Remote Desktop expired certificate
I have a remote server that I can only access through RDP. It uses a proper SSL certificate from godaddy for RDP, not a self signed one. The server is 2008R2, and I believe is set to the default of requiring network level authentication. Unfortunately, I do not have any lights out management features or IPKVM on this server. Show Due to heartbleed, I revoked all my certificates and reissued them. Unfortunately, I clearly missed setting RDP up for this new certificate. Now I get "This certificate has been revoked and is not safe to use", and "You may not proceed due to the severity of the certificate errors". I know the certificate is revoked. That's why I'm trying to get in to fix it! But I can't replace the certificate until I can remote in. And I can't remote in until I replace the certificate. Is my only option to drive there and login from the console, or is there a way to temporarily ignore the certificate error?
We had a customer report an issue with a hosted server last night. They were trying to RDP in to a hosted Windows Server 2008 machine from Vista PC’s and we’re not able to. XP clients were fine. Here’s the error they got: “Remote Desktop cannot connect to the remote computer because the authentication certificate received from the remote computer is expired or invalid”. Windows is trying to make RDP secure, doing all sorts of mutual authentication things with x.509 certificates. The solutions I first saw were to renew a certificate from the PKI. Huh? This is a workgroup machine in an isolated/firewalled network. No go there sunshine! The solution was to fire up the Certificates snap-in in MMC on the server for the local computer, browse to Remote Desktop and delete the certificate. This was because the cert was expired. Alternatively you can change the security of RDP from “SSL (TLS 1.0)” or “Negotiate” to “RDP Security Layer” to instruct RDP to abandon the certificate. This is done in the properties of RDP in the Terminal Services Configuration MMC. If the cert wasn’t expire then you should check that the time was correct on both the client and the server.
Ask a question
Quick access
Search related threads
Archived Forums
Remote Desktop Services (Terminal Services)
Answers
All replies
|