locked
RDS 2012 And Certificates - SAN RRS feed

  • Question

  • Hi

    Evaluating RDS on 2012,  I want to use Remote App to allow home workers to access one application

    This is a single server setup at the moment

    Server Name acmeVDI.acme.co.uk - This has RD Web Access, RD Gateway, RD Licensing, RD Connection Broker and RD Session Host installed and configured from the Evalusation download

    I have invested in a certificate from VeriSign for the trial,  FQDN of this is vdi.acme.co.uk with a subject alternative name of acmevdi.acme.co.uk The certificate all checks out in the Manage Certificates area,  all four entries are using the same Certificate

    This works perfectly within my network, I can connect via the Remote App and Desktop Connections control panel item and can also connect internally via the Web Interface with a url of https://vdi.acme.co.uk/rdweb/

    Externally,  I can connect to the web interface using the same URL, https://vdi.acme.co.uk/RDWeb/ ... but...

    I can then enter my username and password,  my list of published applications appears and I can then click on the app I want to launch.

    I'm prompted to open Open or Download the RDP file,  I select Open

    I then see the "Do you trust the publisher of this remote connection",  I say Connect

    The normal RemoteApp Starting screen appears with the name of My App shown, after a few seconds I get an error message titled "Remote Desktop Disconnected" 

    The message then reads "The computer can't connect to the remote computer because the certificate authority that generated the Terminal Services Gateway server's certificate is not valid.  Contact your network administrator for assistance"

    There is a View Certificate button, which shows my Verisign certificate is valid and the certification path is also valid

    Firewall is configured to NAT off HTTP and HTTPS traffic...and this is working to get this far

    I think I'm so close,  but what ever I try I get no success at this point connecting remotely,  the remote PC is not a domain PC and has never been.

    What do I need to check next please

    Thanks

    Monday, November 25, 2013 5:25 PM

Answers

  • Hi,

    Please make sure you are using the latest Remote Desktop Client available for the operating system version running on the client PC.  For best results you should be using Remote Desktop Client 8 (6.2.9200) or 8.1 (6.3.9600) when connecting to Server 2012.  For example, for XP please use the Remote Desktop Client 7 (6.1.7600).  If the RD client version is too old it will not work with a SAN certificate.

    Are you receiving the error message in your screen shot:  "This computer can't connect to the remote computer because the Terminal Services Gateway server address requested and the certificate subject name do not match. Contact your network administrator for assistance.", or are you receiving the error you mentioned in your text: "The computer can't connect to the remote computer because the certificate authority that generated the Terminal Services Gateway server's certificate is not valid.  Contact your network administrator for assistance"?

    Please note that you must use Remote Desktop Clients that at least support RDP 8.0 or you will not get the new performance enhancements and other features introduced with Server 2012 RDS.

    Thanks.

    -TP

    Monday, November 25, 2013 9:56 PM

All replies

  • Hi,

    Please make sure you are using the latest Remote Desktop Client available for the operating system version running on the client PC.  For best results you should be using Remote Desktop Client 8 (6.2.9200) or 8.1 (6.3.9600) when connecting to Server 2012.  For example, for XP please use the Remote Desktop Client 7 (6.1.7600).  If the RD client version is too old it will not work with a SAN certificate.

    Are you receiving the error message in your screen shot:  "This computer can't connect to the remote computer because the Terminal Services Gateway server address requested and the certificate subject name do not match. Contact your network administrator for assistance.", or are you receiving the error you mentioned in your text: "The computer can't connect to the remote computer because the certificate authority that generated the Terminal Services Gateway server's certificate is not valid.  Contact your network administrator for assistance"?

    Please note that you must use Remote Desktop Clients that at least support RDP 8.0 or you will not get the new performance enhancements and other features introduced with Server 2012 RDS.

    Thanks.

    -TP

    Monday, November 25, 2013 9:56 PM
  • This is making sense,  just got home and its working fine on my Win7 client, Mac OSX and iPhone,  so I will upgrade the client I was using earlier to confirm this is the problem and report back in the am

    thanks ;-)

    Al

    Monday, November 25, 2013 10:02 PM