Hi Everyone, I had to renew a certificate and now I cannot do RDP, because I got an error: The computer can’t verify the identity of the RD Gateway. It’s not safe to connect to servers that can’t be identified. I already tried kb.igel.com/igelos/en/deploying-certificates-via-ums-23500678.html or even www.youtube.com/watch?v=kbkUKUkD4iE&feature=youtu.be , but nothing seems to solve the issue, can anyone give me a hand, Thank you Mario
Hi Mario. Which Firwmare version, which UMS version? Did you verify that the cert is on the device in /wfs/ca-certs?
Hi Mario, can you try to disable that setting:
Hello, it’s a old version and I don’t have this option
Igel Version 3.11.100 Model Device H820C
Which Igel OS Firmware version is in use? On which firmware is the profile based on?
app.slack.com/team/UCTA2CY93 Udo Jetschmanegg🦔 [1:59 PM]
Hi Mario. Which Firwmare version, which UMS version? Did you verify that the cert is on the device in /wfs/ca-certs?
The Igels are windows edition
I did all the steps, that I will send below, the problem is I apply and the certificates are not going to the root certificates.
Deploying Certificates via UMS
We recommend using the Universal Management Suite when you need to deploy certificates to a several thin clients.
Step 1: Loading certificate in the UMS
1. Open the UMS console.
2. Right-click Files.
3. Choose New file to open the New file dialog.
4. Activate Upload local file to UMS server.
5. Browse your new certificate file under Local file.
6. Select the suitable Classification of the certificate under File target.
7. Confirm with OK.
Your certificate is now listed in the Files window.
Step 2: Assigning certificates to thin clients
UMS is version 5 that I am using
Uuuuuuh, that’s a completely different topic… W7es and UMS5… You could try to use this Partial Update to achieve the Certificate Rollout. The Files section on UMS5 couldn’t deliver certs to Windows devices:
I also installed UMS 6, But no luck, because theprofile is associated I believe to 3.11.100, therefore the option to “ignore” certificates doesn’t show
Did you tried my Partial Update? The Setting I sent to you is only available on Linux.
Hi app.slack.com/team/U8TCQAUL8 Sebastien, I did like is explain in the Guide “How-to use IGEL partial update”, but in the Thin Client Partial updates doesn’t show anything and the Certificates are also not updated in the Root certificates.
Thank you
Can you provide a few Screenshots of the steps you made?
Steps to deploy the partial update
1. Copy the contents of the folder target into the ums_filetransfer folder on the UMS Server (e.g C:Program Files (x86)IGELRemoteManagerrmguiserverwebappsums_filetransfer)
#Done
2. Copy your certificates in to the folder “Partial_Update_1”. Name your root certificate “root.cer” and your intermediate certificate “int1.cer” and “int2.cer”. This PU version can only handle two intermediate certificates.
#Done
3. Check the accessibility of the data using Internet browser. (e.g: <ums_server>:9080/ums_filetransfer/punname/catalog.lua
Combo box to insert credentials
4. Import the profile (profiles.zip) into the UMS via: “System->Import->Import Profiles”. The imported profile should now appear in UMS under Profiles.
#Done
5. Edit the profile and adopt the settings according to your environment under System->Update->Partial
a. Hostname = <ums_server>
b. Path = ums_filetransfer/pufolder
c. Username: <ums-username>
d. Password: <ums-password>
#Done, I didn’t change the Path….
6. Assign the profile to Thin Client(s).
#Done
7. Start the update via right click on the TC or folder -> update & snapshot commands -> Partial Update.
#Done
from what I‘m seeing you entered ums_filetransfer/pufolder
that doesn‘t match your second screenshot. You have to specify the whole path including certificate (assuming, the catalog.lua is there).
“Warning” Message when Importing profiles
Hi, I already enter also the normal path, C:Program Files (x86)IGELRemoteManagerrmguiserverwebappsums_filetransfer, and has the same result
Should be
/ums_filetransfer/target/certificate/
When I try to assign a profile I get an error…. even if I use Version 3.11.100
Can you remove all profiles / files from the device and retry?
Yes, like this I could Assigned the object to the certificate Deployment, but the Partial updates is still empty
Here is an )old) internal document on how creating AND deploying the PUs. Please have a look starting by Page 12 to check if ports, transfer or a local issue is blocking the processing.
Is there any way, to have a batch file to start every time a Thin Client starts ? In the schedule Job I don’t see anything that could help
You could deploy it by using UCB and put a Reg key with a Autorun or on the endpoint disabling the Fbwf makes your changes and reenabling it:
kb.igel.com/wes7/en/file-based-write-filter-windows-embedded-standard-7-2722513.html
Just in case: UCB is more or less cost free. You would have to update to UMS 6.04.110
Giving support to Devices end of live is really great 😕 , I already tried to install UMS 6, but then I couldn’t register the Thin Clients, and I was also afraid, not be able to do rollback. At the moment with UMS version5, I see, it’s not possible. Thank you very much for or time and help, I will go to fight again and see if with UMS 6 I can do it, by the way, The Thin Clients and the UMS server are in the same Network.
I would suspect the TLS Issue between newer UMS and older devices, and that one can be „workarounded“ if a Certificate or end of stream error happens.
github.com/IGEL-Community/IGEL-Community.github.io/wiki/Scripts:-UMS github.com/IGEL-Community/IGEL-Community.github.io/wiki/Scripts:-UMS
Just FYI, everytime I Assigned the Object certificate Deployment -> all the other profiles are not Assigned, all the configurations that I have are gone 😕 just one more thing to help.
Please check if they are files assigned that aren‘t available anymore in ums_filetransfer folder.
I would also check if you would be able to deploy an update to the devices:
3.13.140 is the latest build:
fwu.igel.com/files/IGEL_UNIVERSAL_DESKTOP_FIRMWARE/W7/UniversalDesktopWES-3.13.140.zip
And last one: if you tried to install a new UMS, and not migrated the old one, you would have to reset the test device to factory defaults first:
Right click on device, other commands, reset to factory defaults
Hi Sebastian,
just FYI, looks like the partial update is working.
I gave up and did a batch to start the RDP and install the certificate, but after some “days”, I have almost all the clients being able to connect without having the certificate issue.
Once again, thank you very much for your time and help.
Continue reading and comment on the thread ‘Error: “The computer can’t verify the identity of the RD Gateway. ” connecting to RDP on IGEL OS’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!