Forum Discussion
CirrusLoad balanced RDP VIP use in APM
HI I have a VIP on port 3389, load balancing to two rdp servers. RDP directly to that VIP IP works well.
Now I created this as an rdp in apm, I used the dns name that the vip is resolving to as the destination address for the rdp, the apm url has a trusted cert.
It gets as far as logging on then it throws the error: The connection has been terminated because an unexpected server authentication certificate was received from the remote computer
Seems like the client connects to apm and gets the apm cert - trusted
then they click the rdp icon and get the rdp file downloaded, the file has the gateway address of apm with trusted cert, and then the dns name of the rdp vip but then they get the servers real cert which doesn't match the vip dns name and errors.
Can I proxy this connection on the F5? I have tried a combination of client and server profiles and the only way I get as far as a login prompt is to have no client or server profile in the vip.
I would like the F5 to present its own apm cert to the client , I don't have the ability to put new SAN certs on the servers (not sure that would solve it anyway)
5 Replies
- Injeyan_Kostas
Nacreous
Hi JamesCrk
Client SSL profile cannot work in this case to replace RDP cert.
You could publish 2 RDP Resource directly instead of 1 VIP.
JamesCrkOk thanks but the idea is for the servers to be load balanced without the user needing to choose one in particular, the weird thing is the vip works fine it just doesn't work when used behind the rd gateway
- Injeyan_Kostas
I understand the case. You could though present each RDP resource to different user groups making a kind of balance.
Could you try use IP instead of hostname in RDP resource?
- Nikoolayy1
MVP
Hey Injeyan_Kostas what about F5 Privileged User Access (PUA) solution for RDP ? I have not tested it but having a webtop with the RDP without a client can solve this or not?
- Injeyan_Kostas
Hi Nikoolayy1
Does APM have WebRDP client?
Never heard about it.
