“Remote Desktop Disconnected: Remote Desktop cannot connect to the remote computer because the authentication certificate received from the remote computer is expired or invalid. In some cases, this might also be caused by a large time discrepancy between the client and the server computers.”
I knew that the times were correct, and after looking at the certificate, I realized it had expired.
I didn't see the need to buy a proper CA signed certificate for a server that was only accessible internally, so I decided to get rid of the old certificate and make the host create a new, self-signed certificate.
To do this:
1. open mmc.exe (Microsoft Management Console)
I didn't see the need to buy a proper CA signed certificate for a server that was only accessible internally, so I decided to get rid of the old certificate and make the host create a new, self-signed certificate.
To do this:
1. open mmc.exe (Microsoft Management Console)
2. add the add-in - certificates (for the computer account) (and select local computer)
3. navigate to the remote desktop folder -> certificates
4. delete the certificate for the name of the server and close the mmc instance
5. Go to: administrative tools -> remote desktop services -> remote desktop session host configuration
4. delete the certificate for the name of the server and close the mmc instance
5. Go to: administrative tools -> remote desktop services -> remote desktop session host configuration
6. Select the instance in the main window - rdp -tcp -> right click and select properties
7. on the window that pops up, select default
7. on the window that pops up, select default
Please Donate To Bitcoin Address: [[address]]
Donation of [[value]] BTC Received. Thank You.
[[error]]
15 comments:
Thanks for posting this, I found it very helpful in fixing an identical issue today, nearly identical situation, while the MS forums/Technet provided useless answers.
Very good! RDP recovered according to this post. Thanks.
good god, this script had two errors in it! Here's the original webpage:
http://technet.microsoft.com/en-us/library/dd347649.aspx
And the original (correct) makecert -n "CN=PowerShell Local Certificate Root" -a sha1 `
-eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer `
-ss Root -sr localMachine
makecert -pe -n "CN=PowerShell User" -ss MY -a sha1 `
-eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer
How did you manipulate Google to get your page ranked ahead of the MS source page?
Script? What script?
Have you tried this on remote desktop services on 2008R2, or are you just assuming it's all the same. This is not talking about creating a cert for an IIS server... it's quite a bit more specific than that.
Sure, you can create a certificate with CLI tools (a la unix) but it's not even necessary in this instance.
There are no SEOs other than tags for each article. The article you posted to is just an article covering certificate creation on the CLI... plenty of articles covering that.
I know this post is fairly old but wanted to add something to it since I was looking at it just now with the same issue. The certifctae for RDS 2008 R2 is ALSO in under REMOTE DESKTOP SESSION HOST CONFIGURATION. Right-click on Connections (RDP-TCP) Properties.. GENERAL TAB.. Cetificate (located on the bottom of the page) click on select and actually select the public (purchased) cert otherwise when you launch the actual app for RDS from the web page it will still show the self-signed cet for it there even though the initial web page will show the verisign cert or whereever you bought it from.
- Glen R (Phoenix, AZ)
Great this worked for me after having RDP refusing connection for a while. THANK YOU.
Excellent post. I dealt with the "unsigned certificate" confirmations for months before I decided to actually look into the problem, and it was easy to fix following your instructions.
Thanks for the post
I created a self signed certificate and from remote desktop host configuration i added it to the RDP so that clients will have to be autheticated through ssl. after this, no more client can remote to the server (win 2008R2), what can i do next?
You'll likely want to revert back to negotiate instead of SSL (in remote desktop session host conifugration) - at least until you can fix the issue.
I suspect that your clients are rejecting the self signed server certificate, but I'd have to look at the installation to tell.
a couple of useful links:
http://technet.microsoft.com/en-us/library/cc770833.aspx
and a petro.co.il article which does a walk through of the necessary steps:
http://www.petri.co.il/securing_rdp_communications.htm
Thank you very much for this post!
I used this information for an SBS2008 server to change from a self-signed to a verified third-party certificate. While I had already installed the certificate - and found it was enabled for our OWA/exchange/etc... I was still receiving the old self-signed certificate even after installing the shiny-new-paid-for certificate on our server with my remote administration login.
Using your instructions - I *added* the third-party certificate under the remote desktop folder step of your instructions [deleting the self-signed in this case - although I'm not certain that was necessary].
Also - under the admin tools part of your instructions (was terminal services -> terminal services configuration for SBS2008) I clicked "select" instead of default to pick the "paid-for" certificate.
I just wanted to say thank you very much for your post - you have helped make the internet a better place [in my opinion] :)
Hi,
I was having the same issue. When I deleted the outdated certificate, connections work, but the user gets a warning about certificate errors.
This is when I found your post, but following the steps, didn't resolve the issue. No new cert is created so I still see the same error when RDPing to the server.
Any suggestions??
Thanks, Neil
That's very odd. After you deleted the old certificate - which certificate do users see? The same expired certificate?
If you are also annoyed form Computer Security Certificate Error and looking for solution then Click Here
Hi fellas,
Thank you so much for this wonderful article really!
If someone want to read more about that buy rdp I think this is the right place for you!
I upgraded to Linux and the problem went away.
Post a Comment