none
secure remote desktop connection RRS feed

  • Question

  • hi all ,

    i try to secure my remote desktop connection in my environment  so i read on Microsoft doc how to generate a certificate to remote connection https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn781533(v%3Dws.11)

    an i applied it through GPO policy as the described but now when I connect to my servers through server names the my new certificate work and if i connect to my server through server IP i get the self signed certificate what could be the issue

    Thursday, September 19, 2019 7:04 AM

All replies

  • The issue is that certificate is issued to DNS name, not IP address. Therefore, you have to use DNS names only and forbid connections by IP.

    Vadims Podāns, aka Crypt32
    My weblog: www.sysadmins.lv
    PowerShell PKI Module: PSPKI
    Check out new: SSL Certificate Verifier
    Check out new: ASN.1 Editor tool.

    Thursday, September 19, 2019 11:20 AM
  • Hello,
    Thank you for posting in our TechNet forum.

    I agree with Vadims.

    From the link we provoded above, we can see:

    The certificates you deploy need to have a subject name or subject alternate name that matches the name of the server that the user is connecting to. For example, for Publishing, the certificate needs to contain the names of all the RDSH servers in the collection. The certificate for RDWeb needs to contain the FQDN or the URL, based on the name the users connect to. If you have users connecting externally, this needs to be an external name (it needs to match what they connect to). If you have users connecting internally to RDWeb, the name needs to match the internal name. For Single Sign On, the subject name needs to match the servers in the collection.

    Meanwhile, for certificate template, we can see:




    And if we view the issued certificates on CA, we can see the certificates are issued to DNS name or FQDN of machine.




    For reference:
    Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services





    Best Regards,
    Daisy Zhou


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 20, 2019 2:42 AM
    Moderator
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, September 23, 2019 10:12 AM
    Moderator
  • Hi,
    I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.

    Thanks for your time and have a nice day!


    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 25, 2019 3:53 AM
    Moderator