Problem with RD CB reconnection and certificates

H.

We have a farm with two RD SH servers (2012 R2), with RD CB load balancing between them. Each RD SH also runs RD GW.

We are using an external DNS name that is different from the AD domain name. This name is used for both external access to the gateway, and also for the RDP connection inside the gateway. The cert for the external name is installed on all roles, including RD SH.

The problem I have is when RD CB makes a reconnect, because then it instructs the client to connect to the internal AD FQDN, which will not match the certificate on the server, causing a certificate warning to be showed.

Is it possible to configure RD CB to tell the client to connect to the external name, BUT with the IP address of the specific RD SH? I suppose it isn't but I'll ask anyway.

The only other solution I can see is to buy a new wildcard cert for the AD domain name, and use that for the SH servers, and change the RD connection to go to a name on the internal AD instead of the external name. The external name would still be used for gateway access.

June 18th, 2015 3:37am

Hi Johan,

Normally, internal users would connect to RDS farm via internal FQDN while external users would connect via external FQDN.

The only other solution I can see is to buy a new wildcard cert for the AD domain name, and use that for the SH servers, and change the RD connection to go to a name on the internal AD instead of the external name. The external name would still be used for gateway access.

Yes, you may purchase a new wildcard certificate.

However, it is not the only solution, since a certificate for internal connections is required, you may build up an internal CA, then issue certificates to your Connection Broker and RD Session Hosts.

For more detailed information, please refer to this blog below:

Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services

http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx

Best Regards,

Amy

Free Windows Admin Tool Kit Click here and download it now
June 19th, 2015 3:16am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics