1. Support Latam
  2. Nerdio
  3. NFA Planned Maintenance

Menu

    • Download the Install.ps1 script  
    • Run the Install.ps1 as a domain administrator on DC01 in your Azure environment 
    • Confirm that the “Certificate Replacement” scheduled task was created on the following Azure machines (make sure to run Task Scheduler as an administrator) 
      • DC01
      • RDSHXX
      • RDSCB01
      • RDGW01
      • WS00 and all existing VDI desktops

     

    Note

    RDS Collection hosts do not require certificate updates since they communicate through the broker

    PRX01 (DMZ) server certificates will be updated by Nerdio

    All future Nerdio deployments will include the Certificate Replacement task by default

     

    • The Certificate Replacement task runs daily on each server and only replaces soon-to-expire certificates if they are *.nerdio.net or *.adminportal.pro, and actively in use for the required roles
    • Certificates will only be replaced if they are in-use and expiring within the next 45 days (or already expired)
    • All servers/workstations, including WS00, must be powered on when running the install script to successfully update and create the task. Once the replacement task is added, certificate replacement will occur as long as the VM is powered on during the daily task replacement window at some point
    • Custom certificates (anything other than *.nerdio.net and *.adminportal.pro) are the partner’s responsibility to manage and will not be altered, replaced, or updated by this process
    • Certificate replacement window occurs between 7:30pm and 9:30pm (based on the local time of the Azure VM)
    • Thin Clients: if using certificate-secured thin clients, you can download the appropriate new certificate (only applied to *.nerdio.net and *.adminportal.pro certificates) here

     

    Effects on the Nerdio environment during the replacement process 

    • Certificate replacement process happens once per certificate (roughly every two years)
    • The DC01 scheduled certificate replacement task will restart the ADFS service for ~30 seconds.  If you are using ADFS for authentication, new logins will not work during this short window, but existing sessions are unaffected.
    • Thin client hardware must be updated by the partner with the new certificate before expiration 

    Certificates that get updated through automation: 

    • DC01: ADFS certificates (ADFS, ADFS service communicationTS certificate 
    • RDSH: TS certificate 
    • RDSCB01: TS certificate, RD Role certificates (Redirector, Publishing, WebAccess) 
    • RDGW01: TS cert, RDGW cert, RD Web Client Broker cert
    • WSXX: TS cert
    Powered by Zendesk