RDSFARM: Certificate errors when using .local or similar AD names…and the fix :-)

When setting up RDS farms, you can setup your workspaceid, to match your FQDN, and then buy a certificate, that matches that, to your broker – fair enough, but when the broker redirects to your RDS Hosts, you will eventually, get a certificate error, because the RDS host use a self-signed .local certificate. So you may then think, let’s go and install a real certificate on our RDS host, then you ex. get that rdsh01.domain.local does not match certificate *.domain.com šŸ™

They can easily be solved by implementing “Disjoint namespace”, that in short does that you can use your real certificate on the server, even though it’s joined to a .local AD šŸ™‚

So:

– Join then server to your AD
_ Go into the settings for the domain on the server and change the DNS Suffix, so instead of rdsh01.domain.local, write rdsh01.domain.com, after this, it’s still domain joined, but you can install a real certificate on the server šŸ™‚

Fully supported by Microsoft, here is an article about it and it’s pro’s and con’s:

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/disjoint-namespace

Tested pĆ„ RDS/WIN 2019 OK šŸ™‚

 

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close