I am trying to set up a proof-of-concept demo for deploying applications via RemoteApp, the application-streaming-over-RDP stuff in Windows Server 2008.
The TS Gateway server (call it srv-web) and the box hosting the applications (call it srv-app) are two different boxes.
The connections need to come through a TS Gateway server over HTTPS, as srv-app is on an internal LAN behind NAT.
Only srv-web is exposed to the internet, and only port 443 (HTTPS) is open.
If I ignore/accept the various warnings, the connection works perfectly well.
The object here is to get things working as smoothly as possible for our clients.
I have an SSL certificate installed on both srv-web and srv-app. srv-web is set up to use it for TS Gateway, and that works fine. The CN of the certificate matches the external public hostname.
The warning I am getting is as follows (I have doctored the real hostname out of the screenshot)
My question, I suppose, is how to I choose the SSL certificate srv-app uses to provide proof of its identity to connecting clients?
EDIT: I found where to set this – it's in Remote Desktop Session Host Configuration -> RDP-Tcp properties, general tab at the bottom.
However I have another problem, somewhat predictably I now have a mismatched server name:
I suspect this is going to require a topology change somewhere. Feedback from someone who's already done this would be great.
EDIT 2: I have worked around this by setting the following option in Custom RDP Settings.
authentication level:i:0
However this isn't a satisfactory solution as it is just disabling the check. I would still appreciate any more feedback on this.
Many thanks.
Best Answer
go to your rdp-tcp properties and choose the general tab-->and select your external cert at the bottom of the properties sheet. This will allow all communication to be based on the external cert instead of a mismatch when rdp uses the default internal for the server itself