How to configure Console Connect for WAP with CA

This blog post will show how to install WAP console connect with certificate from CA.

Requirements
Windows Server 2012 R2 – Hyper-V
System Center 2012 R2 – Virtual Machine Manager
System Center 2012 R2 – Service Provider Foundation
Windows Azure Pack
Remote Desktop Gateway
Certification Authority With SHA 256

Before we can start installations we need to have CA. I have earlier wrote blog post how to install CA for Console Connect. You can found it from HERE

After installation grant following permissions to your account and computer account where you are going to create request. Log in to CA and modify your template rights from Certificate templates Console.
ConsoleConnect01

Then check that you have correct Cryptocraphy (Important!)

ConsoleConnect29

Login to server where you are going to create request and start MMC console. Add Certificates (my computer) snap-in.

Create sertificate request:
ConsoleConnect08

Add needed details
ConsoleConnect031

ConsoleConnect09

-> Enroll

After successfully enrollment you need to export certificate
ConsoleConnect11

ConsoleConnect12

ConsoleConnect13

ConsoleConnect14

Now we have a correct certificate. We can ensure that it´s okay via test script.

Next we will load certificate into VMM database. Open VMM and start VMM powershell module. Modify your parameters and run.

ConsoleConnect15

Next we will deploy certificate to hosts (you can also wait, but this is the fast way)

Now VMM and hyper-v side is okay, so let´s move to Gateway server.
First we need to import our certificate to GW server, because it´s in work group.

Login to server and import same certificate to computer\personal store. Because we have Root CA in .pfx too move CA certificate to trusted Root Certification Authorities store.
Then Import Public certificate to Computer\Personal store.

Enable WMI

Next we need to add dns suffix to server (need to be done, before starting Remote Server Gateway installation)
ConsoleConnect16

Advanced System settings
ConsoleConnect17

Computer Tab and Change
ConsoleConnect18

More
ConsoleConnect19

Add your public DNS suffix and then ok – ok
ConsoleConnect19

 

Now we will install Remote desktop gateway from Add Role and features
Role Based installation
ConsoleConnect20

Remote Desktop services
ConsoleConnect21

Add Remote Desktop Gateway and all features
ConsoleConnect22

Leave all other settings as default and install
ConsoleConnect23

Install features for powershell:

 

Now we have all needed features and next we will configure our public certificate in this server.

Start Remote Desktop Gateway manager from server manager
ConsoleConnect24

Choose server and properties
ConsoleConnect036

SSL tab and select existing sertificate
ConsoleConnect25

Choose your public certificate and then apply -> OK

ConsoleConnect26

Next we need to install RDGatewayFedAuth plugin which can found from VMM installation CD \amd64\Setup\msi\RDGatewayFedAuth\RDGatewayFedAuth.msi

Now we need to configure TrustedIssuerCertificateHashes and the AllowedHashAlgorithms properties in the WMI FedAuthSettings class, but before it we need to get our certificate Thumbprint. It can be done via following command:

ConsoleConnect27

Now we have certificate thumbprint and we are able tuo configure TrustedIssuerCertificateHash properties via following command:

ConsoleConnect28

Last, we need to configure gateway to WAP.
Login to Admin portal and configure remote desktop gateway FQDN to your VM Clouds
ConsoleConnect30

That´s it.

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *