Remote Desktop Gateway Certificate
Hi Mike
I have set up a test environment for a new server build at my wife’s business using Server 2016 with the Essentials role and the trial of WSE RemoteApp 2016
When I try to connect from outside, the RDP Gateway wants to use the self signed certificate, instead of the LetsEncrypt one I installed. From inside, it just sits after login credentials entered.
Is that something the RemoteApp installer should have changed, or how can I change it? Everything I find on the web about changing certificate assumes the Remote Desktop Services role is installed, which I don’t have.
Anywhere Access configured and working with correct certificate.
Should I run the RemoteApp installer again?
Ted
- Shim asked 5 years ago
- You must log in to post comments.
AFAIK, WSE RemoteApp shouldn’t have anything to do with the behavior that you’re seeing there (i.e. I’ve never come across a case where it has).
Did you set up your Let’s Encrypt SSL certificate by following the steps that I’ve listed here:
How To Manually Set Up A Custom / Vanity Domain Name In Windows Server Essentials
Also, you may want to make sure that your SSL certificate is properly configured on your Essentials server, by taking a look at the answer that I’ve posted on this one:
- Mike answered 5 years ago
- last edited 5 years ago
- You must log in to post comments.
I did not follow your guide, I used Mariëtte Knap’s guide as I am testing exchange as well. Forgot to mention that originally. I seem to have a cert working correctly for both remote. and mail. , which are on separate VMs. This cert stuff is new to me.
I am not thinking RemoteApp is causing the behaviour. Because your RemoteApp description says “..works with your server just as it comes straight out-of-the-box. It does not install any of the Remote Desktop Services (RDS) server roles ..” I hoped you would have some insight as everything on the web about changing cert bound to RDP assumes you have RDS role running.
I will look over your guide in detail later tonight.
Given these are VMs in a test environment, I am not opposed to wiping and starting from scratch.
Do you have any thoughts on changing the RDS cert from self signed to the LetsEncrypt one, both already installed?
- Shim answered 5 years ago
- You must log in to post comments.
While I personally avoid anything to do with cloud like the plague, one place that I’ve relented is with email. I seriously doubt that I’d ever feel comfortable attempting to run an on-premise Exchange server (and especially not along with an Essentials server anyway). I’d much rather use a hosted Exchange service (such as Office 365, etc.) for my email, rather than trying to deal with all of the complexities, and security risks, involved with running my own on premise Exchange server. Thus, I’m not going to be able to give you any guidance in that area I’m afraid (and I have no idea if doing so is even compatible with the Anywhere Access/Remote Web Access feature of Windows Server Essentials or not).
However, I can tell you that if you’ve installed any of the RDS server roles on your Essentials server (RDSH, RDWA, etc., etc.), then doing that is NOT compatible with Essentials. IMHO, if you’ve (ever) installed any of the RDS roles on your Essentials server, then you’d be MUCH better off just nuking the VM and starting over from scratch again. Other than that, if you didn’t install any of the RDS roles on your Essentials server, then there should be no problem at all with switching over from using a self-signed cert to a proper one from Let’s Encrypt by simply following my guide (seeing as the RWA set up wizard in Essentials will handle all of the SSL cert configuration, RD Gateway configuration, etc. for you).
Good luck!
- Mike answered 5 years ago
- You must log in to post comments.
I’m on the fence at the moment re exchange vs 365. Having said that, I have it working correctly. I have a registered domain we don’t use, so I am testing with it before finalizing what I want to deploy in production to replace our SBS 2008 machine.
I have never installed any on the RDS components, the only remote role that is installed is Remote Desktop Gateway, which I assume the Anywhere Access wizard did.
I did see some things after reading your guide again that look interesting and I will play with them later tonight.
‘Thanks for your help
- Shim answered 5 years ago
- You must log in to post comments.