Hi,
I'm having difficulties getting certificates for my Remoteappfarm working.
All clients are Win7 SP1.
I have a connection broker and a webaccess on the same server (Server1) and a Remoteapp farm (farm.company.net) with two servers included (Server2, Server3).
I also have a standalone Remoteapp connected to the webaccess (Server4)
All is set up and working in the sense that I can connect to the webaccess and start applications, but I recieved lots of warnings when starting applications due to the lack of certificates.. so..
I requested/imported an SSL cert for the webaccess with the fqdn of the webaccess adress, which enabled a smooth login to the webaccess. Works fine.
I added the policy setting to enable SSO on the clients.
I requested/imported an SSL cert for the standalone server (Server4) and also distributed the Server4 certs SHA1 via GPO as a trusted publisher as described in the documentation:
http://technet.microsoft.com/en-us/library/ee216791.aspx
I added the cert in the remoteapp section in server manager as the cert to sign with.
Works fine, no popups regarding certs, server identities when starting the apps, SSO works fine. Perfect!
I requested/imported an SSL cert for the farm (farm.company.net) as described in the thread below:
http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/0158e68d-fe06-4261-88e3-4b6f205911da/
To get it right I imported the cert on the server I requested it from (Server2) and then exported it to get the private key included. This was then imported on server3.
I distributed the farm certs SHA1 as well via GPO as a trusted publisher.
I added the cert in the remoteapp section in server manager on both Server2 and Server3 as the cert to sign with.
This does however not work. When starting an application in webaccess that points to the farm I get an error message that states:
"Your credentials did not work" "Your system administrator does not allow the use of default credentials to log on the remote computer Company Remote Access because its identity is not fully verified. Please enter new credentials"
This has fields to enter my account and password. My account is already filled in and when i enter my password and hit ok I get the following prompt:
"The identity of the remote computer cannot be verified. Do you want to connect anyway? The Remote computer could not be authenticated due to problems with its security certificate. It may be unsafe to proceed. Name in the certificate from the remote computer:
SERVER2.company.com. Certificate errors: The certificate is not from a trusted certifying authority.."
If I click Yes to proceed the app launches fine, but I must get rid of the message and doesn't know where to start..
Please help!