How to Assign an Existing SSL Certificate to Remote Desktop Gateway in SBS2011

May 24th, 2011 by Paul Sterley | Filed under In the Windows Box, Windows Server.

You may receive the following message when you try to connect to a company workstation using Remote Web Workplace on SBS 2011:
“This computer can’t connect to the remote computer because no certificate was configured to use at the terminal services gateway server.”

There are a number of possible causes for this error, but in this case, we were NOT using the self-signed certificate, and had carried over the SSL certificate from a previous server and manually added it to the SSL site bindings in IIS Management.

In order to eliminate the error, we needed to tell Remote Desktop Gateway which SSL certificate to use. I found a handy help topic in SBS for this. But first we had to find Remote Desktop Gateway Manager.

It’s not installed by default. First you have to go into Server Manager and “Add Feature”. It’s under Remote Server Administration Tools -> Role Administration Tools -> Remote Desktop Services Tools. Check the box for

“Remote Desktop Gateway Tools”.
Then it appears in Server Manager under Roles -> RD Gateway Manager.

Here’s the SBS help topic:

Select an Existing Certificate for Remote Desktop Gateway
After you obtain and install a certificate for the RD Gateway server, you must map the certificate to the RD Gateway server by using Remote Desktop Gateway Manager. If you map an RD Gateway server certificate by using any other method, RD Gateway will not function correctly.

Note:
This procedure is not required if you created a self-signed certificate for RD Gateway.

To import the Remote Desktop Gateway certificate:

  1. On the RD Gateway server, open Remote Desktop Gateway Manager. To open Remote Desktop Gateway Manager, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Gateway Manager.
  2. In the Remote Desktop Gateway Manager console tree, right-click the local RD Gateway server, and then click Properties.
  3. In the Properties dialog box for the RD Gateway server, on the SSL Certificate tab, click Select an existing certificate from the RD Gateway <RD Gateway Server Name> Certificates (Local Computer)/Personal store, where <RD Gateway Server Name> is the name for the computer on which the RD Gateway server is running.
  4. Click “Import Certificate”.
  5. In the Import Certificate dialog box, click the certificate that you want to use, and then click Import.
  6. Click OK to close the Properties dialog box for the RD Gateway server.

If this is the first time that you have mapped the RD Gateway certificate, after the certificate mapping is completed, you can verify that the mapping was successful by viewing the RD Gateway Server Status area in Remote Desktop Gateway Manager. Under Configuration Status and Configuration Tasks, the warning stating that a server certificate is not yet installed or selected and the View or modify certificate properties hyperlink are no longer displayed.

Tags:

«
»

4 Responses to “How to Assign an Existing SSL Certificate to Remote Desktop Gateway in SBS2011”

  1. Dunedin IT | 10/08/11

    Thanks for this, it was the missing link!

    Jamie

  2. Jussi Palo | 3/11/11

    Thanks! Finally got my WHS 2011 RD Gateway working.

  3. Allan | 21/01/12

    I cannot express how thankful I am for your clear and concise solution to a problem that has been bugging me for weeks. I now have a functional Remote Desktop to my server!! Many, many thanks.

  4. Greg | 17/02/12

    You are the man!

Share Your Thoughts