-
-
Notifications
You must be signed in to change notification settings - Fork 797
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to add certificate to RD farm #2511
Comments
Hi Nikos, thanks for reporting this, but as you can imagine it's tricky to support these scripts, because of all the different deployment scenarios out there. Probably if we comment out the line like you did, sooner or later someone will report that in their setup, they actually needed that. I don't have lab environments available to test this, and even I did, I lack the required knowledge about RDS. Perhaps you could work with @christaylorcodes who recently made some changes to try and make this more reliable. Generally the best advice about using example scripts is to test them, modify them as needed, and save them in a seperate folder for yourself so that your version doesn't get overwritten with some future update. |
Hi Wouter, |
I would agree that lines 87-107 are redundant to 200-223 I would also argue that lines 108-120 would fall under that same logic. Setting the local RDP listener to use the cert even though it might not be part of the RD deployment. The script logging/output is redirected to the event log. My last update, I tried to make as little change as possible to resolve the issue I was facing. I currently manage 50+ RD environments but only a handful of them are multi-server farms. |
Quick script modification for review. |
Hello @christaylorcodes I agree with what you said. I have also tested your script modification in my lab environment and it succeeded, with some errors in line 168. I am not sure if it is needed, but maybe a cmdlet like this or this could be used in order to get the fqdn of the Gateway (if it exists) and invoke the command to it. Lastly, I've noticed a small typo in the numbering of the positional parameters (0,1,3 instead of 0,1,2). It might not affect anything, I don't know :) |
Hello,
I ran at a problem when trying to add a new certificate to RD farm using ImportRDSFull.ps1 as post renewal script.
Specifically,
I got the following error, running win-acme at the Remote Desktop Connection Broker
With a little bit of debugging, I think the issue is caused in ln.87-98 where the script assumes that the localhost is also a Gateway, which is not always the case.
If I comment out this section the script works.
Furthermore, the section seems redundant since the certificate is set to the Gateway using the
Set-RDCertificate
cmdlet in ln. 171-184Also, I think no output is provided in the terminal and I had to search through the log.
Any feedback would be welcome.
Platform:
The text was updated successfully, but these errors were encountered: