Select Page

How to use TLS with Remote Desktop Server RDS 2012

How to use TLS with Remote Desktop Server RDS 2012

If you are using Remote Desktop Services, you would know by now that by default, RDS session hosts will use a default RDP native encryption. This might sound good, but it is only encryption. There is no authenticity to verify the identity of the RDS session host server. You can enhance the security of your session host servers by using TLS. In this blog post, I will guide you through couple of steps to use TLS with Remote Desktop Server, and fix any certificate issues when using TLS.

TLS with Remote Desktop Server

I was deploying Windows Server 2012 R2 RDS farm once, and I configured two session host servers in a pool or collection, one broker and one licensing server. The deployment was easy, and I expected everything to work fine. I wanted end users to connect to a nice name space like apps.contoso.com, that will point to one of the session host servers.

When my users started accessing apps.contoso.com, they get a certificate warning indicating that there is some certificate name mismatch. This is because the session host servers will generate self-signed certificate with the name of the session host server itself, and not with the name apps.contoso.com.

I started to look at the best way to use TLS with Remote Desktop Server, and how can I fix those certificate problems. First, I need a digital certificate [server authentication] from my internal certificate authority with the name apps.contoso.com. I installed that certificate in the computer personal store of my two session host servers. I started asking myself then “how can I tell my session host servers to use that certificate instead of the self-signed one?”.

TLS with Remote Desktop Server

Then I found the solution:

  • On each session host server, open PowerShell using admin credentials, and type:

Note: replace Thumbnail with my new certificate thumbnail.

  • Or you can use this command instead:

  • Restart both servers.
  • Use this command to get the certificate hash being used:

 

About The Author

Ammar Hasayen

Ammar is a digital transformer, cloud architect, public speaker and blogger.
He is considered a trusted advisory with the ability to quickly navigate complex multi-cultural organizations and continuously improve and motivate cross-functional teams to achieve higher productivity, collaboration, revenue gain and cross-group knowledge sharing.

His contributions to the tech community helped him get awarded the Microsoft Most Valuable Professional.

Ammar appears in a lot of global conferences, and he has many publications about digital transformation and next generation technologies.

1 Comment

  1. Krzysztof

    It works!
    Thaks!

    Reply

Leave a reply

Your email address will not be published. Required fields are marked *

Ammar_Hasayen_MVP_1

About Ammar

Digital Transformation | Microsoft MVP | Cloud Architect | Azure | Microsoft 365 |Modern Workplace | Cyber-Security | Blockchain | Speaker | Blogger | IT Director @ Aramex| Jordan | http://me.ahasayen.com

Recent Posts

Pin It on Pinterest