This access is based on Windows Active Directory accounts and passwords, and password changes are a necessary way of life in most organizations as security guidelines generally mandate their periodic rotation. SEE: TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download (TechRepublic Premium) My organization has several of these implementations across various environments, and they offer a great solution for users to be able to log into a shared desktop environment and run applications.
Many of us who now work from home full time depend on it to do our jobs. Remote Desktop Service is a common way to permit users to access resources, particularly from a remote location.
How to enable access to god-mode in Microsoft Windows 11 How to find your Windows 11 product key: 3 simple methods Kaspersky uncovers fileless malware inside Windows event logs Get Microsoft Office for Windows with this lifetime license Image: iStock/insta_photos Must-read Windows coverage
In fact, this is usually the preferred method when performing load balancing as it keeps things simple, and allows the ACE to perform application layer balancing.How to permit remote users to reset their passwords using Remote Desktop Web Access in WindowsĪlleviate the headaches associated with manual password resets by providing this Windows-based Active Directory solution for Remote Desktop Services.
Or if you decide to run with a SAN then you will need to specify the SAN in the certificate request.Īnother option would be to install a single certificate on the Cisco ACE in order to perform SSL termination on that device instead of the RD Web Servers. If you decide to run with a wildcard certificate, then you simply specify your domain as *.your.domain and purchase it from the external CA using their wildcard purchasing plan.
If for whatever reason you really do need different domain names, then you will create a single certificate request using your preferred method. Simply create the certificate request as you normally would, and install the certificate on both servers - just ensure that the cert is licensed for use on 2 servers when you purchase it. Using a wildcard / SAN certificate is only necessary if you intend on accessing one or both of the servers using different names. The help from MS I have gotten via docs and forum seems to assume we are using an internal AD CA or a Gateway, neither of which we are using (We are requiring VPN for off site access for now).ĭo you actually need your two RD Web Access servers to use different domain names? Seeing as this is a load balance / fail-over scenario, then normally you would install the same certificate on both servers.
My question is, how do I go about requesting the certificate now? Other than using a wildcard or SAN cert (to include the "friendly" name we are using) I am not sure how to start this process.ĭo I request a cert from one of the RD Web Access servers, export, and use it for both of them? Or do I request one from each with the SAN/wildcard as part of the request? Or, am I completely off track here? I am only familiar with basic HTTPS web cert requests so this is all a mystery to me. Our production deployment will have 2 RD Web Access servers behind a Cisco ACE for failover and load balancing.
In the past I have requested a single cert using an external CA (via an IIS 7 cert request), installed it, and then exported it into the *.pfx format to use. We are planning on a deployment of Remote Desktop Sservices (Windows Server 2012 R2) with 2 RD Web Access Servers.