RDS Farm certificate confusion

Similar Messages

• Best practice for licence server for RDS Farm & Certificate errors

  Hello,
  I am in the process of creating an RDS farm using Server 2008 R2.  I have three Session Hosts and a Connection Broker.
  I have a set of 10 user CALs available and also another 20 on our current RDS server which will need migrating once we go live with the farm.
  I understand the User CALs need to be installed on another Server 2008 R2 and I am wondering what is best practice.  We are running on an entirely virtual environment and it would be simple enough to create another server and install the CALs on there. 
  The only issue with that is that I would need to create a replica of this new machine for DR purposes, but this would take up valuable space which may not be necessary.
  We are planning on creating replicas of one of the Session hosts and the broker for DR, so I am guessing I would need to install some CALs on the Session Host which is going to be replicated.
  There are a few options and I am just wondering what is the best way to go about things.
  Also, as an aside, I am getting an annoying certificate error each time I log a test user onto the RDS farm - I think this is because I am using the DNS alias of the RDS Farm to log on. Is there an easy way to get around this, other than the 'Do not show
  this message again'. I have been doing some research and the world of Certificates is very confusing!!
  Thanks,
  Caroline
  C.Rafferty

  Hi Caroline,
  Firstly for your License related issue, you can perform the step on any VM or can create the new VM as replica for RDSH server also. But please be sure that you have installed RD License server on it, activate it and then install RDS CAL on it. But be safe
  if possible don’t install RD License server with RDCB, please make that out of it as little away. As you can also install RD License server with AD or make replica of that and install RDL on that.
  Best practices for setting up Remote Desktop Licensing (Terminal Server Licensing) across Active Directory Domains/Forests or Workgroup
  http://support.microsoft.com/kb/2473823
  What’s the specified certificate error which you are receiving?
  If you're going to allow users to connect externally and they will not be part of your domain, you would need to deploy certificates from a public CA. In meantime you can refer blog for getting insight for certificate case.
  Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
  http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Server 2012R2- RDS Farm Certificate Miss-Match on Session Hosts

  Hi Guys,
  I've another RDS2012R2 issue. Internal and external domains do not match. External: domain.com.au; Internal: domain.com.net.
  I'm getting certificate miss-match errors when connecting to the Farm/RemoteApps.
  I have performed the follow fixes:
  Change published FQDN for Server 2012 or 2012 R2 RDS Deployment (http://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80). This resolved the original issue where I was getting a certificate miss-match error externally
  for the FQDN of the server.
  Updated the RDP-Tcp certificate used on the Session Host Servers. This was to resolve an issue where using mstsc to RDP to the farm externally(via gateway) would give a Certificate is not trusted error on the RDSH side.
  Now whenever RDWeb is used to launch a RemoteApp or the farm, I get a certificate miss match error as the RDSH server is called RDS1-TCC.domain.com.net and the certificate is for remote.domain.com.au.
  I rolled back the last change so that RemoteApps and the Farm would work successfully internally without certificate issues. How do I go about resolving the certificate errors?
  For extra background details see my orignal thread, It was marked as answered when only 1 out of 2 issues was resolved. http://social.technet.microsoft.com/Forums/windowsserver/en-US/b664ddaf-6c11-49e2-8a69-0df3b8ef13a1/server-2012r2-rds-farm-with-xp-and-windows-vista-clients?forum=winserverTS
  Cheers,
  Ben

  Hi Ben,
  Thank you for posting in Windows Server Forum.
  In your case, I can suggest you to check that the certificate must match the FQDN of the server. If you are creating SSL certificate then it must be signed by trusted authority and also the certificate must be stored under “local computer/personal store“.
  Also you can buy the certificate from 3rd party which is wild card certificate and only 1 certificate can be used for your network. Please check below links for more information regarding certificate issue.
  1. Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
  2. Configuring RDS 2012 Certificates and SSO
  3. Windows 2012 RDS Certificate mismatch
  Hope it helps!
  Thanks,
  Dharmesh

• External users cannot connect to RDS Farm (Azure).

  Hi Experts,
  I hope someone is able to help me with this. I have search high and low, but have not found a solution.
  Here we go:
  I have setup a RDS Farm in Microsoft Azur, consisting of the following servers:
  KRPDC01 (Domain Controler / Active Directory / DNS Server)
  KRPSH01 (Remote Session Host #1)
  KRPSH02 (Remote Session Host #2)
  KRPCB01 (Connection Broker)
  I have installed the respective Remote session roles on the above server and added my group of users to the "Remote Desktop Users" group on each Session Host server.  
  At first glance it seems to work. I seem to be able to connect to the farm with the first user. But most of the times, when a second users tries to connect to the same farm, then login hangs for a time, and the connection is refused with this message:
  "Remote Desktop cannot connect to the remote computer for one of the following reasons:
  1) Remote Access to the server is not enabled
  2) The Remote Computer is turned off
  3) The Remote Computer is not available on the network
  Make sure that the remote computer is turned on and connected to the network, and that remote access is enabled."
  Sometimes not even the first user can connect to the farm at all with the same error message.
  I have looked into the logs on the connection broker, and something interesting shows up.
  It seems that whenever the connection broker wants to redirect a users connection request to a different server than the one that recieved the connection request, then the connection fails. If however the connection broker grants the connection to the same
  server as the request is comming from, then the user is logged in.
  Here are the log entries when the connection fails:
  "RD Connection Broker received connection request for user xxx\testuser. 
  Hints in the RDP file (TSV URL) = tsv://MS Terminal Services Plugin.1.KRPCLOUD 
  Initial Application = NULL 
  Call came from Redirector Server = KRPSH01.xxx.net 
  Redirector is configured as Farm member"
  Followed by:
  "RD Connection Broker successfully processed the connection request for user xxx\testuser. Redirection info: 
  Target Name = KRPSH02 
  Target IP Address = 10.4.3.7 
  Target Netbios = KRPSH02 
  Target FQDN = KRPSH02.xxx.net 
  Disconnected Session Found = 0x0"
  The a few minutes later this entry is found in the log:
  "Remote Desktop Connection Broker Client failed to redirect the user xxx\testuser
  Error: NULL"
  These are the log entries when the connection is successfull:
  "RD Connection Broker received connection request for user xxx\testuser 
  Hints in the RDP file (TSV URL) = tsv://MS Terminal Services Plugin.1.KRPCLOUD 
  Initial Application = NULL 
  Call came from Redirector Server = KRPSH02.xxx.net 
  Redirector is configured as Farm member"
  Followed by:
  "RD Connection Broker successfully processed the connection request for user xxx\testuser. Redirection info: 
  Target Name = KRPSH02 
  Target IP Address = 10.4.3.7 
  Target Netbios = KRPSH02 
  Target FQDN = KRPSH02.xxx.net 
  Disconnected Session Found = 0x0"
  And then:
  "Session for user KASSERAPPORTEN\krptest successfully added to RD Connection Broker's database. 
  Target Name = KRPSH02.kasserapporten.net 
  Session ID = 2 
  Farm Name = KRPCLOUD"
  And:
  "This connection request has resulted in a successful session logon (User successfully logged on to the end point). Remote Desktop Connection Broker will stop monitoring this connection request."
  If I connect to one of the other servers on the network - the KRPDC01 - and from there connects to the RDS Farm (internally) then there is no problem recieving the connections. Also connections where the broker has to redirect the connection to a differing
  Session Host is completed without problems.
  I have noticed than when successfully connection from internally where the connection is redirected by the connection broker, then I actually recieved 2 certificate warnings. One first from the Session Host that have recieved the connection request, and the
  shortly after from the second Session Host (when the connection broker is redirecting the connection) and then the connection is established.
  When connection from the outside, I never get the second certificate warning.
  In Azure I have setup indpoint for Remote Desktop - TCP/3389 on both Session Host servers and on the Connection broker.
  As mentioned I am at a total loss, and I hope someone out there is able to help me solve this issue.
  Thanks in advance :-)
  Regards,
  Daniél 

  Hi,
  Seems this issue is related with Windows Azure Virtual Machine, I will move it to Windows Azure Virtual Machine Forum for a better help.
  Thank you for your understanding!
  Best Regards
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• RDS VDI Certificate Mismatch

  Hi,
  I have a 2012 R2 RDS farm deployed and users are able to log onto the personal desktops successfully.  However, when the user launches the VDI from RDWEB, they receive a certificate mismatch.  The certificate being presented is self signed from
  the VDI.
  Is this normal behaviour for the VDI connection? Or am I missing something here?

  Hi,
  When running App\VDI from RD web we have to use the trusted certificate for proper connection. If you are receiving certificate mismatch error then there are certain reason to occur. When publishing RDS externally, you will see a certificate mismatch as the
  internal server FQDN’s/IP addresses will show externally during the connection process to RemoteApps or RemoteDesktops.
  There are certain solution to resolve this issue.
  • Can create a new DNS zone, .COM to allow split-brain DNS (so that internal clients can resolve external names internally)
  • Create a relevant DNS entry to point to the RDS environment’s internal IP address
  • Create a relevant DNS entry in external DNS to point to the firewall which is publishing RDS’s external IP address
  • Use the following script to change the FQDN of the RDP files provided by RD Web Access / RemoteApp and Desktop connection feed
     https://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80
  You can also refer beneath article for information.
  Configuring RDS 2012 Certificates and SSO
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• IE 9 on RDS Farm makes user HTTP redirection

  Hello
  I have a strange behavior for which I can't find a solution:
  I have an RDS Farm (Windows 2008R2) and my users use IE9. When they connect to one our business Tools (developped in Java) they connect perfectly. In the following day when they reconnect IE9 make auto redirection to the localhost (on the IIS local) and I receive
  n error 404 from my local IIS. IE 9 don't change the URL typed in the bar but make a background redirection.
  I tried to reconnect after 30 minutes (timoeut of the apache server) but it still works the behavior appears after the night.
  Once the problem appears if I type an IP address in the URL IE doesn't change nothing in the address bar but makes a background redirection to localhost. If I type the DNS name it works normally.
  Please help me because I am losing all my hairs on this problem.
  Thanks in advance
  Michael

  Hi Dharmesh,
  Why a DNS issue? After the problem appears I can't reach an url based on IP address bu I can always reach all urls based on DNS names.
  For me the Java application seems to introduce an strange behavior in IE.
  If I compare settings of IE before and after the issue the settings are 100% equal.
  In addition I can still ping ip addresses and dns names after the problem appears just typing
  http://192.168.15.20:8080war  in the address bar of IE redirect to
  http://127.0.0.1war without showing 127.0.0.1 .... in the address bar but keeping the old url. But in this moment my localhost IIS reply error 404 (of course as I cannot run a Java apps on IIS).
  Rgs

• RDS Farms in Windows 2008 R2

  Hi,
  I have a lab with following structure.
  RDWEB.test.com ---> RD web server
  RDCB.test.com   ----> Connection broker
  RDSH01.test.com ----> Session server 1
  RDSH02.test.com ----> Session server 2
  RDSH03.test.com ----> Session server 3
  RDSFarm01 (RDSH01, RDSH02, RDSH03) configured.
  My Requirement:-
  Now I have added two more servers (RDSH04 & RDSH05) in above lab. But this time I want to use RDSFARM02 for these two servers being connection broker (RDCB.test.com ) same as above.
  Could you please let me know if it is possible to configure 2nd RDS Farm (RDSFARM02) with same connection broker server (RDCB.test.com) in windows 2008 R2 Environment?
  System Engineer

  Hi,
  Yes, you can configure a second RDS farm using the same broker if you would like.  If using DNS RR create the A records for the new FQDN (for example, rdsfarm02.domain.com) to point to RDSH04 and RDSH05, and in RD Session Host Configuration (tsconfig.msc)
  on RDSH04 and RDSH05 set the farm name to RDSFARM02.
  -TP

• Users Cannot Change Passwords on a Server 2012 R2 RDS Farm

  Hello I have a Server 2012 R2 RDS Farm consisting of 1 server that has connection broker and gateway configured and 4 RDS Session Hosts. The works great I even have a separate remote app farm to distribute the apps to the servers, my main issue is passwords
  and the lack of the EU ability to change these, listed below are my symptoms.
  Users password has expired denied logon instantly with no ability to change password.
  User tries to change password whilst in 30 day warning period using ctrl alt end the user is advised the password does not meet complexity requirements I have checked this and they do meet them.
  Expired passwords can be changed via the RDWeb site however this is not an option for us.
  Chris

  Hi,
  Firstly, based on my knowledge, remote users may have to change their passwords before expired. If not, they have to use OWA or logon on locally to change their passwords.
  Regarding the issue, please let us know if the following policies are enabled in your domain.
  Enforce password history
  Minimum password age
  Also, does a local domain user have the same issue?
  Thanks.
  Jeremy Wu
  TechNet Community Support

• Win2008r2 RDS farm with "Remote Session Environment" set, Need on screen keyboard as well.

  I have an RDS farm with select users running an app for their session, I use the following GPO:
  http://i.imgur.com/DaKpW76.jpg
  This works great, however, I also want an on screen keyboard to load with it as well... This setting disables most login scripts I have tried. 

  Hi,
  Thank you for posting in Windows Server Forum.
  Sorry to disappoint you, but as per my research there is no any default path to set for all users to display on-screen keyboard. You need to start manually or need to develop some script to start on logon. For developing any script or program, I suggest you
  to contact our MSDN forum.
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• RDS Farm - OS Edition Requirements

  Hi there
  To create an RDS farm - can the RDS Session Host Servers OS be Standard edition, or is Enterprise Edition required?
  Regards
  Ian

  Hi,
  You can use Standard Edition for the Remote Desktop Session Host Servers. Before 2008 you needed Enterprise as the OS for Terminal Servers to make use of Session Directory (a TS farm). With 2008 (and R2) this isnt needed anymore. Connection Broker (formally
  Session Directory) does not require the RD Session Hosts to be Enterprise.
  Kind regards,
  Freek Berson
  http://microsoftplatform.blogspot.com/

• RDS Farm setting applied through GPO causing connection issues

  I'm having a strange issue with some RDS GPO's. Since automating the RDS server build process through SCCM I've moved the RDS farm / connection broker settings to a GPO. This works fine, once the servers are built the GPO applies and the machines join the
  farm.
  However, when any GPO associated with the farm is changed, all the sessions connected to the farm are dropped. User can reconnect but this is very inconvenient for us to try and push shortcuts and what not during production.
  After searching fro a while, to me, it seems like the GPO that assigns the farm settings is being reprocessed, causing the settings to drop and connections to be dropped.
  I wouldn't think that this would be normal behavior? Can anyone confirm for me that this should work as I expect it to?
  Thanks!

  Ok so I finally figured it out.
  It was what I expected, the GPO refresh was causing the settings to be dropped, this caused some registry keys to momentarily revert to their default.
  Specifically:
  HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Terminal Server/fDenyTSConnections
  The problem is that even if you set this registry key by hand, it will still revert during the GPO processing, which is what threw me off.
  The solution is to simply apply a GPP to the computer that specifically sets this registry entry to '0'. By setting the GPP, it stops the setting from reverting when GPO is refreshed. After extensive testing, I can confirm that this is fixed.

• Cannot access RDS Farm from Windows 8.1

  Hi,
  my problem is following. We have a RDS Farm (Windows 2012) and after update my Windows to 8.1 I cannot access the RemoteApp.
  The Problem exist only on Clients with Windows 8.1 and Windows 2012R2. Windows 8.1 using the new rdp protocol(8.1)
  I don't have this problem on windows 2012 or windows 8 with rpd 8.0
  I've tried to replace the mstsc.exe and mstscax.dll in c:\windows\system32, but that didn't work. I can start mstsc, but I get error like "TS Gateway is not supported from system setting. And the gateway settings in Remote Desktop client is grayed.
  Can me somebody help or can me tell how can I downgrade to rdp 8.0?

  Hi,
  What's the RemoteAPPs you point? Desktop APPs or Store APPs? What's the type of your account? Please check your remote account authority in Remote System, try to add your account to Administrator group for test.
  In addition, it would be better to provide more details when start RemoteAPPs failed. Is there any error message?
  Roger Lu
  TechNet Community Support

• Server 2012R2 -- RDS Farm with XP and Windows Vista Clients

  Hi There,
  My team has been having some fun in getting our Server 2012R2 farm operational, annoyingly MS documentation is severely lacking on how to correctly configure a 2012R2 Farm correctly.
  We have an RDG1-TCC server, which is the RDGateway, RDConnection Broker and RDWeb Server. We have two session host servers RDS1-TCC and RDS2-TCC.
  It took us some time and much online research to figure out exactly how we needed to configure the RDS server as a lot of information online for 2012R2 was apparently incorrect(was based on 2008R2 practices). We started off with using a DNS Round Robin for
  the RDS Session hosts servers and after a number of certificate issues, we later found this was incorrect. We're now using RDWeb exclusively, which appears to be the correct way to have the Connection Broker working?
  We've ran into a number of issues with certificates too, we have an external certificate for remote.domain.com. Installing this on all 4 options in the certificate manager has made internally work correctly via RDWeb, however externally we are getting a
  certificate mismatch as it's trying to connected to RDG1-TCC with a certificate for remote.domain.com. I'm pretty sure I can resolve this with a replacement remote.domain.com certificate that includes a SAN for *.domain.internal. Testing with a self signed
  certificate seemed to resolve this issue.
  Now providing i've configured everything the correct way, we have an issue where RDWEb RDP files do not work internally or externally for XP, Vista or Windows 7 (With RDP7.1). Windows 8/8.1 and Windows 7 with RDP 8/8.1 updates work perfectly fine. Unfortunately
  this new client has a few XP machines that they are not willing to update just yet.
  Is there a known fix/workaround to get these older clients working correctly?
  Sorry for the extremely long post, but I'm sick of banging my head against the wall trying to get something that we assumed would have been fairly simple to get up and running.
  Cheers,
  Ben

  Thanks for the assistance so fat, now I have all clients connecting, I need to tackle the certificate issues.
  The UC SAN certificate is going to cost much more than the current certificate, currently that idea is on the back burner as the client does not wish to pay a few hundred extra.
  To quickly sum things up:
  AD DNS(internal DNS) override in place for remote.domain.com.au pointing it to the internal IP of the gateway/connection broker/RDWeb server.
  Connecting Internally its working perfectly fine under all circumstances (I'm guessing this is because of Kerberos Auth)
  When users connect externally via RDWeb they get a certificate missmatch as the cert is for remote.domain.com.au and the server is RDG1-TCC.domain.com.net
  When users connect externally via MSTSC using the Gateway option, they get a certificate missmatch as per the above, however they also receive a second "certificate is not trusted" error for whatever RDS server they hit.
  I have tried the below previously and they broke other things:
  "Change published FQDN for Server 2012 or 2012 R2 RDS Deployment."
  This resolved the external certificate issue. However then internal connections stopped working. When connecting via RDWeb, you would get asked for credentials instantly and no matter what you entered, it just asked for credentials again.
  There did not seem to be ANY event logs for this connection.
  "Changing RDP-Tcp listener on RDSH to use external certificate."
  I can't recall the exact error we had when we did this, but I know we had to roll back the change. I have a feeling we then started getting certificate missmatch errors on the Session Hosts.
  I'm half thinking that when the farm is free(Currently being used for application UAT), I'm going to try and reconfigure the RDP-Tcp listener on the RDSH servers again and see if that resolves one or more of our issues.
  Do you have any suggestions on how I can use the correct published FQDN name without breaking internal access? Or any other ideas on getting this entire thing working both internally and externally?
  Also, Dharmesh, I've tried clearing out the certificate cache as suggested, but to no avail.

• RDS 2012 - Certificate Mistmatch

  I am getting the most annoying error with my RDS 2012 Setup.
  certificate mismatch and double password prompts when trying to connect to my RDS setup.
  I have tried all that's out there and have got no positive results.
  All roles are on identical on 2 servers. the RDCB is in HA Mode.
  I keep getting the Certificate mismatch error.
  Already have a public or external SAN certificate assigned to all roles.
  Ran the powershell and wmi query to ensure the correct url is used when connected to gateway but I still get the double prompt when launching the remoteapps.
  I even tried the approach by cleaning IE's history, data to get the RDPSHplugin and its not helped in my case.
  All servers run 2012.
  I need some urgent assistance, please and thank you
  I have also checked and rebooted the RDS environment multiple times.
  All certs show valid. the mismatch also goes to another cert in my environment which is utilized by OWA.
  Please help me.

  I downloaded the script to C:\ and tried running it - no luck
  PS C:\> .\Set-RDPublishedName.ps1 "remote.domain.com"
  Security warning
  Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your
  computer. Do you want to run C:\Set-RDPublishedName.ps1?
  [D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D"): R
  iwmi : Privilege not held.
  At C:\Set-RDPublishedName.ps1:9 char:11
  + $return = iwmi -class "Win32_RDMSDeploymentSettings" -namespace "root\CIMV2\rdms ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : InvalidOperation: (:) [Invoke-WmiMethod], ManagementException
      + FullyQualifiedErrorId : InvokeWMIManagementException,Microsoft.PowerShell.Commands.InvokeWmiMethod
  I also tried it from the other HA RDCB server.
  PS C:\> .\Set-RDPublishedName.ps1 "remote.domain.com"
  Security warning
  Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm
  computer. Do you want to run C:\Set-RDPublishedName.ps1?
  [D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D"): R
  Set-RDClientAccessName : A valid fully qualified domain name (FQDN) for the server was not specified.
  At C:\Set-RDPublishedName.ps1:22 char:1
  + Set-RDClientAccessName -ConnectionBroker $ConnectionBroker -ClientAccessName $Cl ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
      + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Set-RDClientAccessName
  I also tried is this way- 
  PS C:\Users\administrator.TBCL\Downloads> .\Set-RDPublishedName.ps1
  Security warning
  Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your
  computer. Do you want to run C:\Users\administrator.TBCL\Downloads\Set-RDPublishedName.ps1?
  [D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D"): R
  cmdlet Set-RDPublishedName.ps1 at command pipeline position 1
  Supply values for the following parameters:
  (Type !? for Help.)
  ClientAccessName: remote.domain.com
  iwmi : Invalid namespace
  At C:\Users\administrator.TBCL\Downloads\Set-RDPublishedName.ps1:9 char:11
  + $return = iwmi -class "Win32_RDMSDeploymentSettings" -namespace "root\CIMV2\rdms ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : InvalidOperation: (:) [Invoke-WmiMethod], ManagementException
      + FullyQualifiedErrorId : InvokeWMIManagementException,Microsoft.PowerShell.Commands.InvokeWmiMethod

• RDS 2012 - Certificates

  Hi all,
  This is my setup :
  RDS 2012 R2
  Two connection brokers setup in HA:  FQDN = RDCB.Internaldomain.com
  Two Web Access servers for internal user setup with DSN Round Robin so I can have a basic HA: FQDN = InternalWA.internaldomain.com
  Two Gateway servers in HA:  FQDN:
   RemoteGW.InternalDomain.com
  Both Gateway server have RD Web Access installed and using DNS Round Robin to have a basic HA): FQDN 
  RemoteWA.ExternalDomain.com
  My company will not approve having a trusted wildcard certificate. So, in the “Edit Deployment Wizard”, I was thinking of deploying
  one public (and trusted) SAN certificate containing all the above FQDNs to all the Role Services (RD Connection Broker –Single Signon, RD Connection Broker -
   Publishing, RD Web Access and RD Gateway).
  Will this be ok or do I need to add other FQDNs to the certificate (for example the FQDN of all the Session Host servers)?
  Best regards,
  Jesmat.

  Hello,
  In your FQDN  did you forget to add a "." as : RDCB.Internaldomain.com
  and RemoteWA.ExternalDomain.com
  are 2 different domain names
  The SAN option i thiink will not be liable here . Except if you use self signed for your internal connection  ans
  the san for the external one.
  refer to :http://en.wikipedia.org/wiki/Wildcard_certificate
  But i cannot confirm that the san certificate will be allowed on the gateways.
  Hope it helps 
  Fred