none
Windows Server 2012 RC RDS Certificates....

    Question

  • Hi Everyone.

    I have a couple of things which I am unable to fathom concerning certificates for RD Session Hosts and RemoteApp in Windows Server 2012.

    1. Is it still possible to digitally sign .rdp files used for RemoteApps in order to avoid the security prompt, and enable passthrough authentication?
    2. Is it still possible to change the certificate on the RD Session Host connection to a certificate that is trusted by clients rather than a self signed one?

    I have looked around the UI for ages and cannot find anything.  The only thing that comes close is the Set-RDCertificate cmdlet, but am not entirely sure what this does.

    Any assistance would be greatly appreciated.

    TIA

    Shaun

    Thursday, July 26, 2012 12:12 AM

All replies

  • Certificate management is listed under the Deployment Properties, or global settings.


    Don Geddes - SR Support Escalation Engineer - Remote Desktop Services - Printing and Imaging


    Thursday, July 26, 2012 1:55 PM
  • Hi Don

    Thanks for the info. I found this setting this afternoon. However, this only only allows the addition of certs to the gateway, rdweb and connection broker servers. How do I go about changing the certificate on the session hosts? Is this done by GPO as with client machines?

    Also, when configuring the Publishin certificate, what should go here, as I have a cert which is trusted by the clients, but they are still prompted to confirm the publisher. 

    cheers

    Shaun

    Thursday, July 26, 2012 7:07 PM
  • For that scenario you would deploy a certificate for "Enable Single Sign On". The "Publishing" scenario is equivalent to signing RDP files (you used to do this with RemoteApp Manager).

    Click on each Role Service in the UI and you will see the area below "View Details" change with an explanation of what the certificate deployed there does.


    Don Geddes - SR Support Escalation Engineer - Remote Desktop Services - Printing and Imaging

    Thursday, July 26, 2012 7:22 PM
  • Thanks for the prompt reply Don.

    I do indeed have a certificate in here.  It is issued by my internal CA, which my clients trust.  However, my clients are still prompted with 'A website want to run a RemoteApp program.  Make sure you trust the publisher before you  connect to run the program.'

    There is no certificate error, as my client trusts the issuing CA.  Any ideas?  Also, I seem to be prompted for credentials when accessing a session desktop.  i.e. Web SSO does not appear to be functioning.  Any idea what may be causing this?  apologies for all the questions, but there doesnt appear to be muc around abou this, and it has changed a lot since W2k8R2.

    Cheers

    Shaun

    Thursday, July 26, 2012 10:28 PM
  • Can you post a screenshot of the dialog?  Chances are it is the expected dialog that a user sees that indicates that the RemoteApps are signed.  The only way to hide that prompt is for the user to check the box allowing it, or deploy a group policy that has the SHA1 thumbprint of the cert to the client machines.  The UI has definitely changed, but this behavior is the same as it was in 2008 R2. 

    Don Geddes - SR Support Escalation Engineer - Remote Desktop Services - Printing and Imaging


    Friday, July 27, 2012 3:10 PM