Remote Desktop Certificates
H
I have an Azure hosted RD deployment that consists of 2 x RDG/WebAccess servers (one of these is the connection broker) that sit behind an Azure Traffic manager. Behind these I have 6 RD Session Hosts.
I am totally confused over certifcates. What certificates do I need where and where do I create the CSR for each certificate.
Any help gretly appreciated.
Simon
Hi,
Thank you for posting in Windows Server Forum.
As per your case, you can use wildcard certificate or SAN certificate for your network. Which can serve the certificate for all your server. Basic requirements for Remote Desktop certificates:
1. The certificate is installed into computer’s “Personal” certificate store.
2. The certificate has a corresponding private key.
3. The "Enhanced Key Usage" extension has a value of either "Server Authentication" or "Remote Desktop Authentication" (1.3.6.1.4.1.311.54.1.2). Certificates with no "Enhanced Key Usage" extension can be used as well.
More information.
A. Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
B. Minimum Certificate Requirements for Typical RDS implementation
Hope it helps!
Thanks.
Dharmesh Solanki
Similar Messages
-
Remote Desktop Certificate Deleted Accidently
I have accidently deleted the Remote Desktop certificate from my windows server 2012 r2 server. Is there a way to bring it back?
Hi,
We can only retrieve deleted certificate if we have backed it up.
If there is no backup, please enroll a new one.
More information for you:
We deleted the trusted (purchased) Exchange SLL Certificate , How can I restore it
https://social.technet.microsoft.com/Forums/exchange/en-US/10c006e7-fc81-4c1d-ba88-f8420919c5f3/we-deleted-the-trusted-purchased-exchange-sll-certificate-how-can-i-restore-it?forum=exchangesvrdeploylegacy
Best Regards,
Amy -
Remote Desktop Certificate Error - Server 2012 Essentials
My remote desktop connection was working fine until the operating system installed some recent updates automatically. I had everything set up, and the certificate was installed and working fine and had no issues getting to my remote computer. Recently when
I log into my remote web access and try to connect to any of the computers on the list I get an "Remote Desktop Connection" error. "Your computer can't connect to the remote computer because no certificate was configured to us the Remote
Desktop Gateway server." Like I said the certificate was installed and working fine the other day. Any insight is appreciate. ThanksHi ChrisCJK,
Based on the error message, please refer to the following operations and then check if can help you to solve
this issue.
Locate to Remote Desktop Services folder in Administrative Tools, then please open the
Remote Desktop Gateway Manager.
Right click server name and select
properties.
Select the SSL Certificate tab.
Then please click the “Import Certificate…” button.
Select the trusted certificate and click Import again. And then click Apply and OK.
If this issue still persists, please type the following command at the command prompt, then press ENTER:
netsh http show sslcert
Please check the value for
Certificate Store Name.
Meanwhile, please follow the path in Event Viewer:
Applications and Services Logs-> Microsoft-> Windows-> TerminalServices-Gateway folder. Please check if you can find any error message. Please also check other related TerminalServices folder if you can find some other clues. It will help us to go
further analysis.
Hope this helps.
Best regards,
Justin Gu -
Remote Desktop Connection With Custom Certificate on Windows 8.1 fails
I'm trying to establish a secured remote desktop connection without success.
The setting
There are some local pcs with windows 8.1 Pro and windows 7 Pro, no server-edition. I've created a self signed ca-certificate with openssl for Windows. I used this to sign custom certs for the local windows-pcs, which are installed at mmc -> certificate
snap-in for local computer -> My Certificates -> Certificates. The networkdriver has the right to read the key. The sha1-fingerprint of the custom signed certs are registered at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
-> SSLCertificateSHA1Hash = sha-1 hash of the custom local cert. Additionally the revocation-list is restrained to the local list by setting HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp -> UseCachedCRLOnlyAndIgnoreRevocationUnknownErrors
= 1.
The results
The connection form win 8.1 to win 7 works. The connection info confirms that it is a veryfied connection. The connection to windows 8.1 fails after entering the credentials with error: No connection possible. Network Level Authentication is set, but other
level don't work as well. The log (Event Views -> Applications and Services Logs -> Microsoft -> Windows -> TerminalServices-RemoteConnectionManager -> Admin) says "Remote Desktop Services has taken too long to load the user configuration
from server" and "The Local Security Authority Cannot Be Contacted" (error 0x80090304)
Aditional information
The connection via linux (remmina) works for win 7 and win 8.1, but I have no information about the encryption. It is the same with the Microsoft Remote Desktop Tool for Android.
Maybe it is accociatet with a different cert handling by Windows 8.1 but I couldn't find further information or a solution in the internet.
Best regards
abditusI solved the problem!
The default openssl certificate signature algorithm is md5RSA but it doesn't work with windows 8.1.
It is at least sha1RSA needed.
By adding "default_md = sha1" to the openssl.cnf you create certs with sha1RSA and it works fine.
Beste Gegards
abditus -
Unable to select Certificate for Remote Desktop Connection
Hi,
I have created a certificate with below parameter in inf file through a local Standalone 2008 r2 CA & imported it into Computer personal certificate store but unable to see this certificate entry while trying to select it under Remote desktop connection.
Somewhere saw we should have the private key in personal certificate store but didn't get how/where to get that key. Is that the reason, m unable to select this certificate or there is something missing in the input parameter used in inf file. Kindly suggest
what could be the problem.
[NewRequest]
Subject="CN=Server.Domain.com"
Exportable=TRUE
KeyLength=2048
KeySpec=1
KeyUsage=0xf0
MachineKeySet=TRUE
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1
OID=1.3.6.1.5.5.7.3.2
OID=1.3.6.1.4.1.311.54.1.2
Regards,
DhirajHi,
Problem is resolved now. i have done below two changes.
--> used KeyUsage=0xA0 in inf file.
--> imported certificate through certreq -accept. Earlier i was importing cert from mmc.
I think second point resolved my problem. i even didn't think that mmc & command can make this difference.
Dhiraj -
Windows XP SP3 connect to Remote Desktop 2012 R2 - certificate error
Hi all!
I have Terminal Farm: 3 servers - Remote desktop session host 2012 R2(RDSH) and 2 servers - Remote Desktop Connection Broker(RDCB)
I try connect to this farm from Windows XP SP3 with KB WindowsXP-KB969084
and I get error
‘The connection has been terminated because an unexpected server authentication certificate was received from the remote computer.’
All certificate from connection broker I have already installed on XP machine.
I try to connect to one of the three servers RDSH directly, and connect successfull.
I try to connect to one of the two servers RDCB directly, and get same error
'The connection has been terminated because an unexpected server authentication certificate was received from the remote computer.’
I try connect to this farm(or directly to RDSH) from Windows 7/8/8.1 and haven't issues, all work perfectly!
It is possible connect to Farm with balancing by RDCB from Windows XP?
RDP file here:
redirectclipboard:i:1
redirectprinters:i:1
redirectcomports:i:0
redirectsmartcards:i:1
devicestoredirect:s:*
drivestoredirect:s:*
redirectdrives:i:1
session bpp:i:32
prompt for credentials on client:i:1
server port:i:3389
allow font smoothing:i:1
promptcredentialonce:i:1
videoplaybackmode:i:1
audiocapturemode:i:1
gatewayusagemethod:i:2
gatewayprofileusagemethod:i:1
gatewaycredentialssource:i:0
full address:s:NL-S-RDCB01.CONTOSO.COM
gatewayhostname:s:rdgw.contoso.com
workspace id:s:NL-S-RDCB01.CONTOSO.COM
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.USA01
use multimon:i:1
alternate full address:s:NL-S-RDCB01.CONTOSO.COMI received free trial certificate from COMODO with DNS name of RDCB farm.
I installed to RDCB SSO from console, and checked from Windows XP, and gave same error.
I have captured trafic by netmon while mstsc connecting to server with real certificate and with self signed certificate.
windows xp 172.19.7.232
server rdcb 172.19.5.110
(172.19.5.13 DC , 172.19.5.60 - proxy server )
arhive has 2 file cap, error and success.
http://1drv.ms/1qq5xk7
I don't understand what is wrong.
error session
success session
XP openssl test
error
C:\OpenSSL-Win32\bin>openssl s_client -state -connect nl-s-rdcb01n1.ao.nlmk:3389
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Loading 'screen' into random state - done
CONNECTED(0000074C)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 C = US, O = "Thawte, Inc.", CN = Thawte SSL CA
verify error:num=20:unable to get local issuer certificate
verify return:0
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
Certificate chain
0 s:/C=RU/ST=RUSSIAN FEDERATION/L=Lipetsk/O=JSC NLMK/OU=IT Department/CN=*.nlmk.ru
i:/C=US/O=Thawte, Inc./CN=Thawte SSL CA
1 s:/C=US/O=Thawte, Inc./CN=Thawte SSL CA
i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawt
e Primary Root CA
Server certificate
-----BEGIN CERTIFICATE-----
MIIEozCCA4ugAwIBAgIQBSABgsG7MYkmtvcuB6F7DzANBgkqhkiG9w0BAQUFADA8
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVGhhd3RlLCBJbmMuMRYwFAYDVQQDEw1U
aGF3dGUgU1NMIENBMB4XDTEzMTEyNjAwMDAwMFoXDTE1MTEyNjIzNTk1OVowezEL
MAkGA1UEBhMCUlUxGzAZBgNVBAgTElJVU1NJQU4gRkVERVJBVElPTjEQMA4GA1UE
BxQHTGlwZXRzazERMA8GA1UEChQISlNDIE5MTUsxFjAUBgNVBAsUDUlUIERlcGFy
dG1lbnQxEjAQBgNVBAMUCSoubmxtay5ydTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALQaw1LHKqyTR1Xr/ujjoyZFBLFK+R4/lAmUU2l1uSHRe1L54j0b
Mubh6eNgKbVKZWMZ0co/4vRbpbb6cUHdQK8P6zbHtJNLAHKCrQs/3UKA9raZrdG4
yVHLvkFSyKB5bukJSHtaxSTKnECfJoHLm7KbD9E0DtKxbeuPR2bbNm+HsNjrZFRC
N2fNmd/03mY/bpTAbA7yjqzfdP8lVNUuts5pfmJDzTaBfvnijN6cQNS/mUoMy32s
Hr8mM4Ge8Zy1Vkck8aFLmMrxY5Nuz2Z/ARUnw70vqU99w1k6DbJGW33vl2Mwdhq6
tAVGAOdWIOVyTZFHGXVxEws+ZN1/S3RwvmsCAwEAAaOCAWAwggFcMBQGA1UdEQQN
MAuCCSoubmxtay5ydTAJBgNVHRMEAjAAMEIGA1UdIAQ7MDkwNwYKYIZIAYb4RQEH
NjApMCcGCCsGAQUFBwIBFhtodHRwczovL3d3dy50aGF3dGUuY29tL2Nwcy8wDgYD
VR0PAQH/BAQDAgWgMB8GA1UdIwQYMBaAFKeig7s0RUA9/NUwTxK5PqEBn/bbMDoG
A1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9zdnItb3YtY3JsLnRoYXd0ZS5jb20vVGhh
d3RlT1YuY3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBpBggrBgEF
BQcBAQRdMFswIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wNQYI
KwYBBQUHMAKGKWh0dHA6Ly9zdnItb3YtYWlhLnRoYXd0ZS5jb20vVGhhd3RlT1Yu
Y2VyMA0GCSqGSIb3DQEBBQUAA4IBAQB1Yk/f+occf3EItwOrdl2adeeRzDikghd9
GeZVNdw5QbcvgUbnWqdNIUeWIVDMVLKFCAlkDy4Lh32y+1g70EbjkeM36yLgU5fL
HT6Kttk6LU7m6v8Gq0OWp3enEX0GMP8g3nfbwgUfnALlrEurmiw7oYMc/jfKAGu4
aCtuQTGrfd8rMgT2Ue9gFOLD00yuFW6r0baBwGjjXIO5GSMnh+jsxvhColqK4hTV
09SKbfUtuE8O8YddGK13u4cUWE/sQauiFtQ3nv40m95WSurzMzGuYd9F1p67ftGZ
maI3IrDc/3/pi+j6dCgOwx/H5KrpOE5C1kyn9jlB+vb1r3oG1Z+V
-----END CERTIFICATE-----
subject=/C=RU/ST=RUSSIAN FEDERATION/L=Lipetsk/O=JSC NLMK/OU=IT Department/CN=*.nlmk.ru
issuer=/C=US/O=Thawte, Inc./CN=Thawte SSL CA
No client certificate CA names sent
SSL handshake has read 2870 bytes and written 489 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA384
Session-ID: CF39000092092535BFAC5569F795FE1EB5F728A51709A1AC4EDE46C94DB79973
Session-ID-ctx:
Master-Key: 94F9E13C9413CBD4D1035DE764E80998BA488B57286812653268B4667DB2B4282FF077C7287A178C58BDF58AE1F89845
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1416399131
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
sucess connect
C:\OpenSSL-Win32\bin>openssl s_client -state -connect nl-s-rdcb01n1.ao.nlmk:3389
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Loading 'screen' into random state - done
CONNECTED(0000074C)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 CN = nl-s-rdcb01n1.ao.nlmk
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = nl-s-rdcb01n1.ao.nlmk
verify error:num=21:unable to verify the first certificate
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
Certificate chain
0 s:/CN=nl-s-rdcb01n1.ao.nlmk
i:/CN=nl-s-rdcb01n1.ao.nlmk
Server certificate
-----BEGIN CERTIFICATE-----
MIIC7jCCAdagAwIBAgIQNPrx9yTidIlBNyJhK0NO4zANBgkqhkiG9w0BAQUFADAg
MR4wHAYDVQQDExVubC1zLXJkY2IwMW4xLmFvLm5sbWswHhcNMTQxMTE4MDYxNTUy
WhcNMTUwNTIwMDYxNTUyWjAgMR4wHAYDVQQDExVubC1zLXJkY2IwMW4xLmFvLm5s
bWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52854OkRphZiwx+WY
vVF8LZ2gPOGczzQeBLI8nvQW/nOWkWqBXh41pUBsgrdKh/sHHss8En4oCkkdgqlO
tsYjMRjdXzKY60GoBGJaMzOc3l9qt5XaLDO34KG4+M8AcovB5zVPGQtQcWKUXhgR
2HwwH41fgNEfSDLKfrqXetkyhvXfBO+tqX5Xa74Upr3cL3au2QKu6pQRWrxPV6CD
wFukKzIGrFeVQ/HuTkhdsmGKNvu+4sTBUqmeTpMAGTrer5A3wjBgDVBJxt+9CfqR
DaauF9te19XrgtMsx9VM6w0QAZeS9Ejt2gjGJ98nx0gmwiC7W/T37qBXQwEPCerq
WTkrAgMBAAGjJDAiMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIEMDAN
BgkqhkiG9w0BAQUFAAOCAQEANxSKg1saKBeKQwfSOUzzJkf2647eYexfg3ZHL0Xt
Fta0F7jg6I9GJXWnFhff0dHznQ8TWcJsfERjKlz2dat7cDMoGrh4w++7KB1NDYhS
Szv8Bedz98UCSVJe6fbkv/D3lVyWptPeKuRH2GudlgowLQr/IOjq38OXu8zmnAvQ
ebI5dmW96zCQV39PS1lqgVOLFcH/2udpepSagk7s5JSET/LfgNxcf9/la/oOU4L9
E0RqzcJpkIU5khq85EqegS0L6c+Le1rQNq4dKf9ZqeyuyiSLvbK732/YEmd4cE6/
6dp7AQhgXeDgu0TnpvFGHrmeZ13NOGDbVcjNzZDO+7d/eQ==
-----END CERTIFICATE-----
subject=/CN=nl-s-rdcb01n1.ao.nlmk
issuer=/CN=nl-s-rdcb01n1.ao.nlmk
No client certificate CA names sent
SSL handshake has read 1294 bytes and written 489 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA384
Session-ID: C826000075668AD271F512CAE83D0E4E8F68F572E06626AB2FE582398766882D
Session-ID-ctx:
Master-Key: 7C2122CD86FE59A47DDFB8C2E9DC0537AF8FEAF47A18BD14C1F0812AEFEBF0EB0DCDBF78920FD6E672809EDC001F37EE
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1416399014
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate) -
MS Remote Desktop crashes Mac OS X when trying to add a certificate
As written in the headline, when trying to permanently add a certificate, the window where I am supposed to enter my password produces the rainbow wheel of doom.
Steps to reproduce:
- Open MS Remote Desktop 8.0.8 (Build 25010)
- Connect to a server
- in "verify certificate", press "show certificate", then tick "always trust...."
- click "continue"
- password window opens, Mac crashes.
Steps to avoid the crashing:
- instead of "show certificate", just press "continue" - it works fine, it just doesn't store the certificate.Hi,
The version 8.0.9 is released, please try the latest one and see how it works.
https://itunes.apple.com/us/app/microsoft-remote-desktop/id715768417
Best Regards.
Jeremy Wu
TechNet Community Support -
Scenario:
Windows Server 2012 R2 Essentials
I purchased an SSL Cert from GoDaddy and I managed (after some challenges) to set up Anywhere access to use that new SSL Cert. I to rebooted the server and I am able to login to Anywhere Access vis https (using the SSL certificate) from PC, Mac and iOS.
So far so good.
The problem I am having is that when I click to launch a remote desktop connection to the server RDP connection wants to use the self signed SSL certificate of the server rather than the SSL Certificate I installed into Anywhere Access. As a result, I get
a security warning like this: "The identity of the remote computer cannot be verified. Do you want to connect anyway?"
The name in the certificate appears as ACME-SERVER.ACMEDOMAIN.local instead of the SSL Certificate I installed, which is
remote.acmedomain.com
If I lick to accept, RDP does work fine, it;s just using a self signed certificate. I want it to use the trusted certificate that I purchased and installed.
My guess is that there must be an additional step to tell Anywhere Access that when it generates the RDP session that it should use the cert? OR, is this just how it works?Because....
the server does not have a 'trusted' certificate assigned to it.
Only the RDP Gateway has the trusted certificate for the external name.
If you want to remove that error, you have to do one of the following:
Make sure your domain uses a public top level domaim, and get a public trusted certificate for your server.
So, something like,
server.domain.publicdomain.com
Or,
Install that certificate on your remote computer so it is trusted.
Robert Pearman SBS MVP
itauthority.co.uk |
Title(Required)
Facebook |
Twitter |
Linked in |
Google+ -
Remote Desktop Session Host - Certificate Warning
Hi,
I'm setting up a Windows Server 2012 R2 Remote Desktop farm, consisting of 3 RDS hosts, a connection broker and a dedicated server with the web access and gateway role. I have created the server collection and the DNS round robin entries, with the name of
my collection pointing to the RDS hosts. When I connect to the farm, the connection broker determines the host with the least amount of active sessions and I will get directed to that host. Also a disconnected session on any host will get reconnected when
I log in, so all this works fine...
signed certificate with its own hostname. I tried to replace the certificate with a wildcard certificate, but then I still have the same problem. I connect to the farm FQDN and the server presents a certificate for '*.domain.com', which apparently still
doesn't match...
I have an enterprise CA running on our network. Should I request a certificate for the farm FQDN, import it on every RDS host and let RDS use that certificate? The remote desktop gateway will use the wildcard certificate, I guess I don't get any trust issues
as long as the enterprise CA is trusted on the gateway server?Hi,
When a client connects to the RD Connection Broker, it provides a cookie (loadbalanceinfo in the .rdp file) that tells the RDCB server the target collection, then the broker redirects to the proper RDSH. If you use a thin client that does not
know how to send the cookie or you do not specify it in the .rdp file then it will attempt to log on directly to the RDCB as you mention.
One way to obtain a .rdp file with the correct information is to use a non-IE browser to log on to RD Web and then click on the icon to download the .rdp file. That way you can use this .rdp file to launch the connection from the thin clients without
them needing to use RD Web.
An alternative to the above if you only have a single collection is to specify a default collection in the RDCB server's registry, like this:
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\ClusterSettings
DefaultTsvUrl REG_SZ tsv://vmresource.1.<VDI pool ID>
To determine the correct value for DefaultTsvUrl you can download the .rdp file from RDWeb as I mentioned above and edit the file in Notepad.
In regards to the certificate the easiest way is to obtain a wildcard certificate from a trusted third-party such as GoDaddy, VeriSign, Thawte, etc. and use that for all purposes of your RDS deployment. As you said you do not have an easy way to distribute
a trusted cert.
If you do not need the RD Gateway then you can remove it. I would leave RD Web Access installed since this is a core part of RDS, even though you do not plan to have clients use the web site.
-TP -
Remote desktop freezes Mac OS security agent and other apps when I try to accept certificate
https://www.evernote.com/shard/s2/sh/ae94f399-207a-4d89-bdf6-7700fe1efb8a/bb9a7e8e35564ababf8f232184bbffea
When I try to "Always trust" the certificate from my computer at work and click continue, I cannot enter my administrator password and it freezes other apps on my computer. I am not able to even restart the machine without forcing it with
the power button.I too get this issue.
I am using MS Remote Desktop Version 8.0.7 (Build 24875) on OSX 10.9.3. This has happened to previous versions MSRD.
This is the logs at the time of the freeze.
[2014-Jun-05 09:21:14] RDP (0): --- BEGIN INTERFACE LIST ---
[2014-Jun-05 09:21:14] RDP (0): lo0 af=18 addr= netmask=
[2014-Jun-05 09:21:14] RDP (0): lo0 af=30 (AF_INET6) addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
[2014-Jun-05 09:21:14] RDP (0): lo0 af=2 (AF_INET) addr=127.0.0.1 netmask=255.0.0.0
[2014-Jun-05 09:21:14] RDP (0): lo0 af=30 (AF_INET6) addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
[2014-Jun-05 09:21:14] RDP (0): gif0 af=18 addr= netmask=
[2014-Jun-05 09:21:14] RDP (0): stf0 af=18 addr= netmask=
[2014-Jun-05 09:21:14] RDP (0): en1 af=18 addr= netmask=
[2014-Jun-05 09:21:14] RDP (0): fw0 af=18 addr= netmask=
[2014-Jun-05 09:21:14] RDP (0): en2 af=18 addr= netmask=
[2014-Jun-05 09:21:14] RDP (0): en0 af=18 addr= netmask=
[2014-Jun-05 09:21:14] RDP (0): en0 af=30 (AF_INET6) addr=fe80::aa20:66ff:fe43:f95d%en0 netmask=ffff:ffff:ffff:ffff::
[2014-Jun-05 09:21:14] RDP (0): en0 af=2 (AF_INET) addr=10.10.1.25 netmask=255.255.255.0
[2014-Jun-05 09:21:14] RDP (0): bridge0 af=18 addr= netmask=
[2014-Jun-05 09:21:14] RDP (0): p2p0 af=18 addr= netmask=
[2014-Jun-05 09:21:14] RDP (0): --- END INTERFACE LIST ---
[2014-Jun-05 09:21:14] RDP (0): ----- BEGIN ACTIVE CONNECTION -----
[2014-Jun-05 09:21:14] RDP (0): client version: 8.0.24875
[2014-Jun-05 09:21:14] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-Jun-05 09:21:14] RDP (0): correlation id: 474ced09-8d6c-9a47-8e3f-54b44bc90000
[2014-Jun-05 09:21:14] RDP (0): Resolved '10.10.0.166' to '10.10.0.166' using NameResolveMethod_DNS(1)
[2014-Jun-05 09:21:14] RDP (0): Protocol state changed to: ProtocolNegotiatingCredentials(2)
[2014-Jun-05 09:30:16] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
[2014-Jun-05 09:30:16] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-Jun-05 09:30:16] RDP (0): ------ END ACTIVE CONNECTION ------
[2014-Jun-05 09:30:23] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
[2014-Jun-05 09:30:29] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-Jun-05 09:30:29] RDP (0): *** Application terminated ***
Should add the only way I get it to terminate is to physically restart. -
How to issue a self-signed certificate to match Remote Desktop Gateway server address requested
I have an RDG server named gw.domain.local with port 3389/tcp forwarded from
gw.example.com.
Using RDGM snap-in I created a self-signed SSL certigicate with FQDN gw.example.com.
But when I connect over RDP from outside the local network I'm getting an error:
Your computer can't connect to the computer because the Remote Desktop Gateway server address requested and the certificate name do not match
Because certificate subject name is gw.domain.local indeed.
So there question is: how to issue a certificate properly, or how to assign an existing one the name to match?Hi,
Thanks for your post in Windows Server Forum.
The certificate error which you are facing seems like certificate mismatch error, something like the security certificate name presented by the TS Gateway server does not match the TS Gateway name. You can try reconnecting using the FQDN name of the TS Gateway
server. You can refer below article for more troubleshooting.
TS Gateway Certificates Part III: Connection Time Issues related to TS Gateway Certificates
And for creating a SSL certificate for RD gateway, you can refer beneath articles.
1. Create a Self-Signed Certificate for the Remote Desktop Gateway Server
2. Obtain a Certificate for the Remote Desktop Gateway Server
Hope it helps!
Thanks,
Dharmesh -
IOS Remote Desktop app and computers connected to SBS 2008--can't get it to work
I can connect directly to the server without a remote resource in the IOS app.
But I'd like to be able to connect to computers in the office like we can through RWW. RWW works fine, but not from my phone. (Yes I can connect to the server and take over computers from the phone but I don't want other people in the office to log
into the server first!).
I can never get the remote resources section in the app to connect. I usually get "Unable to locate any remote resources for the URL". error in the resources section. I've tried a simple "https://remote.domain.com", "https://remote.domain.com:987",
etc.
We have a self-signed certificate. I can't think of anything in the server setup that is anything other than normal.
I can do direct connect using "Remote Desktop Connection" in windows 7. In the remote desktop server settings I just put remote.domain.com and "Ask for password (NTLM)" for the login method. Then on the general tab I have just the
simple computer name and the domain\username. That's all I had to setup to get that to work.
Any suggestions?Hi Michael,
Thank you for posting in Windows Server Forum.
Have you setup RD Gateway server in your environment? Are you trying to access the RWW through it?
On server side you can choose “Bypass RD Gateway server for local addresses” under RemoteApp manager and check the result.
For more information, you can check below links for detail.
Remote Desktop Client on iOS: FAQ
http://technet.microsoft.com/en-us/library/dn473015.aspx
Getting Started with Remote Desktop Client on iOS
http://technet.microsoft.com/en-us/library/dn473013.aspx
Hope it helps!
Thanks.
Dharmesh Solanki -
Remote Desktop Gateway on Windows Server 2012 R2 and IPAD
Hi guys,
Would love some help with an issue I been struggling for a couple of days now.
I have a RDS 2012 R2 Gateway configured and it works great with all Windows clients both internal and external communication. The problems comes now when my I want to use IPAD
from APPLE. I installed latest RD Client from Microsoft and it works great from the internal network but as soon the device is moved to an external network the client get an error while connecting. Gateway is located in the domain network.
The error is “Failed to parse authorization Challenge”,
This is what I see in the log file from the RD Client.
[2014-Mar-06 16:53:49] RDP (0): --- BEGIN INTERFACE LIST ---
[2014-Mar-06 16:53:49] RDP (0): lo0 af=18 addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): lo0 af=30 (AF_INET6) addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
[2014-Mar-06 16:53:49] RDP (0): lo0 af=2 (AF_INET) addr=127.0.0.1 netmask=255.0.0.0
[2014-Mar-06 16:53:49] RDP (0): lo0 af=30 (AF_INET6) addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
[2014-Mar-06 16:53:49] RDP (0): pdp_ip0 af=18 addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): pdp_ip0 af=2 (AF_INET) addr=10.25.216.171 netmask=255.255.255.255
[2014-Mar-06 16:53:49] RDP (0): pdp_ip1 af=18 addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): pdp_ip2 af=18 addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): pdp_ip3 af=18 addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): pdp_ip4 af=18 addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): en1 af=18 addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): ap1 af=18 addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): en0 af=18 addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): awdl0 af=18 addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): --- END INTERFACE LIST ---
[2014-Mar-06 16:53:49] RDP (0): Not using any proxy
[2014-Mar-06 16:53:49] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-Mar-06 16:53:54] RDP (0): Resolved 'MB-RDS-01.contoso.LOCAL' to 'ERROR: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.' using NameResolveMethod_Unknown(0)
[2014-Mar-06 16:53:54] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.(phase: 0, type: 0, reason: 0, systemCode: 0, systemMessage: )
[2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-Mar-06 16:53:54] RDP (0): Final rdp configuration used: {
activeUsername = " Contoso\\User01";
arcTimeout = 1800;
cacheId = 12BF328DD1C8B841;
certificatesUseRedirectName = 1;
configurationVersion = 8;
font = 1;
gatewayId = F2EE288CD1C8B841;
gatewayMode = 2;
gwAutodetectState = kConnectionGwAutodectedForceGW;
host = "MB-RDS-01.CONTOSO.LOCAL";
label = "Murbiten - Terminal Server";
loadBalanceInfo = "tsv://MS Terminal Services Plugin.1.Contoso_-_Termi";
mouseMode = "-1";
port = 3389;
temporary = 1;
type = rdp;
useAlt = 0;
utilityBar = "-1";
webFeedVersion = "Windows 2008 R2 or newer";
connections = (
F4BF288CD1C8B841,
12BF328DD1C8B841
host = "remote.customer.com";
id = F2EE288CD1C8B841;
port = 443;
temporary = 1;
type = rdp;
kCFProxyTypeKey = kCFProxyTypeNone;
[2014-Mar-06 16:53:54] RDP (0): --- BEGIN INTERFACE LIST ---
[2014-Mar-06 16:53:54] RDP (0): lo0 af=18 addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): lo0 af=30 (AF_INET6) addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
[2014-Mar-06 16:53:54] RDP (0): lo0 af=2 (AF_INET) addr=127.0.0.1 netmask=255.0.0.0
[2014-Mar-06 16:53:54] RDP (0): lo0 af=30 (AF_INET6) addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
[2014-Mar-06 16:53:54] RDP (0): pdp_ip0 af=18 addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): pdp_ip0 af=2 (AF_INET) addr=10.25.216.171 netmask=255.255.255.255
[2014-Mar-06 16:53:54] RDP (0): pdp_ip1 af=18 addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): pdp_ip2 af=18 addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): pdp_ip3 af=18 addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): pdp_ip4 af=18 addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): en1 af=18 addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): ap1 af=18 addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): en0 af=18 addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): awdl0 af=18 addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): --- END INTERFACE LIST ---
[2014-Mar-06 16:53:54] RDP (0): Not using any proxy
[2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-Mar-06 16:53:54] RDP (0): Resolved 'remote.customer.com' to '194.71.11.69' using NameResolveMethod_Unknown(0)
[2014-Mar-06 16:53:54] RDP (0): Resolved 'remote.customer.com' to '194.71.11.69' using NameResolveMethod_Unknown(0)
[2014-Mar-06 16:53:54] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 346
User Message : Failed to parse authorization Challenge
[2014-Mar-06 16:53:54] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 346
User Message : Failed to parse authorization Challenge
[2014-Mar-06 16:53:54] RDP (0): Error message: Failed to parse authorization Challenge(phase: 0, type: 0, reason: 0, systemCode: -1, systemMessage: )
[2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
[2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-Mar-06 16:53:54] RDP (0): ------ END ACTIVE CONNECTION ------
en → en
authorization
Adam BokiniecHi Jeremy,
I found a solution, thanks for you effort. The solutions is the following.
First thing that needs to be done is either solution from options below, I did the Solution 1 in my case and added a NPS server to AD. (https://blogs.technet.com/b/networking/archive/2010/01/14/remote-desktop-gateway-client-fails-authentication-with-your-user-account-is-not-authorized-to-access-the-rd-gateway.aspx)
Solution 1
Register the NPS server in Active Directory:
In Server Manager, browse to the following location: Roles\Network Policy and Access Services\NPS (Local).
Right click on the NPS (Local) node and choose Register server in Active Directory.
Click OK to authorize the server when prompted.
Solution 2
Open Active Directory Users and Computers on any Domain Controller of the same domain as the Remote Desktop Gateway.
Add the Computer Name of the Remote Desktop Gateway to the RAS and IAS Servers group.
Situation B
Restart the RDS host and Gateway server.
Secondly and the most important is to configure an alternate address that match your public certificate. My public certificate CNAME is “remote.domain.se”.
All commands need to be run as administrator in PowerShell
To show you current configuration run the following commands:
CollectionName is the Collection Name you created for the RDS deployment.
To get your collection name type
Get-RDSessionCollection
When you got the collection name type
Get-RDSessionCollectionConfiguration -CollectionName "RDS - Terminal Server" | FL *
The default configuration will look like this:
CustomRdpProperty : use redirection server name:i:1
No to add you public domain name that match the certificate run the following command
Set-RDSessionCollectionConfiguration –CollectionName " RDS - Terminal Server " -CustomRdpProperty "use redirection server name:i:1 `n alternate full address:s:remote.domain.se
Run again to verify your settings
Get-RDSessionCollectionConfiguration -CollectionName "RDS - Terminal Server" | FL *
Now it show look something like this
CustomRdpProperty : use redirection server name:i:1
alternate full address:s:remote.domain.se
IPADs and iPhones can now connect to your environment.
Adam Bokiniec -
RD Web access SSO - remote desktop doesn't work
Hi,
This is my first post in here, and I hope you gays can help me out.
I am currently experiencing some issues with RD Web SSO not working as I would like it to work. I have found countless articles and guides describing how to get it to work, but no guide have yet helped me.
The problem is that when I log in on the web access and open a published application everything works fine I wait 5 sec and the application pups up, but when I try to open "Remote Desktop" then I get a new log in box where I must enter my log in credentials
again (after entering my credentials everything work great.)
The problems I am currently facing is produced in a demo environment configured as follows:
1x DC server (DC01) also the lic server
2x RDS server (RDS01/02)
1x RDS Connection broker (RDCM01) I have created a farm named "farm01.mydomain.com"
1x RDS Web access server (RDWA01)
1x RDS Gateway (RDSGW01)
(All the Servers are installed with Windows server 2008 (R2) SP1, and have the latest update.)
I am publishing my demo environment on the internet, i have created a domain name for my gateway and my web access and they are both accessible from the web (rdwa.mydomain.com and rdsgw.mydomaim,com). I also have secured everything with an SSL wildcard certificate
( my external and intern domain names are the same so I am using one SSl certificate) that is trusted on the web.
when I log in on the web access server trough (IE9 or IE8 ) from another network(wan) and I open a published application (calculator), it pop ups in just a few seconds. But when I try to open my Remote desktop I get a login box where I must enter my
username and password one more time.. after that remote desktop opens and everything works great.
My laptop is a Windows 7 professional with RDP 7 and IE 9, and is not member of a domain (just a workstation), I have tested it from multiple workstations and networks(Also win 7 and RDP7) but even there I have the same problem.
Thinks that I have tried tell now:
I have created a kerberos account as mentioned on
MSDN
I have checked my group permissions as mentioned
here
And many more blogs and forums
I have tried multiple settings on RDCM, RDWA, RDSGW and RDS server
Right now I am out of ideas, and I hope you gays can help me out..
thanks in advance,
PouyanThnx for you advise,
Did you go into your RemoteApp Deployment settings and change the server name to the farm name "farm01.mydomain.com?"
Yes
Also in the Session Broker's RemoteApp and Desktop Connection Properties window change the Connection ID to the farm name as well.
actually I couldn't find out what to put on the connection ID so I had left it just default, but after changing it to the farm name it still doesn't work
Did you sign you apps with the cert used on your RDS servers?
yes, I am using a wildcard ssl certificate to sign all the servers/apps with.
there is
something that
strikes me, when I log on the web access and click on a published application (that is hosted from the same RDS servers) then I get a information box. when I click on the "details" button I see on the bottom "use the following credentials to connect" and my
domain and username are published there. But when I click on the "Remote desktop" icon and do the same I can't see this information!!
Also I don't think that its an SSL problem, because after log in again it works perfect without any warning. -
Remote Desktop to Windows 8 (in Azure) using a Windows Live Account
This took me a while to find this answer so posting it again in case it help anybody and also perhaps somebody has a suggestion of a better way to do it.
I spun up a Windows 8 Pro VM in Azure (using MSDN subscription) which gives me a local account to access it with via RDP. No problems there.
I want to use a Microsoft Account on this VM instead of a local account however, because I want to sync my OneDrive (reason: I have a lot of data in the Cloud via backup programs like Carbonite and CrashPlan that I want to move to my OneDrive as it
has unlimited space now, but don't want to use home or work network for that move as it will take months to move it all about. Cloud-to-Cloud initial data move seemed like it would be quicker hence I am doing it in Azure.)
I can't use OneDrive with the local account no matter what I tried so I had to log in as a Microsoft account.
I tried adding my Microsoft Account to this VM, making it Administrator and then switching the local account to that one but this process failed (even tried different accounts, one without 2-factor auth. enabled: nothing.)
I also tried RDPin in using the MicrosoftAccount\[email protected] rather than convert or link the local account but that didn't work either. "Your credentials didn't work." Even trying with just the email address didn't work. Nor did using
an app password (I have 2-factor enabled of course.)
The only way I was able to log in was to:
Under System properties of the Windows 8 Pro VM, under Remote tab uncheck "Allow connections only from computers running Remote Desktop with Network Level Authentication"
I follered these instructions to create and edit an RDP file on my local pc:
http://support.microsoft.com/kb/941641
Once I connected from my local pc with the modified RDP file to the Windows 8 Pro VM in Azure, I was prompted for the user to log in as by the VM, allowing me to select the Microsoft Account I had previously added instead of the local account which looked
the same as if you do it physically at the machine. This had not happened before and once I did, everything was fine after that :-)Hi,
Please use the original RDP file in another computer and install the certificate. And then use the new RDP for test
Karen Hu
TechNet Community Support
Maybe you are looking for
-
Mini DVI to Video doesn't work correctly
Hi I know the set up I have works i have used it before, all the cables work and connections are good etc... the problem is when i plug in the adaptor the screen turns black then blue and then transparent blue with what ever was on the screen before
-
I can't go to the previous/next page by swiping left/right
I am using Asus Vivobook Win 8, I can go to the previous webpage by swiping left with 3 fingers. I can do the same with Chrome but am wondering why this is not possible in firefox. Thanks!
-
hi, in oracle database 10g i created these types: create type obj1 as object att1 number, att2 varchar2(10) create type obj2 as table of obj1; create type obj3 as object a number, b obj2 in form builder i hadn't any problem with this code: declare lv
-
Hi, I deleted my recovery files from (Hp-Recovery D) also from my recycle bin i dont have a previouse version for it to restore but i do have copies of those 20GB files in 5 different CD's but when i try to do the samething as in the past opening t
-
Hello I have had my i pad taken by ex wife and now My apple id password keeps getting re set within a short time few hours by her how can I stop this