søndag den 19. august 2012

Windows Server 2012 (Server 8) Remote desktop Certificate

Oh, this one was a pain in to get though.
When you install Windows Server 2012 and configure Remote Desktop, everything goes though a nice and simple guide, and everything works perfectly except one very important part. Clients will keep getting popups about certificate is not trusted or computer name does not match, once the Service broker redirect the user to the RD session host server.

Goggling this will give you nothing. I saw one post from a Microsoft guy saying this is not a problem on windows 8, and there will be a “patch” for windows 7 later this year, but who the hell wants to wait on a patch ?

in Windows 2008/2003 you could just open (Remote Desktop Session Host Configuration) tsconfig.msc and set it there, or you could use PowerShell

Set-Item RDS:\RDSConfiguration\Connections\RDP-Tcp\SecuritySettings\SSLCertificateSHA1Hash -Value $ThumbPrint

But the PS Drive RDS: does not exist in the RemoteDesktopServices module shipped with Server 2012. After ton of goggling I finally found a solution


$pass = ConvertTo-SecureString "PfxPassword" -AsPlainText -Force
Import
-PfxCertificate -FilePath '\\rdgw01\c$\wild.domain.com.pfx' -Password $pass -CertStoreLocation cert:\localMachine\my
$path = (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path
Set
-WmiInstance -Path $path -argument @{SSLCertificateSHA1Hash="thumbprint"}