Show
The server certificate on my RD Gateway has been updated. The expired one was left on the server. ASG 2017 still sees the old cert and not the new one. I constantly get "Your computer can't connect to the remote computer because the remote Desktop Gateway servers' certificate has expired or has been revoked. Contact your network administrator for assistance." I am not an admin of the RD server and can't remove the older cert. I can not contact the administrator. I can log in directly to the RD server though ASG without any issue or warning about the server certificate. How do I get ASG 2017 to recognize the newer certificates?
There is no setting to ignore any certs - you need to follow the instructions - so remove invalid cert from the server!
Regards/Gruss
(20-10-2021, 08:44 AM)DevOma Wrote: There is no setting to ignore any certs - you need to follow the instructions - so remove invalid cert from the server!Again: I am not the admin nor can I contact the admin to have the cert removed! Is there no other alternative? Purge some cache or force ASG to reevaluate certs, capability of choosing between cert?
Also again: There is no Setting! As we use the mstsc ActiveX we can‘t witch in your RD Gateway Server
Regards/Gruss
(20-10-2021, 08:13 PM)DevOma Wrote: Also again: There is no Setting! As we use the mstsc ActiveX we can‘t witch in your RD Gateway ServerOK! Tanks! Many of you were seen a certificate error message when try connecting a remote computer using RDP services. If you see why you got the certificate error? It’s due to an invalid certificate. The certificate could be invalid for two reasons. Either the RDP certificate has expired on the remote computer, or the certificate is not trusted. If the certificate on the remote computer has expired, then you have no choice rather renewing the certificate. But, if your certificate is valid and not trusted, renewal doesn’t help in fixing this RDP certificate error. You should add the certificates of root and intermediate Certificate Authorities to trusted stores on the remote computer. Let’s see how to rectify and fix the RDP certificate error with a detailed procedure to renew the RDP certificate on the remote computer if you have an expired certificate on the computer. You will see a certificate error warning because the certificate on the remote computer becomes invalid. There are two primary reasons to see the error. Let’s explain the two reasons and solutions to fix the RDP certificate error. Each certificate has a validity period and is issued with an issue and expiry date. The certificate will be considered invalid when it has crossed its expiry date. You may face connection issues if you have encountered the expired certificate problem as the expired certificate will fail to authenticate. You can fix this issue only by renewing the RDP certificate on the remote computer. Let’s see a detailed step-by-step procedure to renew the RDP certificate on the remote computer in a later section in this post. The certificate is considered invalid even if the Certificate Authority of the certificate is not trusted. Anyway’s it’s not mandatory to fix this RDP certificate error to connect the remote computer. You can ignore this if you are not worried about the secured connection. But, it’s not recommended to ignore it, especially when you are working for a business. Because if you ignore it, you are prone to cyberattacks. This issue can be fixed by importing the certificates of root and intermediate Certificate Authorities into the root and intermediate trusted stores on the remote computer. Please visit “How to Download and Import Trusted Root CA Certificates from Internal Certificate Authority Server?” to see how to import the certificates of root and intermediate/subordinate Certificates Authorities. How To Rectify The Problem Behind The RDP Certificate Error?All right, now you know the cause of the RDP certificate error. The next thing is how you can identify the actual cause to fix the RDP certificate error. Well, it’s easy. You just have to verify certain things on the RDP certificate of the remote computer to figure out the actual cause of the error message. Click on the ‘view certificate’ button on the certificate error warning window to view the certificate. Or you can view the certificate in the personal store of the computer by login into it.  #1. How To Check The Certificate Is Valid?All PKI certificates will have some information, including issuer name, issued, and expiry dates. You can see the expiry date to check the certificate has expired. #2. How To Verify The Certificate Is Not Trusted?You can verify the certificate authority of the certificate is trusted in multiple ways.
How To Renew The RDP Certificate On Windows Servers?In this section we are going to cover how to renew the RDP Certificate on any Windows server. We have divided this section into four major subsections which would gives you a better understanding of complete certificate renewal process.
Time needed: 10 minutes. How to renew the RDP Certificate on Windows servers?
#1. Create A CSR:Certificate Signing Request is the first step to get a new certificate. Please login to the remote server and follow the steps to create a CSR on the remote server. Submit the CSR generated to the internal CA and download the certificate from the CA portal after issued. Refer the article “How to request a certificate from Windows ADCS?” to submit the CSR and download the certificate from the internal CA portal. #3. Import The Certificate:After you download the certificate, you should import the certificate to the personal store. You can see how to import the certificate here. #4. Bind The RDP Certificate To The RDP Services:Importing the certificate is not enough to make it work. You should bind the new certificate to the RDP services. Use this command to bind the certificate: wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash=”” Examples: wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash=”7fe74076c8a1f8e5b99fc049540977243751bf51″ The bind process will get completed with the message “update successful”. This is how you should renew the RDP Certificate on the remote server. Thanks for reading the post. Please share this with people who are struggling to fix the RDP certificate error. |
