Help needed with certificates for RDS Host servers


hi,

we have 4 rd session-host servers in our network. 4 servers member of ts farm. have ts gatway server.

i managed give tsgw server certificate need support on over rds servers.

what happens?

when user connects farm, warning pops telling me certificate not issued trusted ca. because rds servers using self signed certificates. because servers farm members user can presented warning several times when session being redirected.

how rid of these warnings in our lan on internet? certificate type need?

thanks in advance.

jasper kimmel

hi jasper,

server os environment?
yeah, certificate related warnings can disappear purchasing certificate public ca. access farm outside environment can buy wildcard certificate. , yes, related queries solved article provide in previous comment.

the easiest way certificate, if control client machines connecting, use active directory certificate services.  you can request , deploy own certificates , trusted every machine in domain.  

if you're going allow users connect externally , not part of domain, need deploy certificates public ca.  examples including, not limited to: godaddy, verisign, entrust, thawte, digicert

in windows 2008/2008 r2, connect farm name, per dns round robin, gets first directed redirector, next connection broker , server host session.

in windows 2012, connect connection broker , routes collection using collection name.  

the certificates deploy need have subject name or subject alternate name matches name of server user connecting to.  so example, publishing, certificate needs contain names of of rdsh servers in collection.  the certificate rdweb needs contain fqdn of url, based on name users connect to.  if have users connecting externally, needs external name (needs match connect to).  if have users connecting internally rdweb, name needs match internal name.  for single sign on, again subject name needs match servers in collection. (quoted previous article).
apart there 1 more article kristin, can go through reference.

hope helps!

thanks.

dharmesh solanki

please remember mark replies answers if , unmark them if provide no help. if have feedback technet support, contact tnmff@microsoft.com.



Windows Server  >  Remote Desktop Services (Terminal Services)



Comments

Popular posts from this blog

WIMMount (HSM) causing cluster storage to go redirected (2012r2 DC)

Failed to delete the test record dcdiag-test-record in zone test.com

Azure MFA with Azure AD and RDS