RDS 2012 Gateway , no domain prompt
Is there a way, that when you have install RD WB and RD GW on same server, that user is not ask for additional credentials, when accessing published application.
Hi,
Have you enter the FQDN name of server under “Allow delegating default credential” policy setting as shown in that article.
Apart for your reference you can check beneath article.
Single credential prompt for TS Gateway Server and Terminal Server
http://blogs.msdn.com/b/rds/archive/2007/05/04/single-credential-prompt-for-ts-gateway-server-and-terminal-server.aspx
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Similar Messages
-
Users see all applications in RDS 2012 Web access in one-way trust domain environment
Hello!
We have RDS 2012 deployment in domainA.local. There is a one-way trust between domainA.local and domainB.local: A trusts B and B doesn't trust A.
A user from domainB.local authenticates in Web-access interface (wa.domainA.local) and sees
every published application in every collection in the deployment independently of UserGroups setting of collections and applications. This occurs for any domainB user.
In the security log of wa.domainA.local we can find an event :
An account failed to log on.
Subject:
Security ID: IIS APPPOOL\RDWebAccess
Account Name: RDWebAccess
Account Domain: IIS APPPOOL
Logon ID: 0x2C7B16
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name:
Account Domain:
Failure Information:
Failure Reason: An error occurred during logon
Status: 0xC000005E
Sub Status: 0x0
Also in network trace on wa.domainA.local kerberos error could be found:
On TGS-REQ for krbtgt/[email protected] there is an answer: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (7), server name krbtgt/domainB.
How to deal with this issue? The aim is to show only specified applications to domainB users.
Any help would be appreciated.Hi,
Thank you for your posting in Windows Server Forum.
Please check below links might useful for your case.
“After adding the RDS server’s computer account to the Builtin Windows Authorization Access Group domain group, the RemoteApp icons displayed perfectly.” (Quoted from
this article)
1. Remote APP list empty
2. RD
Web Access unable to access Source (RD Server)
In respect to Kerberos Error, refer this link for troubleshooting.
1. Troubleshooting Kerberos Authentication problems – Name resolution issues
2. Kerberos Authentication problems – Service Principal Name (SPN) issues - Part 2
Hope it helps!
Thanks,
Dharmesh -
2 Separate RDS 2012 R2 Deployments in Same Domain ?
We have a current RDS 2012 R2 deployment. We are changing hosting vendors and want to completely redo the entire deployment (rather than try to migrated the VMs). What is the best way to go about this?
We do want to continue to use the GPO and user files will be migrated. How can we have the prod and dev RDS environments coexisting on the same domain?
Just to clarify, we do not want to use any of the existing infrastructure because it is all going to go away. Thank you!Hi,
Thank you for posting in Windows Server Forum.
I thinks that good way to start for new environment without any mixing up. Yes, everything can be setup under same domain. For common domain environment,
You can buy one single wildcard certificate with domain name which can be used for all roles. As in domain joined environment, we can use to have them both RDS server use the same RD Gateway. For this we need to enter the same FQDN of working RDG into the Deployment
properties of the second deployment.
There are several other points which need to check, you can refer following article for depth understanding and configuration.
1.Step by Step Windows 2012 R2 Remote Desktop Services – Part 2
2. How To Work with RD Gateway in Windows Server 2012
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support -
RDS 2012 R2 cannot add 3rd party (parent domain) licensing server
Hi,
I have a RDS 2012 R2 farm and i cannot add a 3rd party licensing server that is in a parent domain (forest root domain - hosted by our corp HQ). I will edit deployment properties for the deployment in the first CB server to add a licensing server in per
user mode. Seemes to work, however no licenses are given to SH servers. Have made GPO aswell to explicitly specify licensing server and mode, however i think this should not be neccessary.
Any ideas?
This posting is provided "AS IS" with no warranties or guarantees and confers no rightsHi,
Thank you for posting in Windows Server Forum.
1. In Server Manager -- RDS -- Overview -- Tasks -- Edit Deployment Properties -- RD Licensing tab, please make sure that the Licensing mode is set to match the type of licenses you purchased, and that the FQDN of your RD Licensing server is listed.
2. In Server Manager -- RDS -- Collections -- <your collection> -- Host Servers, please make sure that your RDSH server is listed. If you have more than one server with the RDSH Role Service in your deployment make sure that all of them are
listed. If they are not you may click Tasks -- Add RD Session Host Servers (make sure the servers are part of the Server Manager server pool prior to this).
3. On Server 1, please open an Administrator PowerShell prompt and enter the following command:
Add-WindowsFeature RDS-Licensing-UI
4. After the above powershell command completes you should be able to open RD Licensing Manager (licmgr.exe) on Server 1 if you need to. Please note that it is more important to have the licensing configured properly in deployment properties and your
RDSH servers part of a collection than it is to be able to open RD Licensing Manager on both of your servers.
(Above one quoted from beneath thread)
Source:
RDS 2012 Can't add a licensing server
In addition, check below article.
RD Licensing Configuration on Windows Server 2012
Hope it helps!
Thanks.
Dharmesh Solanki -
Hi all,
In a RDS 2012 R2 setup, is it possible to have two independant gateways (not HA)? One gateway would answer to gateway.xyz.com and the other would answer to gateway.abc.com. This setup would require two different certificates. Is this possible?
Thanks,
JesmatHi Jesmat,
Yes, you should be able to use multiple independent RD Gateways with a single RDS deployment, however, there are limitations and additional configuration steps. For example, you cannot use Server Manager or the powershell commands to assign the certificate
to the RD Gateways since you need to have different certs on each, instead use RD Gateway Manager. Another thing is if you plan on using RDWeb or the Feed then you need to have each RDG serve separate collections, and on each collection you need
to set a custom rdp property using powershell so that you can have a different FQDN for the RDG on each.
I'm sure there are other considerations that are specific to your use case that will affect how you set things up. Please keep in mind that your intended scenario is not one of the standard ones so you will need to plan things a bit more and you may
notice different behavior than expected.
-TP -
I have RDS 2012 Setup with Two gateways in DNS RR and 2 Session Hosts and all woks fine
GW1 - Gateway 1
GW2 – Gateway 2
RDSH1 – Session Host 1
RDSH2 – Session Host 2
Connection Broker in HA
I need the Below to be setup
All Application hosted on RDSH1 should go via GW1 ( Gateway 1 )
And
All Application hosted on RDSH2 should go via GW2 ( Gateway 2 )Hi,
Thank you for posting in Windows Server Forum.
Please read below for clarification.
When a user connects through the RD Gateway server, the gateway server will initially connect the user to one of the RD connection broker servers in order for the broker to determine what server or desktop the user will be connecting to. When HA is enabled
for the farm, the gateway server will try to connect the user to the brokers using the DNS Round Robin name when HA was configured for the farm. By default, the DNS name used is not on the gateway’s allowable resource list for users to connect to. So for any
user trying to connect to the farm through the RD Gateway, their access will be denied. To get around this, we will simply need to add a new resource authorization policy which will users to access resources through the gateway server using the designated
DNS round robin name.
We can do add the server\computer name under RD Gateway Managed Group. you can get ore information below.
Configuring the RD Gateway Server for a 2012 RDS farm with HA enabled for the RD Connection Brokers
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support -
RDS 2012 Connection Broker and Web Access in different domains
Hello!
I'm trying to add Web Access (WA) server to RDS 2012 Deployment. WA server and other servers in Deployment are in different domains (in different forests with 2-way forest trust).
WA server was added to Deployment
successfully without any warnings.
We have many applications published but in this new WA server there are no application icons in Rdweb page at all.
There is nothing interesting in logs on WA server as well as on Connection broker servers.
Is this design
acceptable? Which additional actions are needed to make application icons visible?Hi,
Please refer below links and cross verify the Web Acess server settings.
http://blog.kristinlgriffin.com/2010/03/rd-web-access-is-emply.html
http://social.technet.microsoft.com/wiki/contents/articles/5974.the-case-of-invisible-remoteapp-programs-a-k-a-no-remoteapp-programs-listed-on-rd-web-access-site.aspx
Regards,
Manjunath Sullad -
RDS 2012 - Using a reverse proxy with the Gateway server on the internal LAN
Hi there,
I'm looking to introduce an RDS 2012 farm and would like to put the RDS Gateway server on the internal LAN (due to it's AD requirements etc).
What are the best practise options for using a reverse proxy to forward traffic to the gateway server and is it better to do this than just forward 443 traffic from the DMZ through to the Gateway directly?
Thanks,
Paul.Hi Paul,
It is generally considered more secure to have a reverse proxy in front of RDG. I don't know of a proxy that will handle the RDG UDP traffic, so you will need to consider using direct server return for that or not having the benefit of UDP. Whether
or not it is acceptable to simply forward TCP 443/UDP 3391 directly to your internal RDG is up to your security policies. Many companies are fine with it while many other companies think it is unacceptable and require a reverse proxy or other method
to provide an extra layer of protection.
-TP -
RDS 2012 - Certificate Mistmatch
I am getting the most annoying error with my RDS 2012 Setup.
certificate mismatch and double password prompts when trying to connect to my RDS setup.
I have tried all that's out there and have got no positive results.
All roles are on identical on 2 servers. the RDCB is in HA Mode.
I keep getting the Certificate mismatch error.
Already have a public or external SAN certificate assigned to all roles.
Ran the powershell and wmi query to ensure the correct url is used when connected to gateway but I still get the double prompt when launching the remoteapps.
I even tried the approach by cleaning IE's history, data to get the RDPSHplugin and its not helped in my case.
All servers run 2012.
I need some urgent assistance, please and thank you
I have also checked and rebooted the RDS environment multiple times.
All certs show valid. the mismatch also goes to another cert in my environment which is utilized by OWA.
Please help me.I downloaded the script to C:\ and tried running it - no luck
PS C:\> .\Set-RDPublishedName.ps1 "remote.domain.com"
Security warning
Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your
computer. Do you want to run C:\Set-RDPublishedName.ps1?
[D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"): R
iwmi : Privilege not held.
At C:\Set-RDPublishedName.ps1:9 char:11
+ $return = iwmi -class "Win32_RDMSDeploymentSettings" -namespace "root\CIMV2\rdms ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Invoke-WmiMethod], ManagementException
+ FullyQualifiedErrorId : InvokeWMIManagementException,Microsoft.PowerShell.Commands.InvokeWmiMethod
I also tried it from the other HA RDCB server.
PS C:\> .\Set-RDPublishedName.ps1 "remote.domain.com"
Security warning
Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm
computer. Do you want to run C:\Set-RDPublishedName.ps1?
[D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"): R
Set-RDClientAccessName : A valid fully qualified domain name (FQDN) for the server was not specified.
At C:\Set-RDPublishedName.ps1:22 char:1
+ Set-RDClientAccessName -ConnectionBroker $ConnectionBroker -ClientAccessName $Cl ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Set-RDClientAccessName
I also tried is this way-
PS C:\Users\administrator.TBCL\Downloads> .\Set-RDPublishedName.ps1
Security warning
Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your
computer. Do you want to run C:\Users\administrator.TBCL\Downloads\Set-RDPublishedName.ps1?
[D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"): R
cmdlet Set-RDPublishedName.ps1 at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
ClientAccessName: remote.domain.com
iwmi : Invalid namespace
At C:\Users\administrator.TBCL\Downloads\Set-RDPublishedName.ps1:9 char:11
+ $return = iwmi -class "Win32_RDMSDeploymentSettings" -namespace "root\CIMV2\rdms ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Invoke-WmiMethod], ManagementException
+ FullyQualifiedErrorId : InvokeWMIManagementException,Microsoft.PowerShell.Commands.InvokeWmiMethod -
RDS 2012 R2 - RemoteApp - Certificate Mismatch
Hi!
We have a newly built RDS 2012 R2 setup.
It consists of the following:
1 x Server with the Gateway and the Web Access role
2 x Servers running a Connection Broker HA cluster
3 x Servers running as Session Hosts
The internal domain name is example.local
We have purchased a wildcard certificate for the entire setup. (called *.example.com)
An external DNS record - RDS.example.com - has been created and it NAT to the Gateway and Web Access server.
We have used the script from
https://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80 to publish the FQDN. The name we have publised is Broker.example.com. We have created a split-brain DNS internally so that the clients can resolve external names internally.
Whenever we try to launch a RemoteApp externally we get the dreaded "Name mismatch" (and it takes about 30 seconds before we get the prompt):
Any ideas how to solve this issue?Hi TP.
Thank you for your advice.
I've updated the Windows 7 client to RDP 8.1 and it did the trick! Thank you.
But we have several external users - and we don't have any chance of controlling if they are running RDP 8.1. I tried to import the wildcard certificate to all RDSH servers
- using the script in this link: https://social.technet.microsoft.com/Forums/windowsserver/en-US/475fb55f-e394-45d9-a6bd-a37e2a5fe86c/rds-2012-session-host-certificate-assignment?forum=winserverTS
However - that is when I see the "Name mismatch" warning when launching a RemoteApp (as mentioned in my original post). I suppose this is because the certificate is valid
only for *.example.com - and not for *.example.local?
Is there any solution to this? -
Certificate Requirement for Microsoft RDS 2012
Hi All,
I planning to deploy RDS VDI and remote app service, Please help me to understand the certificate
requirement for server authentication, publication, SSO , etc.
Internet URL is
https://RDSVDI.domain.net
My servers are in .local
RD Licensing Server--------RDSLICSVR.Domain.LOCAL
RD Connection Broker-----RDSCB.Domain.LOCAL
RD Web Access------------RDSWEBSVR.Domain.LOCAL
RD Session Host-----------RDSSHSVR.Domain.LOCAL
RD Visualization Host-------RDSVHSVR.Domain.LOCAL
RD Gateway Server -------RDGWSVR.Domain.LOCAL
What kind of Certificate do i required to launch Desktop and RemoteApp without any error.Hi,
1. I would recommend a wildcard certificate (*.domain.net) purchased from a trusted public authority such as GoDaddy, VeriSign, Thawte, etc. This wildcard certificate would be used for all RDS purposes.
2. On the internal network you will need to create a DNS zone for domain.net with A records pointing to the private ip addresses, similar to the following:
rdsvdi.domain.net --> private ip address of your RD Web server
rdscb.domain.net --> private ip address of your RD Connection Broker
rdsgwsvr.domain.net --> private ip address of your RD Gateway server (this is only needed if you want to use RDG for internal users)
3. On the Internet you will need DNS records similar to the following:
rdsvdi.domain.net --> public ip address for your RD Web server
rdgwsvr.domain.net --> public ip address for your RD Gateway server
4. You will need to change the published FQDN for your RDS deployment to rdscb.domain.net using the cmdlet below:
Change published FQDN for Server 2012 or 2012 R2 RDS Deployment
http://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80
5. You may need to modify your RD RAP in RD Gateway Manager. For example, you could edit the properties of the RD RAP, Network Resource tab, and select Allow users to connect to any network resource.
6. You should make sure that all client PCs have RDP 8.1 Client (6.3.9600) installed for best results connecting to Server 2012 R2.
7. For domain-joined PCs you may choose to set the SHA thumbprint of your certificate via group policy setting so that they will not be prompted when launching RemoteApps.
8. It is preferred for users to use IE to connect to RD Web Access and select the Private option if possible (as long as the PC is not public). When prompted they should Allow the Activex control to run.
-TP -
Best practice for RDGW placement in RDS 2012 R2 deployment
Hi,
I have been setting up a RDS 2012 R2 farm deployment and the time has come for setting up the RDGW servers. I have a farm with 4 SH servers, 2 WA servers, 2 CB servers and 1 LS.
Farm works great for LAN and VPN users.
Now i want to add two domain joined RDGW servers.
The question is; I've read a lot on technet and different sites about how to set the thing up, but no one mentions any best practices for where to place them.
Should i:
- set up WAP in my DMZ with ADFS in LAN, then place the RDGW in the LAN and reverse proxy in
- place RDGW in the DMZ, opening all those required ports into the LAN
- place the RDGW in the LAN, then port forward port 443 into it from internet
Any help is greatly appreciated.
This posting is provided "AS IS" with no warranties or guarantees and confers no rightsHi,
The deployment is totally depends on your & company requirements as many things to taken care such as Hardware, Network, Security and other related stuff. Personally to setup RD Gateway server I would not prefer you to select 1st option. But as per my research,
for best result you can use option 2 (To place RDG server in DMZ and then allowed the required ports). Because by doing so outside network can’t directly connect to your internal server and it’s difficult to break the network by any attackers. A perimeter
network (DMZ) is a small network that is set up separately from an organization's private network and the Internet. In a network, the hosts most vulnerable to attack are those that provide services to users outside of the LAN, such as e-mail, web, RD Gateway,
RD Web Access and DNS servers. Because of the increased potential of these hosts being compromised, they are placed into their own sub-network called a perimeter network in order to protect the rest of the network if an intruder were to succeed. You can refer
beneath article for more information.
RD Gateway deployment in a perimeter network & Firewall rules
http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
SCOM 2012 Gateway fails to communicate - Certificate Problem?
Hello SCOM Guru's
I wonder if someone out there may be able to help.
I have two (non-trusted) domains - both hosted in
Azure. See graphic below (a picture paints a thousand words!)
Just to put some context around the diagram - I have a two domains, the left-hand side contains the SCOM MS and the right-hand side is a non-trusted domain hosting the SCOM GW. The idea is that I want computers (agents) from the right-hand side domain to
be able to talk back to the SCOM MS vai the SCOM GW.
In a nutshell I have followed some great 'how to' guides - for instance:
http://blogs.technet.com/b/pfesweplat/archive/2012/10/15/step-by-step-walkthrough-installing-an-operations-manager-2012-gateway.aspx
After hours of messing around I still cannot get my Gateway Server to talk successfully back to the SCOM Management Server in the other domain. I have deployed my own Certificate Authority and followed documentation to put the relevant Certs on both
servers. I have checked all Certs and they report 'The certificate is OK'.
Also I can confirm that the MOMCertImport tool was run on both the SCOM MS and SCOM GW server (I did the MS 1st and GW 2nd) - both returned a 'Success' cmd prompt. I have also rebooted both servers - to restart all relevant SCOM Services.
On the Azure VMs I have allowed TCP 5723 on both servers. Additionally, the SCOM MS can resolve the SCOM GW server in the other domain via a HOSTS file entry (and vice-versa). I have tested connectivity using
telnet <FQDN> 5723 (both ends seem to connect). No internal Windows Firewalls are enabled on any servers.
The cluster of errors reported by the
SCOM Gateway server are (first to last):
20057: Failed to initialize security context for target MSOMHSvc/SCOM-01.DOMAIN.local The error returned is 0x80090303(The specified target is unknown or unreachable). This error can apply to either the Kerberos or the SChannel package.
21001: The OpsMgr Connector could not connect to MSOMHSvc/SCOM-01.DOMAIN.local because mutual authentication failed. Verify the SPN is properly registered on the server and that, if the server is in a separate domain, there is a full-trust
relationship between the two domains
20071: The OpsMgr Connector connected to SCOM-01.DOMAIN.local, but the connection was closed immediately without authentication taking place. The most likely cause of this error is a failure to authenticate either this agent or the
server . Check the event log on the server and on the agent for events which indicate a failure to authenticate.
The same events repeat every 15 mins in the Operations Manager event log - and thus the SCOM Gateway remains 'Not Monitored'.
I don't get any relevant Events logged from the SCOM MS side - I guess cos it's not even got that far / authenticated?
I'm sure this is a Certificate type of problem but I'm really not sure where I go from here - any suggestions?
Many thanks
DarrenHi,
Check this post:
Solving the Gateway 20071 event
http://michelkamp.wordpress.com/2012/01/05/solving-the-gateway-20071-event/
and this: Event ID 21001 and 20057 on SCOM agents - duplicate SPN:
http://blogs.technet.com/b/kevinholman/archive/2011/08/08/opsmgr-2012-what-should-the-spn-s-look-like.aspx
Similar answer has been provided by DKTOA Here:
https://social.technet.microsoft.com/forums/systemcenter/en-US/05019b70-73a3-4a37-993b-66b607f3c222/scom-2012-gateway-server-isses-20057-21001-20071-ids
Did it solve your problem?
Regards
Jure
Jure Labrovic | Blog -
Hi all,
This is my setup :
RDS 2012 R2
Two connection brokers setup in HA: FQDN = RDCB.Internaldomain.com
Two Web Access servers for internal user setup with DSN Round Robin so I can have a basic HA: FQDN = InternalWA.internaldomain.com
Two Gateway servers in HA: FQDN:
RemoteGW.InternalDomain.com
Both Gateway server have RD Web Access installed and using DNS Round Robin to have a basic HA): FQDN
RemoteWA.ExternalDomain.com
My company will not approve having a trusted wildcard certificate. So, in the “Edit Deployment Wizard”, I was thinking of deploying
one public (and trusted) SAN certificate containing all the above FQDNs to all the Role Services (RD Connection Broker –Single Signon, RD Connection Broker -
Publishing, RD Web Access and RD Gateway).
Will this be ok or do I need to add other FQDNs to the certificate (for example the FQDN of all the Session Host servers)?
Best regards,
Jesmat.Hello,
In your FQDN did you forget to add a "." as : RDCB.Internaldomain.com
and RemoteWA.ExternalDomain.com
are 2 different domain names
The SAN option i thiink will not be liable here . Except if you use self signed for your internal connection ans
the san for the external one.
refer to :http://en.wikipedia.org/wiki/Wildcard_certificate
But i cannot confirm that the san certificate will be allowed on the gateways.
Hope it helps
Fred -
Hi,
I have set up an RDS 2012 R2 deployment for internal use. I plan to add a gateway server cluster for external access later (RDGW). That cluster will be placed in DMZ and use a public wildcard cert. It will connect external users to the farm. Internal or
Direct Access (DA) users will use the Web Access servers to connect internally in the corp. LAN.
For now, i have the following setup. Web Access role on 2 servers with DNS RR (RDWA). 2 clustered Connection Broker servers (RDCB), two Session Hosts (RDSH) and one licesning server. So a total of 7 servers (+ 2 GRGW servers in DMZ that are not set up
yet).
So, the issue is; I need to set up certificates. We have a CA in an AD top domain (our site is a sub.domain.com). We do not have access to that CA and need to order certs. from our corp. HQ. Ok, but what do i ask for? I need 3
DER encoded binary X.509
certs. That's the info i have. How can create a cert. request? See pictures below.
This posting is provided "AS IS" with no warranties or guarantees and confers no rightsHi,
Thank you for your posting in Windows Server Forum.
Can you exactly let us know which certificate you want for your network (Self-signed or SSL)?
As per my suggestion you can use wildcard or SAN certificate for your network which can be used for external network also.
If you want Self-signed certificate for internal use, you can create the certificate from Deployment properties of RDS page or IIS Manager as per below path.
IIS Manager>Server Certificate>Create Self-Signed Certificate>Export the certificate on specified location then select the certificate in RDS installation process.
But see that, the certificate is installed into computer’s “Personal” certificate store with its corresponding private key & it’s added under trusted root certificate authority.
Please check below articles for detail.
1. Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
2. Configuring RDS 2012 Certificates and SSO
3. Minimum Certificate Requirements for Typical RDS implementation
Hope it helps!
Thanks.
Dharmesh Solanki
Maybe you are looking for
-
OnStatus returns wrong codes??
I'm using the following code to record a stream on the server side,,,,,,the problem is onStatus only reports NetStatus.data.start and no other codes i don't even know what the code it does returns means as it is undocumented .....how can i make onSta
-
Trying to install Nokia Messaging but keeps coming...
Im trying to install the new Nokia Messaging on a brand new E63 with firmware 200.21.012. I register in the web page for Nokia Messaging but the SMS with the download link never comes, so when I try to download it from my mobile browser, it installs
-
Navigator transition animation more like android default background animation
Hi, I'm building an mobile Air app for my tablet. This app has multiple screens and the user will be navigating through them a lot. I'm using the navigator push and pop views to accomodate this. this works perfectly with all the default animations. M
-
Hi all, I have generated an abap proxy based on a ripository interface. How can i edit/copy the abap-code of this proxy? Thx, Philip
-
Everytime I tried to empty my trash my eMac froze. So decided I would wipe everything off my eMac. Reinstalled applications and Classic support first and then reinstalled Mac OS X. Realised I did this is wrong order (supposed to be Mac OS X first and