Home > Computers > RDP Error Connecting to Server

RDP Error Connecting to Server

One of our Helpdesk personnel got the following error when making an RDP connection from Windows XP SP3 to a Windows Server 2008 R2 server, “Remote Desktop cannot connect to the remote computer because the authentication certificate received from the remote computer is expired or invalid. In some cases, this error might also be caused by a large time discrepency between the client and server computers.”

Since the error suggested it I checked the date, time, & time zone on both the server & client but they are all correct. I tried to RDP to the same server & was able to log in just fine, however I was using Windows 7.

On the server if I open the certificate store in an MMC & browse to the Remote Desktop\Certificates I see that there is a self-signed certificate that expired on 5/3/2011.

If I look at the same store in other 2008 R2 & 2008 SP2 servers they all have a self-signed certificate as well but the expiration dates have not yet passed. It appears as though this certificate should be renewing itself automatically every 6 months but for some reason on this one server it is not. While I could never find any documentation on the mechanics behind this certificate auto-renewing itself the fix is pretty simple. You just need to restart the Remote Desktop Configuration service. The expired certificate will then be renewed.

You will also see an Event ID 1056 in the System log that says, “A new self signed certificate to be used for Terminal Server authentication on SSL connections was generated. The name on this certificate is servername.domain.tld. The SHA1 hash of the certificate is in the event data.”

 

Update: I have also found this same issue on Windows Server 2008 RTM, SP1, and SP2. The same fix applies only the service to restart is Terminal Services Configuration.

Advertisements
  1. Joel
    February 27, 2012 at 12:37 pm

    Excelente.

  2. Sam
    May 8, 2012 at 4:51 am

    Thanks for this guide, really pulled me out of a hole.
    One thing to mention is that on top of restarting the Remote Desktop Configuration service you will most likely have to start some of its dependencies too, but they are listed and easy to find.
    Thanks, Most appreciated!

    • patrickhoban
      May 8, 2012 at 2:19 pm

      Glad it helped. I double checked & there are no other services that depend on the “Remote Desktop Configuration” service.

  3. June 11, 2012 at 6:12 am

    Awesome help!

    • June 11, 2012 at 6:14 am

      I noticed on my 2008 server that the Terminal server config was in manual mode (not automatic). Perhaps this is why it did not restart itself. I did reboot server twice, though.

      • patrickhoban
        June 11, 2012 at 10:52 am

        The “Terminal Services Configuration” service can be left as a startup type of Manual. Was the service not running?

  4. June 12, 2012 at 7:58 am

    Yes, running with Manual setting.
    Restarting the service fixed the cert date issue.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: