"Certificate common name is bad" trying to log in RDS on Server 2019

Viewing 8 posts - 16 through 23 (of 23 total)
1 2
  • Author
    Posts
  • June 12, 2019 at 1:49 pm #50000
    Falkenberg
    Participant
    • Total Post: 13
    • Regular Joe
    • ★★

    We have bought a wildcard certificate I can use, as far as I know.

    Just assumed I could test things out seeing the RDP desktop and so on before building the “big setup”.

    I will check the guide (I have a lot of tabs open anyway about this) 😀

    It seems some things has changed since 2012R2, but I’m not sure.

    The “Be aware that you will probably not be able to order a Publicly signed certificate with .local domain names as SAN DNS entries, so Internal clients will need to be able to resolve the Public DNS name and get the Internal IP (Split DNS).” part I’ll have to read a bit about.

    June 12, 2019 at 1:58 pm #50005
    Frank.DK
    Participant
    • Total Post: 27
    • Regular Joe
    • ★★

    This process: https://msfreaks.wordpress.com/2018/10/06/step-by-step-windows-2019-remote-desktop-services-using-the-gui/ looks almost the same as for 2012R2.
    It also covers the Split DNS issue and Redundant Brokers, in case you need that.

    /Frank

    June 12, 2019 at 2:05 pm #50006
    Falkenberg
    Participant
    • Total Post: 13
    • Regular Joe
    • ★★

    I’ve already have this open.

    When it mentioned SQL I didn’t follow the whole guide to the dot.

    I guess I must look through that guide more thoroughly 🙂

    June 12, 2019 at 2:09 pm #50007
    Frank.DK
    Participant
    • Total Post: 27
    • Regular Joe
    • ★★

    Just noticed that the SQL installation for Redundant Brokers is not itself redundant, so you are just moving single-point-of-failure to the SQL instance.

    And it is a Lab guide – You should not install SQL Server on a DC in real life.

    Also be careful when setting up Split DNS, you are changing the way Internal clients resolve your Public domain name hosts, so it can cause a lot of issues of you don’t do it correctly and cover all public hostnames.

    /Frank

    June 12, 2019 at 2:12 pm #50008
    Falkenberg
    Participant
    • Total Post: 13
    • Regular Joe
    • ★★

    The SQL on DC is mentioned 🙂

    The Split DNS sounds fun….. 🙂

    Regarding the Redundant Brokers with SQL sounds like I don’t need it then (?)

    June 12, 2019 at 2:24 pm #50009
    Frank.DK
    Participant
    • Total Post: 27
    • Regular Joe
    • ★★

    To me, Redundant Brokers only makes sense if you also have Redundant SQL Servers.

    Yes, the need for Split DNS is an unfortunate side-effect of the way the Certificates are used for validating the hostnames. I don’t know of any way around that when you are running the RDS Infrastructure in-house.

    Some Routers/Firewalls support “Hairpinning”, where Internal clients can use the External IP for Internal resources, but I would not rely on that.

    /Frank

    July 24, 2020 at 6:41 pm #52676
    [email protected]
    Participant
    • Total Post: 1
    • Newbie

    I am getting a certificate common name error as well.  The broker server is actually cloud based web client.  Is this possible?

    Certificate common name is bad.  I have added the cert as required from Microsoft but the error persists.

    August 3, 2020 at 1:26 pm #52725
    Falkenberg
    Participant
    • Total Post: 13
    • Regular Joe
    • ★★

    Hi

    I can’t recall this 100% but as far as I can recall I think my issue was using a self-made certificate.

    When I started using our bought certificate I guess things worked out.

    But it’s a year ago, so as mentioned – I can’t recall it 100%.

  • Author
    Posts
Viewing 8 posts - 16 through 23 (of 23 total)
1 2
  • You must be logged in to reply to this topic.