As you may or not may be aware, SSL certificates as not applied to
RDS Session Hosts server in a RDS2012 collection when you deploy via GUI
(or PS). Or Server 2012 R2 for that matter. And there is no way to add
this via the RDS 2012 management GUI.
This results in a annoying certificate error when trying to connect to it through the RDS Gateway. To solve this problem, we need to add the certificate manually. I only have 2 Session Hosts for now, so automating the process is overkill. Manually is the way here, but since you see the steps it’s pretty easy to automate.
Start by opening the mmc console
Add the Certificates snap-in at the local computer
Go to Certificates – Personal. And initiate an import.
Add your certificate (I use an wildcard certificate with added internal SAN. Eg. *.domain.com and *.sub.domain.com).
Insert password for your PKI.
Place in default “Personal folder”
Now you need to open the certificate and find the thumbprint. Copy
this, paste in notepad and delete the spaces. You’ll need this string
very soon!
Open up an elevated command prompt and write:
wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash=”PASTE_THUMBPRINT_STRING”
Be careful, ASCII usally adds a sign before the actual thumbprint. Delete this if it appears or you’ll get error.
Verify that the thumb print and SHA1Hash is correct via PowerShell:
Get-WmiObject -class “Win32_TSGeneralSetting” -Namespace root\cimv2\terminalservices -Filter “TerminalName=’RDP-tcp’”
Now you shold be able to log in remotely without getting the annoying certificate error.
This results in a annoying certificate error when trying to connect to it through the RDS Gateway. To solve this problem, we need to add the certificate manually. I only have 2 Session Hosts for now, so automating the process is overkill. Manually is the way here, but since you see the steps it’s pretty easy to automate.
Start by opening the mmc console
Add the Certificates snap-in at the local computer
Open up an elevated command prompt and write:
wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash=”PASTE_THUMBPRINT_STRING”
Be careful, ASCII usally adds a sign before the actual thumbprint. Delete this if it appears or you’ll get error.
Verify that the thumb print and SHA1Hash is correct via PowerShell:
Get-WmiObject -class “Win32_TSGeneralSetting” -Namespace root\cimv2\terminalservices -Filter “TerminalName=’RDP-tcp’”
Now you shold be able to log in remotely without getting the annoying certificate error.
Kommentarer
Skicka en kommentar