Jump to content
RESET Forums (homeservershow.com)

Weird Remote desktop problem, any ideas?


Pancakes
 Share

Recommended Posts

I have Windows Server 2012E with the Remote Access setup, so I can RDP using the gateway

 

I recently got a new laptop that doesn't have Windows 8.1 PRO on it, but just Home Edition. I figured I would leave it because there is no real need for Pro, as I don't really NEED it to be connected to my home Domain.

 

When I got to work I remoted to a VM, and it worked just fine using the RD Gateway in 2012 as it should. 

However when I got home, I got the following certificate error 

 

http://i.imgur.com/sgkWScX.png

 

so from remote it works, and then locally it doesn't. Even though the "Bypass RD Gateway on local connections" is ticked. Just typing in the PC name with no gateway configured works just fine.

 

Its not just this PC, as I made a VM and it gave the same error, and then once it was connected to the domain it works just fine 

 

Does anyone have any ideas on how to get this to work without just upgrading to Pro? I would like to solve the root problem 

 

 

Link to comment
Share on other sites

Why are you trying to go outside the LAN to come back in? This could be a limitation of your router.

Link to comment
Share on other sites

Why are you trying to go outside the LAN to come back in? This could be a limitation of your router.

 

I'm not, the box to skip the gateway is ticked. And the router is not the problem, as a domain machine works just fine

Link to comment
Share on other sites

The image you posted is not an "error", just a warning, if I read that correctly.  Probably form a self signed cert.  What security programs are in place?  Have you tried disabling that AV programs(s) and firewall to troubleshoot?

Link to comment
Share on other sites

Bit of a long shot but it's probably because a domain-joined client automatically installs the root certificate from the DC (assuming that the DC is also a cert server which I think it is in 2012E) and hence will also trust any certificates signed by that authority. A non-domain (workgroup-based) client won't.

 

You may well need to manually add the root cert to the local store on the new laptop and (from memory so it may be a bit off)

 

open a web browser on the laptop

goto https://<server name>/certsrv

you should see a link called, something like, Download a certificate or certificate chain  - click it

Then on the next screen is a link with something like Download a CA Certtificate - click on this and it should download the root cert from the server

 

If it does then double-click on the .cer file which is downloaded, click the button to Install the Certificate, install for the local machine rather than the local user.

Click the option to manually choose which store to import the cert to and browse to the Trusted Root Certification Authorities store and put it in there.

 

Shouldn't need to reboot but it won't hurt and then try it again.

 

By the way, the blurred out name in your screen shot, was it the external domain name or internal one it was complaining about?

 

John

Link to comment
Share on other sites

Shouldn't matter. RD Gateway should use the external certificate (such as myserver.remotewebaccess.com).

If you're using a self-signed certificate or behind a reverse proxy, that could be why. Otherwise..... it shouldn't do that :(

Link to comment
Share on other sites

I actually managed to figure this out

 

So, the box to bypass the RD Gateway DOESNT WORK in Windows 8 if you are not on a domain, to work around this you change a registry key for your HOME network, to skip the RD Gateway

 

If you set the registriy value HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ NetworkList \ Profiles \ [PROFILE] \ Managed to 1 then it works

Link to comment
Share on other sites

That ... doesn't surprise me at all. RD Gateway is meant to be run in a domain, actually. And the Windows Server Solutions team (WHS team) did some weird stuff to get it working in WHS2011....

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...