With all the changes Microsoft made to their certification program & with me earning the MCITP: Enterprise Administrator on Windows Server 2008 I have also earned the MCSA: Windows Server 2008 certification.
With Windows Server 2012 & Windows 8 Microsoft stopped using the MCTS & MCITP titles & went back to using MCSA & MCSE. However, instead of those meaning Microsoft Certified Systems Administrator & Microsoft Certified Systems Engineer they are now Microsoft Certified Solutions Associate & Microsoft Certified Solutions Expert. Click here to get more information on the Microsoft Certification program.
See the link below for a good write up on all the name changes.
One of our Helpdesk personnel got the following error when making an RDP connection from Windows XP SP3 to a Windows Server 2008 R2 server, “Remote Desktop cannot connect to the remote computer because the authentication certificate received from the remote computer is expired or invalid. In some cases, this error might also be caused by a large time discrepency between the client and server computers.”
Since the error suggested it I checked the date, time, & time zone on both the server & client but they are all correct. I tried to RDP to the same server & was able to log in just fine, however I was using Windows 7.
On the server if I open the certificate store in an MMC & browse to the Remote Desktop\Certificates I see that there is a self-signed certificate that expired on 5/3/2011.
If I look at the same store in other 2008 R2 & 2008 SP2 servers they all have a self-signed certificate as well but the expiration dates have not yet passed. It appears as though this certificate should be renewing itself automatically every 6 months but for some reason on this one server it is not. While I could never find any documentation on the mechanics behind this certificate auto-renewing itself the fix is pretty simple. You just need to restart the Remote Desktop Configuration service. The expired certificate will then be renewed.
You will also see an Event ID 1056 in the System log that says, “A new self signed certificate to be used for Terminal Server authentication on SSL connections was generated. The name on this certificate is servername.domain.tld. The SHA1 hash of the certificate is in the event data.”
Update: I have also found this same issue on Windows Server 2008 RTM, SP1, and SP2. The same fix applies only the service to restart is Terminal Services Configuration.
Warning: This post deals with editing the registry. If you don’t know what that is stop right here & ask someone else to help you. Using the registry editor incorrectly can cause serious problems that may require you to reinstall Windows. Use the registry editor at your own risk.
Description – When a user with a roaming profile logs on to a Windows Server 2008 Terminal Server they receive an error that says, “Your user profile was not loaded correctly! You have been logged on with a temporary profile. Changes you make to this profile will be lost when you log off. Please see the event log for details or contact your administrator.”
Once the user logs in they are able to function somewhat normally. But if you look in C:\Users you see a folder called TEMP instead of one for their username. And of course like the error said, any changes will not be saved when they log off.
Cause – There are several reasons this can happen but it is most likely caused by a corrupt Profile.
Solution – With the user logged off verify that the TEMP folder in C:\Users is gone. Open the registry & browse to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. Look through each sub-key until you locate the key for the user in question (look at the ProfileImagePath value). Delete the key (it will start with S-1-5). Close Regedit. No reboot needed. Have the user log in & it should pull their roaming profile correctly.
After installing SP2 for Windows Server 2008 you may receive an eventID 7026 that says, “The following boot-start or system-start driver(s) failed to load: storflt”. If the server is not running Hyper-V then the service is not needed. The error can safely be ignored but if you want to supress the error do the following:
- Open Regedit.
- Browse to HKLM\System\CurrentControlSet\Services\storflt.
- Change the value of Start from 1 to 4.
- Restart the server & you will no longer get the error.