Hi
I’m looking for some help.
My problem is exactly the same as that posted by Jeff Rodgers in this post:
http://social.technet.microsoft.com/Forums/en/winserverTS/thread/6f29bc2f-5290-426c-a617-f6fbaab9ba9f (Connecting XP to server 2008 (not R2) using RDP broken after KB969084 update installed.)
I have a Windows 2008 R2 server running remote desktop services. The environment that remote sessions are required for is only small here, so all the following roles are insatlled on the same server (let’s call it ‘rds.local’):
Remote Desktop Connection Broker
Remote Desktop Gateway
Remote Desktop Licensing
RemoteApp and Desktop Connection Management
Remote Desktop Server
The‘rds.local’ server has an external certificate purchased from Digicert, with the common name‘rds.external.com’
This certificate is specified in IIS, Remote App Manager, and Remote Session Host Configuration.
All works fine and very smoothly in Windows 7. Clients can connect to‘https://rds.external.com/rdweb’, log on and choose a RemoteApp without having to retype their password. In short, everything as expected including SSO.
It’s a different story for WinXP SP3 though (although SSO also works). These clients have RDP6.1 and CredSSP installed and are fully updated via our WSUS server. Loading a RemoteApp for example only works if I switch the certificate used in Remote Desktop Session Host to ‘Auto Generated’. If I use the rds.external.com certificate from Digicert, Windows XP users get the following error:
‘The connection has been terminated because an unexpected server authentication certificate was received from the remote computer.’
The problem is, as Jeff Rodgers put it:
“The Windows XP SP3 Computers balk at the certificate with "connection has been terminated because an unexpected server authentication certificate was received from the remote computer" Windows 7 and Vista computers work flawlessly in this configuration (Single Sign on). By using the default auto-generated certificate in Remote Session Host Configuration, this prompts certificate warnings to Vista and Windows 7 clients but allows Windows XP Sp3 clients to connect (again with cert warnings but they can click connect).”
So although I have a solution that works, I don’t like the certificate warnings I’m left with (especially on Windows 7 as I know it can work perfectly). I’ve been working on this problem for some time now and have explored lots of avenues. But now I’ve reached a point where I’ve ran out of ideas and I’m thinking that it’s a fundamental problem with XP SP3. But surely there’s a reason behind this…
Any ideas?