project Server Blog - www.nearbaseline.com/blog)

    Tuesday, April 09, 2013 5:21 AM

Answers

All replies

  • In this case, you may try to create internal DNS an alias record pointing RDS private IP address to the external FQDN and have everyone access to the external FQDN. Another option is getting another certificate for the Internal FQDN. This case collections may help too.

    Remote Desktop cannot verify the identity of the remote computer ...

    Situation: When attempting to RemoteApp or RD Web on Windows 2008 R2, you
      may receive this ... computer1), but the RD Gateway is expecting an FQDN or IP
      address format (for example, ... Case 9: You may have a Certificate Corruption.

    www.chicagotech.net/remoteissues/rdc6.htm  

    Bob Lin, MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on

    http://www.ChicagoTech.net

    How to Setup Windows, Network, VPN & Remote Access on

    http://www.howtonetworking.com

    Tuesday, April 09, 2013 1:39 PM
  • Hi Bob,

    Thanks for the response, my question is how?

    Adding an internal / external A record mapping is already done, in fact the host.domain.local and host.domain.com.au addresses ARE both public addresses (this is a server in the cloud), either works internally but only one does externally.

    However I have not found a way to add a separate certificate for the internal connections. I have tried assigning a self signed certificate to the RDWeb and RDGateway using the internal name however this (as expected) breaks the RD Gateway as its certificate no longer matches the name.

    The problem appears to be that as both services are hosted on the same server (apparently) they cannot have different certificates?

    Regards,


    Martin Laukkanen (Project Server Blog - www.nearbaseline.com/blog)

    Tuesday, April 09, 2013 11:12 PM
  • Hi Martin,

    Have you considered creating a SAN Certificate with alternative names. 

    Best Regards,

    Tuesday, April 09, 2013 11:25 PM
  • Hi Ryan,

    I'd rather not if possible, as I'm not going to purchase a alternate name cert since this is a management server only and those certs are far more expensive than normal ones. I could create a self signed one, but then we admins have yet another cert to manually add for this.

    It would be great if I could just change the binding like in IIS for the RDP connection to use an alternate name..

    This was much easier using MSI files in 2008R2! hmm.

    Thanks,


    Martin Laukkanen (Project Server Blog - www.nearbaseline.com/blog)

    Wednesday, April 10, 2013 1:36 AM
  • Thanks Ryan,

    The certificate with a subject alternate name has fixed it!

    Not ideal as now I have to distribute another cert, but good enough for my purposes.

    FYI for the googlers here's the makecert command I used (after no shortage of trial and error!):

    .\makecert.exe -pe -r -n "CN=*.domain.com.au, CN=*.domain.local, CN=*.domain.com" 
    -len 4096 -sy 12 -ss my -sr CurrentUser -sky exchange
    -eku "1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.3,1.3.6.1.5.5.7.3.4"



    Martin Laukkanen (Project Server Blog - www.nearbaseline.com/blog)

    Wednesday, April 10, 2013 3:41 AM