Problems using wildcard SSL certificate with 2008 TS Gateway

-

i had working in test environment. have 1 2008 terminal server , 1 2008 iis server running ts gateway. had self-signed certificate proper dns name (ts.domain.com) , working fine. purchased wildcard ssl certificate , assigned ts gateway , it's not retaining configuration. whenever try connect error message "this computer can't connect remote computer because no certificate configured use @ terminal services gateway server. contact network administrator assistance."

so here couple oddities can't make heads or tails of, may troubleshooting process:

1) have installed wildcard ssl certificate default website on ts gateway server. that's working properly.

2) in ts gateway manager -> <server> properties -> ssl certificate tab it's set "select existing certificate ssl encryption" yet nothing displayed. click on browse certificates , select wildcard certificate installed on server. reflected on screen , looks good. hit apply , ok. @ point try access remote desktop ts web access same error message before.

3) if restart "terminal services gateway" service, undoes configuration change made in #2 above. shows no ssl certificate selected.

4) found in system event log, apply changes in #2 above, following 2 events alternating 3-4 times:

warning - source: httpevent - event id 15300
ssl certificate settings deleted port : 192.168.100.140:443 .

warning - source: httpevent - event id 15301
ssl certificate settings created admin process port : 192.168.100.140:443 .


what going on here?


yes i've seen article , no of questions. there's nothing wrong the certificate. it's typical wildcard certificate purchased thawte.

i've solved own problem. after bit of testing able consistently reproduce , fix problem. boils down having multiple ip addresses on network adapter, , not using "all unassigned" in http/https bindings in iis. web server multiple websites, of course have multiple ip addresses on box. i have 3 ip addresses on server. default website bound specific ip address, , not "all unassigned". https binding configured same specific address. when configured way, reason when select certificate within ts gateway manager, doesn't work. if restart terminal services gateway service, blows away assigned certificate within tsgm.

to fix issue went iis, modified https binding default website pointing * (all unassigned) opposed specific ip address. once made change, went tsgm , selected same certificate. time worked. restarted service , rebooted server on safe side. everything's working properly.

sounds bug in ts gateway me.

thanks anyways.


Windows Server  >  Remote Desktop Services (Terminal Services)



Comments

Post a Comment

Popular posts from this blog

server manager error: ADAM.events.xml could not be enumerated.

-
firewall off isnt it. rerun ldap wizard:?  why?  will screw exchange server running on machine?  ldap wizard asks questions don't understand. please dont send generic links to: http://social.technet.microsoft.com/wiki/contents/articles/13444.windows-server-2012-server-manager-troubleshooting-guide-part-ii-troubleshoot-manageability-status-errors-in-server-manager.aspx thanks, john hi john, >> ok. server manager app. these questions refer this. nothing else 2.  do need create app dir or not?  this server manager, shouldnt done? (why did break in first place?) how check if app dir exists server manager or not. 3.  if "lightweight" implementation of anything, sure hate see "heavyweight" version. the waring events can't enumerated. , cause not completing configuration of ad lds. ad lds not related server manager. used provide flexible support directory-enabled applications. if not implementing such applications, remove role. her
Read more

Cannot access Anywhere Access using domain name?

-
after installing anywhere access in windows server 2012 essentials r2, cannot use anywhere access using setup domain name in wizard such remote.mydomain.com? if enter public ip address, example, 72.2.34.5 works. before set anywhere access, created a record pointing public address...pinged , worked...so not sure doing wrong?  is wizard supposed create record etc , make remote.mydomain.com work? if enter public ip address while on lan, takes me router webpage.  shouldn't work on lan if accessed via public ip? thank you, tim. the wizard can configure remote.microsoft_names.com  remote.remotewebaccess.com but cannot configure domains purchased outside wizard.  depends on how domain configured if wildcard.yourdomain.com should work  if try ping remote.your_domain.com afar , not give proper  public ip, need add record mariette said. much have record domain.com www.domain.com , if have website somewhere else www.domain.com , need remote.domain.com go box gr
Read more

WMI Failure: Unable to update Local Resource Group

-
Image
hi i have windows server 2008 r2 enterprise terminal services installed. this has been working fine, unable add new computers local computer groups policy on rd gateway manager i following error wmi failure: unable update local resource group  just confirm on , resource authorization policies then manage local computer groups hi hussain, posting in windows server forum. firstly please let know, did find particular event log issue? please ensure have configured rap settings correctly , set correct value , permissions rap.xml file , rapstore registry key. please check below thread more details. 1. wmi failure- unable create resource access policy (answered clarence) 2. event id 543 — rd gateway server configuration 3. event id 642 — rd gateway server availability hope helps! thanks, dharmesh Windows Server
Read more