Environment: 

• APP01.mydomain.Loc  - RD Web Access, Session Host, Connection Broker, Public IIS: mydomain.com
• DATA01.mydomain.Loc - RD Gateway, RD Licensing, RD Session Host, RD Virtualization Host, Domain Controller: mydomain.loc
• wildcard cert from CA - *.mydomain.com

When I edit the Deployment Properties and try to add my cert I am getting :

The error message that comes up is "Warning - Could not configure the certificate on one or more servers. Ensure that the servers are available on the network and apply the certificate again." The status stays at error and the state column changes to success.

I have RDweb configured on APP01 and can authenticate and launch remote sessions but they fail to start because no cert is configured. The SSL cert is installed on both servers.

Assistance would be greatly appreciated. I have been fighting with this for several days (I started with self signed cert) and I am almost at the point of blindly mashing keys like a rabid gorilla.

• Edited by Gen0 23 hours 36 minutes ago

Hi,

For your issue, I can understand that you are facing issue with configuring certificate for RDS Server 2012. For that I would like to provide some guide to resolve the issue.

Have you modify Server Authentication Certificate Template and Require use of specific security layer for remote (RDP) connections (To use SSL (TLS 1.0)) setting under below mention path.

Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security

Refer Create Trusted Remote Desktop Services (RDP) SSL Certificate for more information.

Apart from that, providing few more link.

1.  Configuring Remote Desktop certificates
2.  Configure custom SSL certificate for RDP on Windows Server 2012 in Remote Administration mode?

Hope it helps!
Thanks.

I am a little confused by what this will accomplish. It looks as though it applies to the RD Broker and the issuance of certificates for the RDP connection, however, the RD Broker accepted my certificate. It is the RDWebAccess server that is erroring when I attempt to install my CA cert. I would like to understand where the issue is coming from because the links you referenced regarding the certificate manager make sense as it is installed with the RDS role, but no "how-to" guides for setting up RDS mention having to set anything up in the cert manager. I apologize if I seem obtuse, I just hate to go playing with settings in unfamiliar territory.

Have you modify Server Authentication Certificate Template and Require use of specific security layer for remote (RDP) connections (To use SSL (TLS 1.0)) setting under below mention path.

Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security

I could not set the first one because there isn't a template where I can assign the certificate. 

I also noticed that when adding the certificate to RD Web Access when it fails it throws the following event in the logs: 



• Edited by Gen0 23 hours 34 minutes ago

Hi,

In regards to your adding the template under Server Authentication Certificate Template, I can let you know that when you enable the option then the option for adding certificate template is enable as per below.

 

Note: When you will select a specific certificate to be used to authenticate over RDSH Server, that certificate will take precedence over the policy setting.

Apart from that, you also have to import the certificate into the Local computer personal certificate store. In meanwhile also go through the new feature of CSS (Central Certificate Store) in server 2012 where certificate are store in centralized place by IIS manager.

Also refer beneath article might useful for trouble shooting the issue.

1.  How can I work around problems with certificate configuration in Remote Desktop Services?
2.  RDS Cant create New Certificate (Refer Answer by Walter Beach)

Thanks.