Hello, 

We just built out Server 2012 STD and will reside it in DMZ along with not joining it to our domain. After we ran Qualys PCI scan, we found an issue with SSL Certificate - Signature Verification Failed Vulnerability port 3389/tcp over SSL. On 2008 R2, we put a cert on RDP-TCP properties to resolve this issue. However, on 2012 I cannot find the same way to do that since no terminal services are installed as built in. 

I found the article below, but the standard deployment option/quick start are not available on non domain joined server like we have.

http://social.technet.microsoft.com/Forums/en-US/winserver8gen/thread/8efe05de-b596-4180-bc41-3f98008b555f/

Is there a way I can make the similar process we did on 2008 R2 for this new server 2012 std ?

Hi,

Acutally,Server 2012 RDS is designed under the basic premise that RDS servers will be joined to a domain, at least one RD Connection Broker will be present, and that RDSH servers will be managed as a collection using Server Manager (and/or powershell).

The thing to keep in mind is that most of the tools provided to make managing/configuring RDSH servers easier in 2012 will not work in a workgroup configuration. This includes most (if not all) of the new powershell commands and server manager. Most of the old powershell commands and GUI programs that would have allowed you to configure/manage a standalone RDSH server have been removed.

Exception to the above is for RD Licensing and RD Gateway. The GUI and powershell tools for those are still present in 2012.To configure and manage a standalone RDSH server you may use a combination of local group policy (gpedit.msc), WMI commands, registry edits, and config file edits, as needed. For RD Licensing and RD Gateway you may use the graphical tools as in previous versions, or the old powershell commands (import-module RemoteDesktopServices).

You will need to use PowerShell to manage your server, as you can't install the RDMS UI without a domain. The following is a good place to get started on learning the PowerShell cmdlets:

http://blogs.msdn.com/b/rds/archive/2012/06/28/introduction-to-windows-powershell-scripting-in-windows-server-2012-remote-desktop-services.aspx
Hope it helps

Regards,

Clarence

TechNet Subscriber Support

If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

Well, there was an error for me to reply this thread yesterday. 

I figured this out myself a couple hours after posting this question.

According to my research,

To install cert on RDP on server 2012 like Server 2008 R2, we need to use Command line or PowerShell Scripts

http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/679bea34-2d12-47a7-bebc-b1e3592c453f/

And, here is how to

http://serverfault.com/questions/444286/configure-custom-ssl-certificate-for-rdp-on-windows-server-2012-in-remote-admini



Basically, Here are the steps I did

1) I install RDS for RD Gateway Manager only via role based services and features for the local host

2) Apply the Certificate with WMIC commands

3) and import the certificate into the RDS Gateway manager > SSL Certificates

After I applied the SSL Cert via WMI Commands, the issue with PCI scan failure is fixed.

• Marked as answer by Kris Hong Friday, February 08, 2013 1:27 PM
• Edited by Kris Hong Friday, February 08, 2013 1:29 PM 1

Clarence Zhang, 

Thanks for the answer. It helps me to understand more. :)

• Edited by Kris Hong Friday, February 08, 2013 4:20 PM 1

Thanks Kris!  Pretty much the dumbest thing on the planet that the ability (at least through traditional GUI) to utilize a WORKSTATION environment is so cumbersome in 2012. Just wait till Server 2016 -- it'll be a registry hack only at that point. :P  

Thanks again!