Hi Folks, I have a Windows Server 2008r2 Domain Controller that is also a Certificate Authority and a RD Gateway server. And things are working quite nicely, Thank you -- with two minor exceptions. These are probably easy questions: 1) When I use the RDP client on a Windows 7 notebook from outside my subnet to connect to a desktop inside my subnet, almost everything works perfectly, he said with a bit of pride... However, I am warned during the connection dialogue that "A certificate revocation check could not be performed." This is for the certificate associated with the desktop, not with the RD Gateway. Is this a problem with the Windows 7 notebook client that is requesting the connection, the certificate associated with the remote desktop machine, or is this a configuration problem with my Certificate Authority who is not serving the CRL? The same check had to have been done for the RD Gateway machine earlier in the transaction and did not generate any warnings. 2) When I try to install my CA Trust Anchor in the "Trusted Root Certificate Authorities" using the Web Service http://.../CertSrv things go quite smoothly, but not completely correctly. I am presented with a list and the correct CA Trust Anchor is there on the list. When I "Open" it I have an "Install Certificate" button on the dialogue, which offers me the option to let him decide where this certificate should go, and it does not go to the correct place. In fact, I can't see that it goes anywhere. I need to explicitly address the "Trusted Root Certificate Authorities" store before this works correctly. It is not clear to me why this doesn't work as advertised -- the certificate template is "CA", and that is pretty clear. Any thoughts on this?Thanks for the help, Chris.

Hi Lutz, 1) ... Desktop... I know what a CRL is and how it is supposed to be used, thanks. CRL Management is supposed to be a part of Certificate Authentication and is not something I should have to manage -- this is why we have Certificate Authorities. So, why is mine not working? Where can I look for explanations for the client NOT being able to perform a certifacte revocation check? 2) Not worth continuing the discussion, since I know what he does and I can easily have him do the right thing.Thanks for the help, Chris.