Certificate warning when connecting to remote desktop server via mstsc.exe
all servers are 2016 and client windows 10
I have been reading a lot of possible solutions, but they all seem like hacks i.e. reg entries etc, but the correct way to go seems to be use internal CA.
here what I've tried so far, I'm sure I'm missing a few things
We have in our RDS set up the following
RDSH 1 -app1
RDSH 2 -app2
RDConnection Broker -GB
RD Gateway-GB
RDWeb-GB
Domain controller -DC
Using port forward 443 dns ip to Connection Broker through gateway and using mstsc.exe (remote desktop connection) (not using rdweb) also this uses a wildcard cert for the external FQDN name
On the domain controller we have DNS RDSCollectionName pointing to -GB (connection Broker)
when connecting internally and externally we get certificate warning (as we are using .local domain i think this is the reason)
i have installed a CA on the GB server and configured an RDPAuthentication template and applied it to the remote desktop group policy on DC server
This part below is the group police settings to Replace RDP Default Self Sign Certificate, with the CA
1.Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Server Authentication Certificate Template and entered the Template Name that I created called RDPAuthentication
2.Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require use of specific security layer for remote (RDP) connections and change the Security Layer to SSL
Test Laptop has received group policy checked, using RSOP on the test laptop
in certificates on the laptop I don't see the certificate anywhere???
I'm still getting the same error.
In GB Server the CA, i can see in the CA Console, that App2 one of the session hosts had been issued the certificate 'RDPAuthentication'. but no other servers or laptops.
I'm assuming here that i should see the laptop in here also
Have I missed a step somewhere, Could someone can assist, not much hair left as it is.
james