RDS, RDWeb, and RemoteApp: How to use public certificate for launching apps on session host?
Posted
by
Bret Fisher
on Server Fault
See other posts from Server Fault
or by Bret Fisher
Published on 2013-07-17T16:22:14Z
Indexed on
2014/06/04
3:27 UTC
Read the original article
Hit count: 602
Question: How do i tell RDWeb to launch apps from remote.domain.com rather then host.internaldomain.local?
Environment:
Existing org with AD forest. New single Server 2012 running all Remote Desktop Services roles for session host. Used the new 2012 wizard to setup "QuickSessionCollection" with roles:
- RD Session Host
- RD Connection Broker
- RD Gateway
- RD Web Access
- RD Licensing
Everything works with self-signed cert, but we want to prevent those.
The users are potentially non-domain machines so sticking a private root cert for on their machines isn't an option. Every part of the solution needs to use public cert.
Added public remote.domain.com cert to all roles using Server Manager GUI:
- RD Connection Broker - Enable Single Sign On
- RD Connection Broker - Publishing
- RD Web Access
- RD Gateway
So now everything works beautifully except the last step:
- user logs into https://remote.domain.com
- user clicks a app icon, which in background downloads a .rdp file that is signed by remote.domain.com.
- .rdp is set to use RD Gateway, which is remote.domain.com
- .rdp says app is hosted on internal host.internaldomain.local, which doesn't match the RDP-tcp TLS cert of remote.domain.com, and pops a warning.
It's this last step that I'd like to fix. Is there a config option in PowerShell, WMI, or .config to tell RDWeb/RemoteApp to use remote.domain.com for all published apps so the TLS cert for RDP matches what the Session Host is using?
NOTE: This question talks about this issue, and this answer mentions how you might fix it in 2008, but that GUI doesn't exist in 2012 for RemoteApp, and I can't find a PowerShell setting for it.
NOTE: Here's a screenshot of the setting in 2008R2 that I need to change. It tells RemoteApp what to use for the Session Host server name. How can I set that in 2012?
© Server Fault or respective owner