As you can see, currently your infrastructure is highly available for :
To be sure, make sure your license servers are listed in the "RD Licensing" section of the RDS deployment properties.
Ditto for RD Web Access.
And that your RDS cluster is well configured.
Now that your RDS infrastructure is highly available from your local network (if you are unaware that the certificates are not yet configured), you can add 2 highly available RDS gateways to provide secure remote access to your RDS infrastructure by following our tutorial : RDS - Implement high availability for your RDS gateways
Once you have followed this tutorial, here is what it will give.
The "RD Gateway" icon will have appeared.
2 new servers (GW1 and GW2) will have appeared with one IP address each and the other (10.0.0.106 in our case) corresponding to the GW cluster (managed via NLB).
Since the broker service will manage the requests of our users, we will no longer be able to use the certificate of our RDS web access for the Broker service.
If you try to do this, your users will be notified that the remote server (rdcb) is using a valid certificate for another server (rds).
To request a certificate for the broker name (rdcb.informatiweb.lan in our case), we will need to create a certificate request from IIS to be able to specify for which domain name we wish to obtain a certificate.
Specify the domain name of your broker service (and more precisely the one that corresponds to the round-robin DNS record name specified when activating the high availability of the broker service).
In our case : rdcb.informatiweb.lan
Save the certificate request.
Submit this request to your CA through its web interface by selecting the "Web Server" template since the purpose is to authenticate the server.
Confirm the digital certificate operation.
Download the certificate.
Nevertheless, as you can see by opening this certificate, there is no private key in the downloaded file (in cer format).
In IIS, click "Finish Certificate Request" and then :
As you already know, you need the pfx version of the certificate to import it into the deployment properties of your RDS infrastructure.
For this, now that the request has been created and completed from IIS, you can find it in your server's certificate store.
A quick reminder to access it : Launch the mmc console and add the "Certificates" snap-in for the local computer.
In the "Personal" store (selected from IIS), you will find your certificate for : rdcb.informatiweb.lan
If you double click on it, you will see that it has a private key (unlike the "cer" file format previously downloaded).
Right-click "All Tasks -> Export" on this one.
Select "Yes, export the private key".
Select "Personal Information Exchange - PKCS #12 (.PFX)".
Provide a password to protect the private key available with this certificate.
Export this certificate in pfx format.
Windows Server 3/8/2019
Windows Server 4/28/2019
Windows Server 3/16/2019
Windows Server 1/13/2019
Pinned content
Contact
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.
No comment