2

I am in dire need of some help as i have searched high and low for a answer but to no avail. To begin let me give you a idea of what I have setup and the goal I am trying to achieve. I currently have 4 Windows 2012 servers that will be used in a Remote Desktop Collection.

RDGateway ServerTS4 ServerTS5 ServerTS6

ts 4 5 and 6 will be used as host servers while the RDGateway will be used for all the needed rolls connection broker licencing server etc.

We have a farm name lets call it Acme, my end goal is for the users to open up remote desktop connection type in Acme and connect to 4 5 or 6. Now i have created the DNS entries as needed all the times on the servers are correct. I have also changed the Security type to RDP security layer. Here is the kicker when i have the box checked saying "allow connections only from computers running remote desktop with network level auth" i get this error while connecting to Acme. "The connection cannot be completed because the remote computer that was reached is not the one you specified. This could be caused by an outdated entry in the DNS cache. Try using the IP address of the computer instead of the name." but when i uncheck that box it does not authenticate them before connecting to the server it connects them to the server then they enter there username and pass. I know that was slightly log winded but i am willing to accept any help or ideas. If you have any questions please feel free to reply with those as well.

Christian
  • 21
  • 2

1 Answers1

1

"RDP Security Layer

Communication between the server and the client will use native RDP encryption. If you select RDP Security Layer, you cannot use Network Level Authentication."

Configure Server Authentication and Encryption Levels
https://technet.microsoft.com/en-us/library/cc770833.aspx

Greg Askew
  • 35,880
  • 5
  • 54
  • 82
  • Hello thank you for your quick reply, I took your advice and switched the security type to both Negotiate and SSL TLS1.0 and im still receiving the same DNS cache error – Christian Nov 18 '15 at 16:48
  • Could be an issue with a time difference between the client and server(s). – Greg Askew Nov 18 '15 at 16:52
  • Also make sure the certificate you have installed matches the name you are using to connect. – Greg Askew Nov 18 '15 at 16:54
  • all 4 servers are the correct time and date i made sure to triple check this as it is a common issue when this message occurs – Christian Nov 18 '15 at 16:54
  • Does the cert need to be installed on just the 4 servers or every PC trying to connect to one of the 4? – Christian Nov 18 '15 at 16:55
  • Not on the clients. The certificate with the farm name needs to be on the remote desktop session hosts. If you are using the gateway with a certificate, that would be a separate certificate for the gateway name that you specify in the Connect From Anywhere section of the client. – Greg Askew Nov 18 '15 at 17:01
  • Okay i think i have narrowed down my error. So we have a old "Acme" Terminal Server Farm that is running how i would like this one to run. But its using 2008 the connection is set on Negotiate and the box for allow connections only.... is uncheck but below that it speaks of a Certificate and it is Auto Generated. Where is this option at in server 2012? – Christian Nov 18 '15 at 17:09