Announcement

Collapse
No announcement yet.

RemoteApp and RD Gateway

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • RemoteApp and RD Gateway

    I've a freshly installed 2012 R2 server, i'm wanting to make use of RemoteApp. Everything is on this single server.

    I've set it up using the quick setup, confirmed it was working ok. I then installed the gateway, this is also working but with certificate errors.

    I've now bought a certificate, installed this and i still get a mismatch error when logging in externally.

    The mismatch is that it wants a certificate matching the internal name where as the certificate is for the external name. I've told the 4 instances to use the new certificate.

    I've tried everything, but im unsure on where to go from here.

  • #2
    Re: RemoteApp and RD Gateway

    Not 100% sure, but I think the gateway has to have certs appropriate to both the internal and external sides. The external side cert is for proper negotiation with the people coming in to connect to the gateway, and the internal cert is for the gateway to connect to the internal domain server.

    If the internal domain cert is from an internal Cert Authority (usually a DC), then that cert chain must be on both the server and the gateway.
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment


    • #3
      Re: RemoteApp and RD Gateway

      thanks for the reply.

      It was my understanding that you only needed a cert for the external name.

      after more reading i found a powershell to change the published FQDN

      http://gallery.technet.microsoft.com...N-for-2a029b80

      After doing this i now no longer get any errors regarding the certificate. Although i can't connect at all now and get the following error;

      The user "DOMAIN\USER", on client computer "0.0.0.0", did not meet resource authorization policy requirements and was therefore not authorized to resource "remote.domain.com". The following error occurred: "23002".
      To add to the above, these are the things i have also tried.

      I've recreated the both RD CAP and the RD RAP and with in the RD RAP i've added the IP, FQDN and Netbios name. Still no luck.
      Last edited by nabberuk; 12th February 2014, 21:51.

      Comment


      • #4
        Re: RemoteApp and RD Gateway

        Certificates for your internal domain name come from your internal CA, as RicklesP suggested. Vendors don't usually sign certs for intranets, as that domain name isn't registered anywhere outside the domain, and therefore cannot be validated. You'll need to create a self-signed cert for internal use and use the other for external.

        As for what's happening when you try to install your cert, I'm afraid I couldn't say. Why it would be requesting an internal cert when you are logging in from outside the domain is beyond me. You're absolutely sure you're hitting the external address and not internal? Also, when you say you're logging in externally, do you mean you're using a computer that is not on your network, or are you using a network computer and just putting the external address in your browser?

        Comment


        • #5
          Re: RemoteApp and RD Gateway

          Originally posted by Bertmax View Post
          Certificates for your internal domain name come from your internal CA, as RicklesP suggested. Vendors don't usually sign certs for intranets, as that domain name isn't registered anywhere outside the domain, and therefore cannot be validated. You'll need to create a self-signed cert for internal use and use the other for external.

          As for what's happening when you try to install your cert, I'm afraid I couldn't say. Why it would be requesting an internal cert when you are logging in from outside the domain is beyond me. You're absolutely sure you're hitting the external address and not internal? Also, when you say you're logging in externally, do you mean you're using a computer that is not on your network, or are you using a network computer and just putting the external address in your browser?
          I'm 100% sure i'm hitting the external address (remote.domain.com). When i say logging in externally i mean i'm on my home network (as opposed to works) with a laptop that isnt on a domain.

          Comment

          Working...
          X