Configuring RDS 2012 TLS Certificate

I was working on a deployment of Windows 2012 R2 RDS, where i have couple of servers participating in a session host pool (Collection), one server acting as a broker, and a TS Licensing server.

I have two Session Host servers (SRV1 and SRV2), so i have created two DNS records, both with the same Host Name ( Apps.contoso.com) and each one pointing to one of the Session Host servers (DNS Load Balancing).

The problem is that when users are connecting to (Apps.contoso.com), they are getting some certificate warning regarding certificate name mismatch.

 

RDS TLS

This is because the Session Host servers will generate self signed certificate with the name of the session host server, and not (Apps.contoso.com).

So i have created a digital certificate with subject name (Apps.contoso.com), i installed on on SRV1 and SRV2, and i could not find any place to instruct the session host servers to use my certificate, not the self signed one.

Then i found the solution:

  • Install the Apps.contoso.com certificate on SRV1 and SRV2 ( which are the session host servers), and take note of the thumbnail of the certificate.
  • On each session host server, open PowerSehll using Admin credentials, and type :

$path = (Get-WmiObject -class “Win32_TSGeneralSetting” -Namespace root\cimv2\terminalservices -Filter “TerminalName=’RDP-tcp'”).__path 

Set-WmiInstance -Path $path -argument @{SSLCertificateSHA1Hash=”‎Thumnail”} 

Note: replace Thumbnail with your custom certificate thumbnail

  • Restart both servers
  • Use this command to get the certificate hash being used already

wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Get SSLCertificateSHA1Hash

  • Or you can use this command to do it in one command:

wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash=”Thumnail”

One comment on “Configuring RDS 2012 TLS Certificate

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s