26 August 2010

RDS Gateway Certificate troubleshooting "certificate subject name do not match"

I tried for a few hours to figure out why my sessions could not authenticate.

I kept on getting prompted for credentials.  I figured it was an issue with the certificate I was using so I switched them around.  This I was sure was going to work but then I got another error.

“This computer can’t connect to the remote computer because the Terminal Services Gateway server address requested and the certificate subject name do not match. Contact your network administrator for assistance.”

This allowed me to find this this article  --- EVENTUALLY  http://blogs.msdn.com/b/rds/archive/2008/12/18/ts-gateway-certificates-part-iii-connection-time-issues-related-to-ts-gateway-certificates.aspx

In my case my certificate I retrieved form our internal CA  only had a  "User Principal Name" specified for the Subject Alternative name and not a "DNS name"

The article does not mention this explicitly - I just spotted it by going through my cert.  The big problem is this it worked for everything other then using the gateway.  Single Sign on worked - sessions worked.

Just goes to show  - certificate can be a problem if they are not EXACTLY right.

1 comment:

Luigi Mazzoli said...

What should be the best way to generate a self signed cert with different common name including del local AD domain name (es: servername.contoso.local) and the external fqdn (es: remote.sitename.info) ? In SBS there is an internet connection wizard to create the right certificate, how do you do it in server 2008 R2? Will be nice to provide a single
certificate that will fits the TS gateway and RD Web.

Post a Comment