I’m carrying out my first deployment of Remote Desktop Servers using Windows Server 2008 R2.
The goal is to have full Remote Desktop and RDWeb RemoteApps available on the internal LAN and to have a RD Gateway in DMZ but joined to AD Domain to provide external access to full Remote Desktop only.
I’m confused as to how the certificate side of things should be configured in the above RDS deployment, Say I have the following servers and DNS records:
Server | FQDN | Role | Additional AD DNS | External DNS |
RDS01 | RDS01.abc.xyz.local | Connection Broker / RDWeb | rdsweb.abc.xyz.local (CNAME) |
|
RDS02 | RDS02.abc.xyz.local | Gateway |
| rdsgateway.sub.domain.com |
Server1 | Server1.abc.xyz.local | Licence Server |
|
|
RDSSH01 | RDSSH01.abc.xyz.local | Session Host | rds.abc.xyz.local (Farm Name) |
|
RDSSH02 | RDSSH02.abc.xyz.local | Session Host | rds.abc.xyz.local (Farm Name) |
|
RDSSH03 | RDSSH03.abc.xyz.local | Session Host | rds.abc.xyz.local (Farm Name) |
|
Web and Technet forum searches will throw up different ways to implement Certificates and different Certificates to use.
Ideally I’d like to get a single cert cut from an external Certificate authority (SAN Cert?) – would this work in the deployment scenario above?
If so do I need to get all of the internal FQDNs as well as all the 2 internal and 1 external DNS names added to the cert? – Or would I not need to add the FQDN of the Licence server?
Any help would be greatly appreciated.