[07-07-2021] | RemoteApp Cert Woes

I was tasked with serving up some software as a RemoteApp for the purposes of bug testing. I set up a DC that also had DNS, ADCS, and RDS to make this happen. I was able to load the RemoteApp on a MacOS client, but when someone tried to connect form Windows 10, it didn't work.

Not only did it just not work, each of the 3 ways to add a RemoteApp provided a different error, with one not even providing any information at all. It turns out this was all due to cert errors, something which Microsoft seems to barely cover anywhere, and all third party help sites have a different idea on how to handle.

The complications I faced are:

  1. Domain is private, will not be made public
  2. Internally issued enterprise certs are really only useful for domain added computers
  3. I do not have access to corporate domain, which users will be VPNing in from
  4. Almnost no feasible way to use a public cert internally

The only realistic solution is just to get certificates working enough to allow a win10 connection to this short-term server. Here's how I did it:

Make sure IIS and Certificate Authority roles are installed

To create a cert request:
To issue the cert from your local CA:
To export the certificate:
To add the certificate to all Remote Desktop services:

You can now browse to the server's FQDN as https://fqdn/rdweb and, although you will still be prompted with certification warnings, at least you can proceed.