Wednesday, June 15, 2011

Replacing Self Signed Remote Desktop Services Certificate on Windows 2008R2

I recently had an issue where users were no longer able to connect to a remote desktop services host because the certificate had expired. The error was:


“Remote Desktop Disconnected: Remote Desktop cannot connect to the remote computer because the authentication certificate received from the remote computer is expired or invalid.  In some cases, this might also be caused by a large time discrepancy between the client and the server computers.”

I knew that the times were correct, and after looking at the certificate, I realized it had expired.

I didn't see the need to buy a proper CA signed certificate for a server that was only accessible internally, so I decided to get rid of the old certificate and make the host create a new, self-signed certificate.

To do this:

 1. open mmc.exe (Microsoft Management Console)
 2. add the add-in - certificates (for the computer account) (and select local computer)
 3. navigate to the remote desktop folder -> certificates
 4. delete the certificate for the name of the server and close the mmc instance
 5. Go to: administrative tools -> remote desktop services -> remote desktop session host configuration
 6. Select the instance in the main window - rdp -tcp -> right click and select properties
 7. on the window that pops up, select default

Please Donate To Bitcoin Address: [[address]]

Donation of [[value]] BTC Received. Thank You.
[[error]]