No announcement yet.

[Terminal server broker] Problem with certificates

  • Filter
  • Time
  • Show
Clear All
new posts

  • [Terminal server broker] Problem with certificates

    Hello all,

    I am new to this forum, so if i do something wrong, please correct me

    I have a problem with a terminal server setup.

    - Internet line has 1 public IP address.
    - I have one server, called S01, which is DC, RD Connection Broker, RD Gateway and RD Web Access server.
    - The terminal server is called TS01, which has only 1 remoteapp.

    Both servers are S2008 R2 standard.
    The domain leads to my public IP, and the web access is available at https://

    Logging on goes fine to web access, and I see the remoteapp published at the TS01.

    I have two problems now.

    - When the user clicks a remoteapp, credentials are asked. Why? The user already entered this when logging in on the web access site.
    - When a users clicks on the remoteapp, he has to enter credentials, and after that, a warning pops up telling that the used certificate is for, but the name os the server is ts01.internaldomain.local.

    How do I fix this ?
    Please help out!
    Last edited by yuval14; 26th March 2011, 16:47.

  • #2
    Re: [Terminal server broker] Problem with certificates


    You may need to use SAN certificate with two FQDN (external and internal):

    * There additional options to resolve this issue (e.g. using host file/internal DNS zone that use internal IP for the external FQDN, but it's may complex the network).

    Also, I don't recommend to use DC as application server. The TS gateway and TS web should be in the DMZ usually.

    I guess that after fixing the certificate issue, the authentication issue will resolved.
    Best Regards,

    Yuval Sinay

    LinkedIn:, Blog:


    • #3
      Re: [Terminal server broker] Problem with certificates

      Thanks fro your response. Since this is still a test setup at the moment, there is no budget for a SAN certificate.

      You mention a internal DNS zone for the pulic domain.

      At the moment, i have 2 servers:

      s01.test.local ( = DC / TS Gateway / TS Broker / TS Web access
      ts01.test.local = TS session ( host / remoteapp server

      Let's say the public domain is
      I already created a DNS zone on my DC that tells leads to, which is the web server for the RDweb.

      Since it points to S01, it can't point to TS01, where the remoteapp is. How should I configure DNS to resolve the problem that the name where the TS01 presents itself with, is the external domain name, en not ts01.test.local ?


      • #4
        Re: [Terminal server broker] Problem with certificates

        You should work with host names....
        For exmaple:

        external host:
        Best Regards,

        Yuval Sinay

        LinkedIn:, Blog: