Hello,
normally we use published applications (remote apps) for our Clients, but we have thinclients which are not capable to use remoteapps, so we need to provide them remote desktop sessions
While we do not want to place more remote desktop session Hosts, we want to run our rdsh as remoteapps and remote Desktop Hosts
So far no Problem
- Remoteapp Clients use RDWeb or RDAC rdp files to access everything. Works flawless, no Problem. Selected certificate for deployment is used for everything.
- Remotedesktop Clients just use our Broker Adress to Access the farm. Works so far...but the Clients throws warnings about the certificate.
-> This can be solved running the following command
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="<hash of our certificate>"
This sets the registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
SSLCertificateSHA1Hash
But if i have this value, i run on remotedesktop Gateway (with Windows Application Proxy) on Error 0x607...so solve this Problem i have to remove this key (see https://social.technet.microsoft.com/Forums/windowsserver/en-US/e0f8f58f-58c9-49fc-9d48-f6bfde830f17/rdweb-authentication-error-0x607 )
But now i have again the untrusted self signed certificates when i connect to the Desktop...so?
I deleted the self signed certificate from the remotedesktop cert store...changes nothing, after reboot it is there again. The certificate i want to use is in the "remotedesktop cert store", the Network Service has access to the private key.
Does anyone know how to prevent the generating the self signed certificate and force the well known certificate not only for remoteapps without the SSLCertificateSHA1Hash key? The certificate i want to use is a SAN certificate which includes the session host Name as fqdn and short name
Thanks in advance.