Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

The identity of the remote computer could not be verified

RRAS, VPN, TS/RDP, Routing and remote Access.

The identity of the remote computer could not be verified

Postby guest » Wed Dec 19, 2012 12:31 pm

I'm having a strange issue with my UAG SP1 Update 1.

I have a few Remote Desktop Connection (Predefined) that I'm testing with. I have tried both the IP address and the FQDN name.

Whenever I try and connect to the servers via the UAG portal I am told that 'the identity of the remote computer cannot be verified. Do you want to connect anyway?'

The strange thing is all our servers are signed by our internal enterprise issuing CA but the certificate warning is coming up for a self signed certificate that I cannot find in the local computer's certificate store.

I'm not sure where this self signed certificate is coming from or why its being used rather than the personal certificate issued via auto enrollment from our issuing CA.

All servers internally, in the DMZ and the client I am testing with have our root CA certificate in the Trusted Root store.

If I connect directly to one of these servers from my Windows 7 client I can authenticate and login without any warnings about the server's identity. If I check the local computer certificate store I can see a 1 year client\server authentication certificate issued by our internal issuing CA.

But for whatever reason when connecting via the UAG Remote Desktop Gateway I am presented with a self signed certificate.

The portal trunk I am using is signed externally by Entrust - portal.xxx.com. The RD Gateway Manager is signed with this same certificate. This public certificate is a SAN cert with our public DNS name -- portal.xxx.com and the name of the UAG server - uagserver.is.xxx.com

What have I missed?


Thanks!
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Re: The identity of the remote computer could not be verified

Postby guest » Wed Dec 19, 2012 12:31 pm

I managed to resolve the problem.

I thought the issue may be due to the public certificate that was associated with the RD Gateway Manager service, so I requested and issued a certificate from our internal PKI and now Remote Desktop sessions are working without any certificate prompting.

All good!

Moral of the story -- don't use a public certificate for your RD Gateway Manager.
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Re: The identity of the remote computer could not be verified

Postby guest » Wed Dec 19, 2012 12:32 pm

Ok scratch that previous post. The issue is still occuring. Not sure why it went away.


I'm still looking for an answer here.... Anybody got any ideas why RD gateway appears to generate a self signed certificate for each remote desktop connection via the UAG?
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Re: The identity of the remote computer could not be verified

Postby guest » Wed Dec 19, 2012 12:34 pm

Ok I finally managed to get to the bottom of this.

By default on servers you are connecting to the Remote Desktop Session Host service will use 'Auto generated' certificates.

I changed this default behaviour by defining the following group policy to 'Machine' templates:

Compute Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Server Authentication Certificate Template

This changed the Session Host certificate policy to 'Group Policy based certificate' and forced the session host service to always use my internally signed certificate.

You can also manually select a certificate but obviously this will not work well in large environments.

I do not know why using the RDS Gateway service through the UAG externally causes the RDS session host to generate a self signed certificate, while when accessing the server directly from the UAG, it used the correct internally signed certificate.

It could be that the certificate validity could not be checked externally. Once I publish our CRL externally I will retest.

At least now I have a fix.
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Re: The identity of the remote computer could not be verified

Postby chicagotech » Wed Dec 19, 2012 1:01 pm

Microsoft has some articles talking about this issue. Quoted from “Unknown Publisher”? Where did this dialog box come from? – http://blogs.technet.com/b/askperf/arch ... -from.aspx
“The first question that I am asked is usually “What is this prompt? It looks scary and makes me think I clicked on something I shouldn’t have!” Don’t worry, you didn’t do anything wrong, this new prompt is a security feature that is in the latest RDP clients, and once you understand what exactly is going on, it is not all that scary. To translate what this dialog is really trying to tell you, I could put it like this: “The Remote Desktop client cannot verify that the computer you are connecting to is really who it claims to be. Don’t connect unless you trust the website that you visited.” If you arrived at this web page because you were given the link by someone you trust (for example, your company web administrator) then it is normally safe to go ahead and click the Connect button. If you do not trust the website you visited and did not click on a link that generated this dialog, then don’t click the Connect button. See, I told you it wasn’t really that scary!

The second question that I am usually asked is something like this: “How do I get rid of this thing? It’s annoying and I don’t like it.” The short answer is that you can’t get rid of it, not without a little help from the web server administrator. The prompt will always show because the Remote Desktop Client always assumes the server that you are connecting to is unsafe unless it can verify its identity. That is where your IT or Web administrator comes in”.
Then, how to fix it? Please follow this link: http://blogs.technet.com/b/askperf/arch ... t-two.aspx:
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 6995
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Re: The identity of the remote computer could not be verified

Postby blin » Sat Sep 16, 2017 2:35 pm

This is certificate issue. please check this page:
Many Obstacles in Publishing RemoteApps to the Internet in ...
Jan 5, 2014 ... To resolve this issue you have to change the RD Gateway name in ... “The computer can't verify the identity of the RD Gateway “Server Name”.
https://social.technet.microsoft.com/.. ... ublishing- remoteapps-to-the-internet-in-windows-server-2012.aspx
How to Configure and Troubleshoot Cisco
http://www.howtocisco.com

Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com
blin
Site Admin
 
Posts: 3641
Joined: Wed Dec 31, 1969 7:00 pm
Location: Chicago, USA


Return to VPN, TS and Remote Access

Your Ad Here

Who is online

Users browsing this forum: No registered users and 4 guests