RDS broker certificate warning

%3CLINGO-SUB%20id%3D%22lingo-sub-1480680%22%20slang%3D%22en-US%22%3ERDS%20broker%20certificate%20warning%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1480680%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20establishing%20a%20multiserver%20RDS%20setup.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAll%20users%20are%20domain%20users%2C%20but%20most%20clients%20are%20non-domain%20Windows%20and%20Macs%2C%20so%20I%20have%20a%20public%203rd%20party%20SAN%20certificate.%20It%20is%20not%20a%20.local%20domain.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20SAN%20certificate%3C%2FP%3E%3CP%3ESubject%3A%20desktop.mydomain.com%3C%2FP%3E%3CP%3ESAN%3A%3C%2FP%3E%3CP%3Erdsgateway.mydomain.com%20(gateway%20and%20web%20access%20server)%3C%2FP%3E%3CP%3Erdsbroker.mydomain.com%20(broker)%3C%2FP%3E%3CP%3Erds1.mydomain.com%20(desktop%20host)%3C%2FP%3E%3CP%3Erds2.mydomain.com%20(desktop%20host)%3C%2FP%3E%3CP%3Erds3.mydomain.com%20(desktop%20host)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20attached%20the%20SAN%20certificate%20to%20all%20roles%20in%20the%20deployment%20properties%2C%20and%20they%20all%20have%20a%20level%20of%20Trusted%20and%20status%20OK.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EStill%2C%20when%20i%20open%20the%20desktop%20collection%20rdp%20file%20in%20RDweb%2C%20i%20am%20prompted%20to%20accept%20the%20certificate%20for%20rdsbroker.mydomain.com.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1480680%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Ecertificate%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ERD%20WEB%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ERDP%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Erds%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EServer%202019%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Visitor

I am establishing a multiserver RDS setup.

 

All users are domain users, but most clients are non-domain Windows and Macs, so I have a public 3rd party SAN certificate. It is not a .local domain.

 

The SAN certificate

Subject: desktop.mydomain.com

SAN:

rdsgateway.mydomain.com (gateway and web access server)

rdsbroker.mydomain.com (broker)

rds1.mydomain.com (desktop host)

rds2.mydomain.com (desktop host)

rds3.mydomain.com (desktop host)

 

I have attached the SAN certificate to all roles in the deployment properties, and they all have a level of Trusted and status OK.

 

Still, when i open the desktop collection rdp file in RDweb, i am prompted to accept the certificate for rdsbroker.mydomain.com. It is the correct certificate (desktop.mydomain.com) but it does not seem to accept the alternate name rdsbroker.mydomain.com.

 

0 Replies