I’m having issues accessing virtual desktops (VD) through the Remote Desktop Gateway (RD Gateway). The main problem revolves are certificates (security?). When a client tries to remotely access a VD, their computer won’t allow them because an error says “This computer can’t verify the identity of the RD Gateway “vd-host.misoit.edu”. It’s not safe to connect to servers that can’t be identified. Contact your network administrator for assistance.” and gives them no options just to ignore the warning.
Background:
I am trying to create a VDI environment from scratch for laboratory purposes (not production).
Setup:
I have 2 computers with the following OS and roles installed on them.
PC 1 (hostname = dmn-ctrl)
-Win. Server 2012 Standard (x64)
-DNS
-AD DS [promoted this PC to domain controller, domain = misoit.edu, made a few users with admin. rights]
_
PC 2 (hostname = vd-host)
-Win. Server 2012 Datacenter (x64)
-RD Services (RDS) [this service installed the following]
-HyperV
-RD Virtualization Host
-RD Session Host
-RD Connection Broker
-RD Web Access
-RD Gateway (this one I had to manually enable, which is where the problem started, everything worked fine before I did this)
I have a standard router/switch. I have successful set up port forward to remote into the one of the servers from outside the network using RD Connection (Win7 software).
VDI configuration
-HyperV: I have created a VM of Win8, joined it to the domain, sysprep it, and used it as a template to make VDs in a pool (under RD Services -> Collections).
-I can locally go to a browser and access a VD through there. It seems that it automatically runs RD Connection when I click on the link in the browser.
RD Gateway Config
-Server name: vd-host.misoit.edu
-Login method: Password Authentication
-“Use RD Gateway credentials for remote computers” checked
-“Bypass RD Gateway server for local addresses” unchecked
The problem came when I decided to install RD gateway to allow access from outside the network. During the installation, I ran into a road block with creating the certificates (SSL?). I made a self-signed one and assigned it to all the RD Services listed above. They ended up all being labeled as “untrusted”. Now when I locally connect to the VD, the error mentioned above happens. If I turn off the RD Gateway, then everything works again.
I tried messing around by installing AD CA to pass out certificates, but that was a mess and a new subject I didn’t want to hit hard on (yet). Do I even need the RD Gateway to access VDs from outside the network if I strictly use direct IP Addressing in the browser? I can remote in, but not sure if I can access VDs the same way.
Any input would be much appreciated!