We had a customer report an issue with a hosted server last night. They were trying to RDP in to a hosted Windows Server 2008 machine from Vista PC’s and we’re not able to. XP clients were fine. Here’s the error they got:
“Remote Desktop cannot connect to the remote computer because the authentication certificate received from the remote computer is expired or invalid”.
Windows is trying to make RDP secure, doing all sorts of mutual authentication things with x.509 certificates. The solutions I first saw were to renew a certificate from the PKI. Huh? This is a workgroup machine in an isolated/firewalled network. No go there sunshine!
The solution was to fire up the Certificates snap-in in MMC on the server for the local computer, browse to Remote Desktop and delete the certificate. This was because the cert was expired.
Alternatively you can change the security of RDP from “SSL (TLS 1.0)” or “Negotiate” to “RDP Security Layer” to instruct RDP to abandon the certificate. This is done in the properties of RDP in the Terminal Services Configuration MMC.
If the cert wasn’t expire then you should check that the time was correct on both the client and the server.
Remote Desktop Disconnected: The authentication certificate received from the remote computer is expired or invalid.
5 Replies
Upon connect to a remote machine I can across the following error. Since deploying Server 2008 I have seen this issue a few times so I thought I would blog it.
When connecting to a remote machine some clients (usually clients with a new version of the Remote Desktop client on their machine) the following error is received:
Remote Desktop cannot connect to the remote computer because the authentication certificate from the remote computer is expired or invalid. In some cases, this error might also be caused by a large time discrepancy between the client and server computers.
The first thing to check is the remote machines certificate. So from a client that can connect or directly on the console do the following:
Start > Run > mmc.exe
File > Add/Remove Snap-in…
Certificates > Add > Computer Account > Local Computer > Finish
Remote Desktop > Certificates rdpcert.png
Check the certificate expiration date. If the date has past or the certificate is invalid simple right click and delete the certificate
From a client that was failing to connect try and connect again. Upon the reconnection attempt the remote machine with auto generate a new certificate
Should you still have problems ensure the client settings for remote desktop connection are set to “Warn Me” or “Connect and don’t warn me” under Advanced and Server Authentication. Also check for clock drift (both time and date) between the client and remote computer, anything more than a few minutes can cause problems.
Happy troubleshooting! 🙂
thanks
i was have the same issue ,it work now
Thanks a lot.. I was faced the same issue. Now Its working..
Work great, do the job when needed!!