Auto-enrollment
Hi Folks,
I am deploying a Remote Desktop Gateway on a Windows 2008r2 Server and Windows 7 desktops.
I have slogged my way through all the security certificate stuff and I see some wonderful things happening. For example, as I start up my desktops, I see certificates being issued to each desktop automatically, and that is good news. I have checked:
these are signed as indicated by the verification path when I view the certificate.
When I fire up the RDP Client, I tell him the desktop where I want to connect and I tell him the Gateway. Each requires a certificate. The RD Gateway presents his certificate with no problem, but the destination desktop presents what appears
to be an auto-enrollment certificate which is not signed. I have tried to defeat this with an installed signed certificate and I deleted the unsigned certificate, but the unsigned certificate magically re-appears and has a precedence over the
signed certificate.
Auto enrollment is probably a good thing, but I'd like to specify that the auto-enroll certificates be signed. How do I do that?Thanks for the help,
Chris.
August 14th, 2012 9:01pm
RDP/RDS uses an auto-generated certificate if no other configuration exists. To have your RDP/RDS server to use a specific server certificate, you either configure the server manually using the RDP-Tcp Properties dialog box, which is accessed from
the Remote Desktop Session Host Configuration snap-in or using Group Policies for RD Session Host authentication and encryption settings to specify the Server Authentication Certificate Template forcing the RDS server to automatically bind the correct certificate
to its SSL layer, the GPO settings are located in the container:
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
/Hasain
Free Windows Admin Tool Kit Click here and download it now
August 15th, 2012 6:53am