Updating certificates on RDS. Remote Desktop Services

Jul 11, 2022 | Server administration, Technology, Windows | 2 comments

Every year now, I need to update the certificates on my Microsoft Remote desktop services servers.

This involves:

  • IIS front end
  • RDWeb Web client
  • components of RDS through server manager. Connection broker, gateway and web.
  • RDS gateway.

Rough instructions:

Install the certificate

  1. Open the MMC
  2. Click add snap in
  3. Choose Certificates
  4. Choose “Local computer”
  5. Choose this computer
  6. Expand Personal\Certificates
  7. Right click certificates and under all tasks, choose import certificate.
  8. Now import your new PFX file
  9. I recommend giving it a friendly name.
  10. Now right click this certificate and click more tasks.
  11. Click Export
  12. Follow the wizzard. Don’t export the private key.
  13. Save it to somewhere that will be easy to find shortly.

Update IIS

  1. Open IIS Internet Information Services
  2. Expand your server then expand sites
  3. Right click on Default website.
  4. Click Edit bindings
  5. Click on the HTTPS port 443 binding.
  6. Click Edit
  7. Choose your certificate using the friendly name that you configured earlier.
  8. Click Ok then Close.
  9. You can now close the IIS administration interface.

Update the RDWeb web client

You do this by unpublishing the client, importing the certificate then re-publishing the client again.

  1. Open PowerShell as administrator
  2. Type the following command to unpublish the web client.
    Publish-RDWebClientPackage -Type Production
  3. Now import the certificate using the following command. Replace everything between the <> with the path to the cer file you exported earlier.
    Import-RDWebClientBrokerCert
    Publish-RDWebClientPackage -Type Production -latest

Update the RDS service using server manager

  1. Open server management
  2. On the right, open RDS Remote Desktop services
  3. In your main deployment window, click the deployment tasks button.
  4. Click Deployment properties
  5. Highlight the certificates option on the left
  6. For each certificate, do the following:
  7. Click the certificate
  8. Click change
  9. Choose the second option. Ad dfrom file
  10. Browse to the PFX file
  11. Type the password
  12. Click OK
  13. Click Apply
  14. You will need to do this at least four times.

Update the certificate on the gateway

  1. Open the gateway manager
  2. Right click the gateway on the left
  3. Click Properties
  4. Move to the Certificates tab
  5. Choose the third button down to import a new certificate.
  6. Browse to the PFX
  7. Type the password when prompted

At this point, you will probably need to reboot the connection broker and front end servers.

2 Comments

  1. Rene

    HI,

    Instructions in my case are not working. When i try to unpublish the installed one, then PowerShell doesn’t recognize:

    Publish-RDWebClientPackage -Type Production

    If i try the same with:
    Import-RDWebClientBrokerCert xxx.cer, its works

    Also, this one works, but not yet usable in my case because i need first unpublish the installed one:
    Publish-RDWebClientPackage -Type Production -latest

    My question is:

    how can i step by step replace my installed certificate for the rdweb client version

    packageId : rd-html5
    version : 1.0.27.0
    author : Microsoft
    summary : The Remote Desktop Web Client
    minRDWebClientManagementVersion : 1.0.2
    path : C:\Program Files\RemoteDesktopWeb\Internal\Clients\zekjgkvf.knc
    _baseVersion : 1.0.27.0
    publishedAs : {Production}

    Reply
  2. david

    This was a life saver so thank you!

    Reply

Trackbacks/Pingbacks

  1. Updating certificate for Remote Desktop Services – System Center Configuration Manager Notes - […] manager asked me to update the certificate for Remote Desktop Services and provided https://www.digitaldarragh.com/2022/07/11/updating-certificates-on-rds-remote-desktop-services/ as a guide.  It took…

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.