locked
certificate & Trust issues while accessing RDS session RRS feed

  • Question

  • We have deployed RDS 2016 and configured self-signed certificates for rds session. however when we access the website internally we get the pop-ups like show in the below images.

    1. Do you trust the publisher? is this normal?

    2. everytime we click on an app it downloads as an .rdp extension. is there a way for the app to open directly on click rather than download all the time?

    3. https showing "not secure"

    4. "your connection to this site is not secure"

    5. certificate showing invalid

    6. certificates on RDS server shows "Trusted" & "Ok"

    Friday, May 11, 2018 7:31 AM

Answers

  • We have deployed RDS 2016 and configured self-signed certificates for rds session. however when we access the website internally we get the pop-ups like show in the below images.

    1. Do you trust the publisher? is this normal?

    2. everytime we click on an app it downloads as an .rdp extension. is there a way for the app to open directly on click rather than download all the time?

    3. https showing "not secure"

    4. "your connection to this site is not secure"

    5. certificate showing invalid

    6. certificates on RDS server shows "Trusted" & "Ok"

    Self-signed certificates should not be used for RDS deployment purposes except if you are doing quick test and you don't have access to certificate issued by trusted public authority.  Answers to your questions below:

    1. Yes, this prompt is normal.  You can suppress it by enabling below group policy setting on the client PCs and entering the thumbprint of the certificate that is used for signing:

    Computer Configuration\ Administrative Templates\ Windows Components\ Remote Desktop Services\ Remote Desktop Connection Client\

    Specify SHA1 thumbprints of certificates representing trusted .rdp publishers     Enabled

    2. The behavior depends on the browser.  For example, in Chrome, if you download the .rdp file and click the up arrow next to the file there is an option to have Chrome automatically open the file.  If the user chooses this it will open it each time instead of the default download behavior.  If the end user uses IE with the ActiveX add-on Allowed, the connection will open by clicking.

    3. This is most likely caused by use of self-signed certificate.  You may click on the Certificate (Invalid) link as shown in your screenshot for more info.  Please make sure certificate has been imported into the client PC's Local Computer\ Trusted Root Certification Authorities store using certlm.msc or other technique.  This isn't necessary when using certificate issued by trusted public authority such as Thawte, Comodo, Let's Encrypt, GoDaddy, DigiCert, GeoTrust, etc.

    4. Same as #3

    5. See #3 above

    6. Just because certificates show as Trusted in RDS deployment properties doesn't mean the client PCs trust them.  You should be using certificates issued by a trusted public authority.

    -TP

    Friday, May 11, 2018 9:43 PM