Remote Desktop Gateway Certificate


Hi Mike

I have set up a test environment for a new server build at my wife’s business using Server 2016 with the Essentials role and the trial of WSE RemoteApp 2016

When I try to connect from outside, the RDP Gateway wants to use the self signed certificate, instead of the LetsEncrypt one I installed. From inside, it just sits after login credentials entered.

Is that something the RemoteApp installer should have changed, or how can I change it? Everything I find on the web about changing certificate assumes the Remote Desktop Services role is installed, which I don’t have.

Anywhere Access configured and working with correct certificate.

Should I run the RemoteApp installer again?


  • You must to post comments.
Good Answer

AFAIK, WSE RemoteApp shouldn’t have anything to do with the behavior that you’re seeing there (i.e. I’ve never come across a case where it has).

Did you set up your Let’s Encrypt SSL certificate by following the steps that I’ve listed here:

How To Manually Set Up A Custom / Vanity Domain Name In Windows Server Essentials

Also, you may want to make sure that your SSL certificate is properly configured on your Essentials server, by taking a look at the answer that I’ve posted on this one:

SSL Certificate Error – Mismatched Address

  • You must to post comments.

I did not follow your guide, I used Mariëtte Knap’s guide as I am testing exchange as well. Forgot to mention that originally. I seem to have a cert working correctly for both remote. and mail. , which are on separate VMs. This cert stuff is new to me.

I am not thinking RemoteApp is causing the behaviour. Because your RemoteApp description says “ with your server just as it comes straight out-of-the-box. It does not install any of the Remote Desktop Services (RDS) server roles ..” I hoped you would have some insight as everything on the web about changing cert bound to RDP assumes you have RDS role running.

I will look over your guide in detail later tonight.

Given these are VMs in a test environment, I am not opposed to wiping and starting from scratch.

Do you have any thoughts on changing the RDS cert from self signed to the LetsEncrypt one, both already installed?

  • You must to post comments.

While I personally avoid anything to do with cloud like the plague, one place that I’ve relented is with email. I seriously doubt that I’d ever feel comfortable attempting to run an on-premise Exchange server (and especially not along with an Essentials server anyway). I’d much rather use a hosted Exchange service (such as Office 365, etc.) for my email, rather than trying to deal with all of the complexities, and security risks, involved with running my own on premise Exchange server. Thus, I’m not going to be able to give you any guidance in that area I’m afraid (and I have no idea if doing so is even compatible with the Anywhere Access/Remote Web Access feature of Windows Server Essentials or not).

However, I can tell you that if you’ve installed any of the RDS server roles on your Essentials server (RDSH, RDWA, etc., etc.), then doing that is NOT compatible with Essentials. IMHO, if you’ve (ever) installed any of the RDS roles on your Essentials server, then you’d be MUCH better off just nuking the VM and starting over from scratch again. Other than that, if you didn’t install any of the RDS roles on your Essentials server, then there should be no problem at all with switching over from using a self-signed cert to a proper one from Let’s Encrypt by simply following my guide (seeing as the RWA set up wizard in Essentials will handle all of the SSL cert configuration, RD Gateway configuration, etc. for you).

Good luck!

  • You must to post comments.

I’m on the fence at the moment re exchange vs 365. Having said that, I have it working correctly. I have a registered domain we don’t use, so I am testing with it before finalizing what I want to deploy in production to replace our SBS 2008 machine.

I have never installed any on the RDS components, the only remote role that is installed is Remote Desktop Gateway, which I assume the Anywhere Access wizard did.

I did see some things after reading your guide again that look interesting and I will play with them later tonight.

‘Thanks for your help

  • You must to post comments.
Showing 4 results
Your Answer
Post as a guest by filling out the fields below, or you may to post using your existing user account (register to create a user account if you do not already have one). Guest's questions will be moderated before being posted. NOTE: Your email address will not be published, nor will it be used for marketing purposes, etc. (as per our privacy statement).
Answer Details*
File Name Size
There are currently no files uploaded.
Maximum number of files 4, maximum file size 5MB.
Supported file formats: gif jpeg jpg png

Featured Questions

Recent Questions & Answers

Q&A Toolbox