locked
Can't verify the identity of the RD Gateway RRS feed

  • Question

  • I am unabel to connect to any PC or the WHS through the Web Portal. I get the following warrning (pop up).

    This computer Can't verify the identity of the RD Gateway "remote.domain.com" . It's not safe to connect to servers that can't be identified.
    Contact your network administrator for assistance

    Any sugestions?


    Johnathan
    • Edited by jwcarroll Sunday, May 2, 2010 6:22 AM Changed description
    Sunday, May 2, 2010 6:11 AM

Answers

  • Strange, I have several domains. I setup one of my domains with a sub of WHS. I then created a SSL's (at Godaddy)and gave it WHS.domain.com. I imported it into my server and assigned it in IIS.

    I can browse to WHS.domain.com without a cert error but I am still not able to connect via TSgateway. I get the same error.

    I then removed all self signed certs, just to be sure there was not a conflict and was still unable to remote in to the server or PC's.

    Could this be a machine name issue?


    The reason it doesn't work this way is because not only IIS but also TSG need to be configured to use this cert. Unfortunately in WHS SKU you cannot get TSG GUI to set it up, you need to do this programatically. Hopefully in the future we can have a tool to enable people for this scenario.

    For now I guess using *.homeserver.com is the only supported way to get this work.

    Thanks.


    windows home server team
    • Marked as answer by jwcarroll Friday, May 7, 2010 4:09 PM
    Friday, May 7, 2010 8:48 AM

All replies

  • I am unabel to connect to any PC or the WHS through the Web Portal. I get the following warrning.

    This computer Can't verify the identity of the RD Gateway "remote.domain.com" . It's not safe to connect to servers that can't be identified.
    Contact your network administrator for assistance

    Any sugestions?


    Johnathan
    Did you go through the entire Remote Access setup (specifically the part where you set up a domain name)?  I had that same problem when I did the config manually in Vail (and didn't set up a domain name through Vail, instead using the domain name from my v1 install).  Once I setup my domain name in Vail (even using the same Live ID to create the same domain name as my v1 install), it worked fine.
    Sunday, May 2, 2010 5:34 PM
    Moderator
  • This is most likely due to the certificate.  For a remote client to connect to a PC through TSGateway, you need the remote client to trust the certificate.  You can either export and import the self-issued one, or setup the LiveID domain as you called out below.
     
    Sean
     
    This post is "AS IS" and confers no rights.
     
    "kariya21" wrote in message news:0eec43ae-e050-482b-a970-c97109c52341...
    I am unabel to connect to any PC or the WHS through the Web Portal. I get the following warrning.

    This computer Can't verify the identity of the RD Gateway "remote.domain.com" . It's not safe to connect to servers that can't be identified.
    Contact your network administrator for assistance

    Any sugestions?


    Johnathan
    Did you go through the entire Remote Access setup (specifically the part where you set up a domain name)?  I had that same problem when I did the config manually in Vail (and didn't set up a domain name through Vail, instead using the domain name from my v1 install).  Once I setup my domain name in Vail (even using the same Live ID to create the same domain name as my v1 install), it worked fine.
    Monday, May 3, 2010 4:36 PM
    Moderator
  • This is most likely due to the certificate.  For a remote client to connect to a PC through TSGateway, you need the remote client to trust the certificate.  You can either export and import the self-issued one, or setup the LiveID domain as you called out below.
     
    Sean
     
    This post is "AS IS" and confers no rights.
    I tried that first (by going to the main web page from my remote client, saving the cert, then importing the cert on the remote client (even as Trusted Root)), but it still didn't work.  Any idea what I did wrong?
    Monday, May 3, 2010 9:47 PM
    Moderator
  • Unfortunately you need to import the root certificate, the on you imported from the webpage (which is bad practice I might add, you should never browse to a webpage and install the cert from the webpage, but that’s a whole other security conversation) is the leaf certificate.  You will require the root certificate out of the server certificate store.
     
    Sean
     
    This post is "AS IS" and confers no rights.
     
    "kariya21" wrote in message news:7032b811-4c0d-495d-a80f-fba5177bb441...
    This is most likely due to the certificate.  For a remote client to connect to a PC through TSGateway, you need the remote client to trust the certificate.  You can either export and import the self-issued one, or setup the LiveID domain as you called out below.
     
    Sean
     
    This post is "AS IS" and confers no rights.
    I tried that first (by going to the main web page from my remote client, saving the cert, then importing the cert on the remote client (even as Trusted Root)), but it still didn't work.  Any idea what I did wrong?
    Tuesday, May 4, 2010 5:17 PM
    Moderator
  • Strange, I have several domains. I setup one of my domains with a sub of WHS. I then created a SSL's (at Godaddy)and gave it WHS.domain.com. I imported it into my server and assigned it in IIS.

    I can browse to WHS.domain.com without a cert error but I am still not able to connect via TSgateway. I get the same error.

    I then removed all self signed certs, just to be sure there was not a conflict and was still unable to remote in to the server or PC's.

    Could this be a machine name issue?

    @Sean Daniel
    I will try a self signed cert and install it on the client to see what results I get.

    @kariya21
    I did go through the whole Remote Access setup

     


    Johnathan
    Wednesday, May 5, 2010 6:36 PM
  • jwcarroll: Is your client (from where you are connecting via Internet Explorer) an XP? If that is the case, then you need to download new version of the RDP client and also need to do a few things in registry.
    Wednesday, May 5, 2010 6:52 PM
  • jwcarroll: Is your client (from where you are connecting via Internet Explorer) an XP? If that is the case, then you need to download new version of the RDP client and also need to do a few things in registry.


    I'm using vista, I have also tried Windows 7.

    I am removing all I have done and starting fresh. I will use my name.homeserver.com address that I have settup with WHSv1 and see what happens.


    Johnathan
    Wednesday, May 5, 2010 6:59 PM
  • That seemed to work. I went back to defaults and settup remote using my name.homeserver.com address. I will do more testing with my Godaddy domains and see what kind of results I get.
    Johnathan
    Wednesday, May 5, 2010 7:06 PM
  • Strange, I have several domains. I setup one of my domains with a sub of WHS. I then created a SSL's (at Godaddy)and gave it WHS.domain.com. I imported it into my server and assigned it in IIS.

    I can browse to WHS.domain.com without a cert error but I am still not able to connect via TSgateway. I get the same error.

    I then removed all self signed certs, just to be sure there was not a conflict and was still unable to remote in to the server or PC's.

    Could this be a machine name issue?


    The reason it doesn't work this way is because not only IIS but also TSG need to be configured to use this cert. Unfortunately in WHS SKU you cannot get TSG GUI to set it up, you need to do this programatically. Hopefully in the future we can have a tool to enable people for this scenario.

    For now I guess using *.homeserver.com is the only supported way to get this work.

    Thanks.


    windows home server team
    • Marked as answer by jwcarroll Friday, May 7, 2010 4:09 PM
    Friday, May 7, 2010 8:48 AM
  • Thank you
    Johnathan
    Friday, May 7, 2010 4:09 PM
  • Hi Jonathan

    I was having the same problem with a vanity domain name

    Security issues asside, I found the following workaround

     

    I have a vanity domain name (but I will use www.myname.com as an example below)

    step 1.  Create a domain certificate for your vanity name i.e. www.myname.com in WHSV (standard functionality in IIS Manager).

    step 2. Issue the certificate from WHSV's Certification Authority snap-in and then complete the certificate request in IIS manager

    Step 3. Bind the certificate to HPPTS (port 443) WHSV IIS Manager

    Step 4 Export the root certificate and add this to the trusted publishers store in Internet Explorer

    This gets rid of the certificate warnings, and more importantly, allowed me to Remote Access (RDP)

     

    Hope this helps - If anyone wants step by step details, I will screen shot the step by step process

     

    Sunday, May 16, 2010 4:33 PM
  • Screenshots would be really helpful if you could, I cant seem to issue a cert without telling it what online authority to use?
    Friday, May 28, 2010 7:19 PM