none
Publisher of this remote connection can't be identified

    Question

  • I have an environment that is exploding into about 3000+ virtual Windows 7 PCs across 14 Windows 2008R2 and Windows 2012R2 clusters and users sitting at Wyse thin clients running Win7e.  We were using the connection broker in Windows 2008R2 but that was a pain and when we started upgrading to Windows 2012R2 server to host the virtual PCs the broker changed and in general Microsoft's brokers didn't work too well especially if a cluster member crashed (Win2008R2) and all the VMs abandoned ship, the broker did not know how was hosting the VMs now and you'd get errors trying to connect.....

    We designed our own broker, a simple webpage that asks the user their username, looks it up in the tsMSPrimaryDesktop field like Windows 2008R2's connection broker used to.  This is also the field under the Personal Virtual Desktop tab in AD Users and Computers.  Since we just use the Hostname of the virtual PC it works across all the clusters no matter the version.  The webpage does some other stuff like ping your virtual to make sure it's online, see if the user account is locked, etc but in general it then simply generates an .RDP file (with our preset settings), sticks the PC name in the "full address" line and also drops in the username supplied previously to "username" line (why ask the user twice).

    Problem is the "Publisher of this remote connection can't be identified" popup.  This entire environment is a closed network, NO internet access whatsoever.  

    I've seen articles talking about using certificats to sign the RDP files and such but I have ONE .RDP that is "generated" on the fly called GOTOMYPC.RDP.  This .RDP actually contains simple ASP code and the IIS server is told to run *.RDP files through the ASP compiler so when the users thin client sees it it knows the default app for an .RDP file is MSTSC.

    Can't I just set a setting on the thin clients in the registry that we don't care don't check for certificates or whatever?  Similarly the way you can tell IE "Don't do certificate revocation checks" etc...  Making 3000 RDP files that are signed does not seem like a logical solution.


    -------------------- Joe O'Bremski

    Saturday, May 10, 2014 7:03 AM

All replies

  • Hi joe,

    Thank you for posting in Windows Server Forum.

    Please check that you have properly configured certificate in your environment. For a try you can enable Specify SHA1 thumbprints of certificates representing trusted .rdp publishers group policy setting for your client PCs. By doing this it will remove the warning which user will receive for trusted certificate also. You can find this setting under below path.

    <computer> | < user>\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client

    Please check beneath article for additional information.
    How to resolve the issue: “A website wants to start a remote connection. The publisher of this remote connection cannot be identified.”
    http://blogs.msdn.com/b/rds/archive/2011/04/05/how-to-resolve-the-issue-a-website-wants-to-start-a-remote-connection-the-publisher-of-this-remote-connection-cannot-be-identified.aspx

    Hope it helps!

    Thanks.


    Dharmesh Solanki

    Tuesday, May 13, 2014 2:59 AM
    Moderator
  • Please check that you have properly configured certificate in your environment. For a try you can enable Specify SHA1 thumbprints of certificates representing trusted .rdp publishers group policy setting for your client PCs.

    There in lies the problem.  This is a on a completely disconnected from the internet Intranet using Wyse Windows 7 Embedded thin clients.  There is no certificates, certificate serer or a need for any encryption on this network.  I just want it to connect without a popup.

    -------------------- Joe O'Bremski

    Tuesday, November 04, 2014 11:33 PM