none
SAN certificate OK?

    问题

  • Windows 2008 R2 SP1 RDSH, RD Web

    http://technet.microsoft.com/en-us/library/cc754499.aspx
    If you are already using an SSL certificate for RD Session Host server or RD Gateway connections, you can use the same certificate to sign .rdp files.
    We have digicert SAN certificate and I used it to assign the remote apps. 
    But when users connect, get the warning as the image:

    What am I missing?

    Thank you.

    2012年2月8日 19:30

答案

  • Hi,

    1. Are you always using full user name when logging on to RDWeb?  Example: domain\username

    2. On a problem external machine, close all IE windows, make sure iexplore.exe is not listed in task manager processes, disconnect any Remote Desktop connections, if the Remote Desktop icon is in the notification area right-click and choose Disconnect all.  Open IE, Safety--Delete Browsing History, uncheck Preserve Favorites website data, select Temporary Internet Files, Cookies, Passwords, click Delete.

    3. After deleting has completed browse to RDWeb, enter full user name and password, select This is a private computer, and test if WebSSO works for RemoteApps.

    Thanks.

    -TP

    • 已标记为答案 SGryzbowski 2012年2月22日 15:10
    2012年2月21日 21:32
    版主

全部回复

  • Hi,

    The warning you are seeing is normal. 

    When logging on to RD Web Access please select This is a private computer option (assuming it is not a public computer).  When a user first launches a RemoteApp they will receive the prompt:

    A website wants to run a RemoteApp program. Make sure that you trust the publisher before you connect to run the program.

    Select Don't ask me again for remote connections from this publisher to prevent the prompt from being displayed in the future.  It will be displayed again if you add more redirection options later in RemoteApp Manager.

    For PCs that are members of your domain you may enable the group policy setting Specify SHA1 thumbprints of certificates representing trusted .rdp publishers to disable the warning prompt.  You want to enter the thumbprint from the details tab when you are viewing the certificate, however, you must remove the spaces.  Below is a sample thumbprint:

    E23FE25A13F8F1ED1CA8EA4C6F0E8A47C39EF162

    -TP

    2012年2月8日 19:46
    版主
  • Hi TP,

    I tried this but in the remote desktop of RD web, I still get as the screen shot

    >Select Don't ask me again for remote connections from this publisher to prevent the prompt >from being displayed in the

    I even can not see this option.

    What am I missing?

    Thank you for your help.

    2012年2月20日 16:13
  • Hi,

    1. Please make sure you have a certificate from a trusted authority configured in RemoteApp Manager Digital Signature Settings.  You had it this way before based on the screen shot you posted at the start of this thread.  Please take a look at your earlier screen shot.  Notice how the top is different?

    2. When logging on to RD Web Access please select This is a private computer option (assuming it is not a public computer).

    -TP

    2012年2月20日 16:47
    版主
  • Hi TP,

    I previously used SAN certificate and now we  purchased SSL certificate with one common name farm1.mycompany.com.  Since I have two RD web servers, I export the certificate from IIS 7.0 server certificate to .pfx on the server1 and then import it to the second RD web server server2.  the certificate is showns as the screen shot:

    The certificate on the server2's  IIS server certifictae does not look right.

    Can I import the certificate to the second server?

    Thank you.

    2012年2月20日 18:43
  • Hi,

    Yes, you should be able to Export the certificate and its private key from the working server to server2.  When exporting make sure you select the option to include all certificates in the certification path if possible.  It looks like you may be missing an Intermediate cert.  Please take a look at the Certification Path tab for details.

    Thanks.

    -TP

    2012年2月20日 19:33
    版主
  • Hi TP,

    Thanks for the tip and the certificate can be imported without error.

    But, when I access the RemoteDesktop of RD Web, I still get the previous error as the above post.

    I difinitely use the certificate to sign in the Remote App manager.  applied the group policy with thumbprint.

    Where should I check REmote Desktop tab  of RD Web?

    Thank you.


    2012年2月21日 15:09
  • Hi,

    What is the precise error you are seeing on the client PC when you run the RemoteApp?

    When you view the certificate on the client PC are there errors?

    Please first get it working correctly without using the GPO for the thumbprint, then set the thumbprint option as the last phase.  That way you can troubleshoot things one step at a time.  Without setting the GPO, if everything is correct and you select This is a private computer option on the RDWeb site, you should get the option for Don't ask me again...

    Thanks.

    -TP

    2012年2月21日 17:15
    版主
  • Hi TP,

    Here is the detailed info:

    When I click "Remote Desktop" of RD web and choose "Connect", I get the unknow publisher error

    as the following screenshot:

    Thank you.

    2012年2月21日 19:39
  • Hi,

    It is normal and expected to get this error when using the Remote Desktop tab.  When you use the Remote Desktop tab the .rdp file is being built dynamically based on selections/data provided by the end user so therefore it is not digitally signed.

    Are your RemoteApps functioning properly?

    -TP


    2012年2月21日 19:44
    版主
  • Hi TP,

    Thank you for your help.

    >Are your RemoteApps functioning properly?

     I got the RemoteApps through a web single sign on internally. (installed hotfix Windows6.1-KB2524668 as some posts mention)

    But externally, I can not get single sign on to work  After I logon initially through RDWeb, I click one remoteapp such as Excel, I got this pop up screen again, no domain name and it's difficult for users to enter these info:

    What am I missing?

    (BTW, our internal domain name is mycompany.local and external DNS domain is mycompany.com)

    Thanks for your time and support.



    2012年2月21日 20:34
  • Hi,

    1. Are you always using full user name when logging on to RDWeb?  Example: domain\username

    2. On a problem external machine, close all IE windows, make sure iexplore.exe is not listed in task manager processes, disconnect any Remote Desktop connections, if the Remote Desktop icon is in the notification area right-click and choose Disconnect all.  Open IE, Safety--Delete Browsing History, uncheck Preserve Favorites website data, select Temporary Internet Files, Cookies, Passwords, click Delete.

    3. After deleting has completed browse to RDWeb, enter full user name and password, select This is a private computer, and test if WebSSO works for RemoteApps.

    Thanks.

    -TP

    • 已标记为答案 SGryzbowski 2012年2月22日 15:10
    2012年2月21日 21:32
    版主
  • Hi TP,

    By following your steps, it worked beautifully.

    once again, thank you for your time and support.

    .

    2012年2月22日 15:10