Saturday, January 16, 2016

RemoteApp: Authentication Error has Occurred (Code : 0x607)

Issue: 
User receives error message 0x607 - An authentication error has occurred,
when attempting to launch a published RemoteApp or Desktop, check the logs on the client PC.


Cause:
In general there is problem with digital certificates you are using in RDS configuration.

Case 1:
This is likely due to the client PC not trusting your certificate. Either procure a certificate from a trusted third-party certificate authority, or the user will need to install and trust the root certificate authority and any intermediate certificate authorities in the certificate chain.

Case 2:
If the user is unable to contact the certificate revocation list that is listed on the certificate (third-party or internal CA) to verify the revocation status of the certificate, they will receive the 0x607 error. So for example, if the URL of your certificate vendor is being blocked by a corporate web filter, you will have receive this error when launching a RemoteApp.

Case 3:
Certificate name mismatch during external access to RemoteApp or Session Host Desktop via Remote Desktop Gateway and 3rd-party digital certificate:
  • rdgw.extdomain.com (Public name of RDS Gateway) configured with *.extdomain.com certificate
  • rdcb.extdomain.com (Public/Internal name of RDS Connection Broker) configured *.extdomain.com SSO certificate
  • rdsh1.intdomain.com (Internal name of RDS Session Host) protected with *.extdomain.com certificate. Here is where error occurs.
  • rdsh2.intdomain.com (Internal name of RDS Session Host) protected with *.extdomain.com certificate. Here is where error occurs.

Use Ryan's script to change *.extdomain.com to another *.intdomain.com trusted certificate (internal or third-party CA) on Remote Desktop Session Hosts. Another solution is to keep split-brain DNS scenario when design Active Directory/DNS domain name so you can use the same wildcard digital certificate internally and externally.