mtol20mtol20

mtol20mtol20

0p

3 comments posted · 10 followers · following 0

287 weeks ago @ Derek Seaman's Blog - Create Trusted Remote ... · 0 replies · +1 points

tried: wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="222779121ab46b5e5a1188c9f75e4fb4381f454"}
Comes back with: Updating property(s) of '\\SRV1\root\CIMV2\TerminalServices:Win32_TSGeneralSetting.TerminalName="RDP-Tcp"'
ERROR:Description = Invalid parameter

Can Someone help me with this.

287 weeks ago @ Derek Seaman's Blog - Create Trusted Remote ... · 0 replies · +2 points

On the RDS hosts i can see that CA assigned Remote desktop Computer certificate is in the local store. But when i query WMI the thumbprint of the SSLCertificateSHA1Hash points to a self signed certificate and not to the certificate that has been auto enrolled. The think this is also a problem.

I tried: $path = (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path
Set-WmiInstance -Path $path -argument @{SSLCertificateSHA1Hash="222779121ab46b5e5a1188c9f75e4fb4381f454"}
But it this comes back with: Set-WmiInstance : Invalid parameter At line:2 char:1
+ Set-WmiInstance -Path $path -argument @{SSLCertificateSHA1Hash="222779121ab46b5e ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Set-WmiInstance], ManagementException
+ FullyQualifiedErrorId : SetWMIManagementException,Microsoft.PowerShell.Commands.SetWmiInstance

287 weeks ago @ Derek Seaman's Blog - Create Trusted Remote ... · 2 replies · +2 points

Hi, I'm trying to get my RDS certificate problem solved but after several hours of troubleshooting i'm reaching out for help.
I have four 2012 servers with RDS roles.

SRV1 is RDS Session Host
SRV2 is RDS Session Host
SRV3 Is Connection Broker
SRV4 with roles: RDGateway and RDWEB

internal.domain.local
extrenal.domain.nl
Wildcard certificate on all rds roles for external domain.nl
Internal ca with certificate based on Remote Desktop Authentication (1.3.6.1.4.1.311.54.1.2)

I can get to https://rdweb.external.domain.nl and see all rds rdweb apps without certificate warnings.
When I start the app I get: name mismatch, request remote computer:srv1.internal.domain.nl, name in certificate from remote computer: *.external.domain.nl

I tink i made a mistake assigning all rds roles to the external certificate, but i can not figure out a way to change this to the certifacate that my internal ca gave to my srv3.

The RDS role wizard lets me change the certificate using a pfx where i can only export the existing certificate to a cer file without the private key. This can not be imported in the rds role wizard.