- This topic has 22 replies, 4 voices, and was last updated 4 years, 1 month ago by Falkenberg.
-
AuthorPosts
-
June 12, 2019 at 1:49 pm #50000
We have bought a wildcard certificate I can use, as far as I know.
Just assumed I could test things out seeing the RDP desktop and so on before building the “big setup”.
I will check the guide (I have a lot of tabs open anyway about this) 😀
It seems some things has changed since 2012R2, but I’m not sure.
The “Be aware that you will probably not be able to order a Publicly signed certificate with .local domain names as SAN DNS entries, so Internal clients will need to be able to resolve the Public DNS name and get the Internal IP (Split DNS).” part I’ll have to read a bit about.
June 12, 2019 at 1:58 pm #50005This process: https://msfreaks.wordpress.com/2018/10/06/step-by-step-windows-2019-remote-desktop-services-using-the-gui/ looks almost the same as for 2012R2.
It also covers the Split DNS issue and Redundant Brokers, in case you need that./Frank
June 12, 2019 at 2:05 pm #50006I’ve already have this open.
When it mentioned SQL I didn’t follow the whole guide to the dot.
I guess I must look through that guide more thoroughly 🙂
June 12, 2019 at 2:09 pm #50007Just noticed that the SQL installation for Redundant Brokers is not itself redundant, so you are just moving single-point-of-failure to the SQL instance.
And it is a Lab guide – You should not install SQL Server on a DC in real life.
Also be careful when setting up Split DNS, you are changing the way Internal clients resolve your Public domain name hosts, so it can cause a lot of issues of you don’t do it correctly and cover all public hostnames.
/Frank
June 12, 2019 at 2:12 pm #50008The SQL on DC is mentioned 🙂
The Split DNS sounds fun….. 🙂
Regarding the Redundant Brokers with SQL sounds like I don’t need it then (?)
June 12, 2019 at 2:24 pm #50009To me, Redundant Brokers only makes sense if you also have Redundant SQL Servers.
Yes, the need for Split DNS is an unfortunate side-effect of the way the Certificates are used for validating the hostnames. I don’t know of any way around that when you are running the RDS Infrastructure in-house.
Some Routers/Firewalls support “Hairpinning”, where Internal clients can use the External IP for Internal resources, but I would not rely on that.
/Frank
July 24, 2020 at 6:41 pm #52676I am getting a certificate common name error as well. The broker server is actually cloud based web client. Is this possible?
Certificate common name is bad. I have added the cert as required from Microsoft but the error persists.
August 3, 2020 at 1:26 pm #52725Hi
I can’t recall this 100% but as far as I can recall I think my issue was using a self-made certificate.
When I started using our bought certificate I guess things worked out.
But it’s a year ago, so as mentioned – I can’t recall it 100%.
-
AuthorPosts
- You must be logged in to reply to this topic.