Digitally Signing RemoteApps
Came into the office this morning and there were a number of users of our Great Plains application which we RemoteApp that were getting an error message and were unable to connect. When connected they received the following error: “The digital signature of this RDP file cannot be verified”. RemoteApp is new in Windows Server 2008 and provides a seamless Remote Desktop experience to end users. It’s a pretty cool feature that we use to deploy Microsoft Dynamics Great Plains 2010.
According to TechNet, “you can use a digital signature to sign .rdp files that are used for RemoteApp connections to the Remote Desktop Session Host (RD Session Host) server. This includes the .rdp files that are used for connections through RD Web Access to RemoteApp programs and to the desktop of an RD Session Host server.” – http://technet.microsoft.com/en-us/library/cc754499.aspx
I originally didn’t create this particular RemoteApp package and I quickly found out that the certificate used to sign the RDP file had expired.
So this is how I quickly resolved the issue.
Resigning the RDP File
Not only had the RDP file expired, it was also self-signed. Like I said before, I didn’t create this package and if I would have, I would have used our Enterprise CA to issue the certificate.
- Open an MMC console on the RemoteApp server.
- Press CTRL+M or File > Add/Remove Snap-In
- Select Certificates from the Snap-in list and click the Add button.
- Select Local Computer.
- Expand Certificates (Local Computer) > Personal and right-click on Certificates
- Select All Tasks > Request New Certificate…
- This will start the Certificate Enrollment wizard. Request a new Computer certificate.
- Launch Server Manager and expand Roles > Remote Desktop Services > RemoteApp Manager.
- Select the RemoteApp Program from the table at the bottom of the right pane.
- Next to Digital Signature Settings click the Change link.
- Select the certificate that you just requested and click the OK button.
- Click the Create Windows Installer Package link to recreate the .msi file or if you only need the newly signed .rdp file click the Create .rdp File link.