When using 2008R2 Remote Desktop Services you might run in the following situation:
When you first start an RDP session you get a warning:
The publisher of this remote connection cannot be identified. Do you want to connect anyway?
Here is how get rid of this warning by using self-signed certificates
When you first start an RDP session you get a warning:
The publisher of this remote connection cannot be identified. Do you want to connect anyway?
Here is how get rid of this warning by using self-signed certificates
- Use makecert to create a certificate
makecert -r -pe -n "CN=" -b 01/01/2000 -e 01/01/2099 -eku 1.3.6.1.5.5.7.3.3 -ss My - Open up the Certificates MMC
- Add>My User Account
- Expand Certicates > Current User > Personal > Certificates
- Right click the certificate and choose All Tasks > Export, and make sure you export the private key
- Enter a password and save the file to a location
Now you have a signed certificate, lets start using it:
- Import PFX into root CA
winhttpcertcfg.exe -g -i-c local_machine\root -a -p - Import PFX to personal
certutil -f -p-importpfx
Now lets sign the RDP file:
- Open the certificate details and look at the Thumbprint, copy this information to notepad and remove the spaces.
- Use the rdpsign command to sign your rdp file, where the hash is the thumbprint
rdpsign /sha1name-of-rdp-file.rdp - Open the Group Policy Editor
- Expand Local Computer Policy > Remote Settings > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client
- OPen the setting Specify SHA1 thumbprints of certificates presenting trusted .rdp publishers and select ebable
- Enter the thumbprint again and klik OK.
- Force the policy by usinggpupdate /force
5 comments:
This is clear and great post! Thanks!
Although your instructions do work. I have discovered that the true cause of this error is a windows update. I discovered this because the problem did not surface until after an update. If you remove this one update, you will be able to remove this warning message. The update in question is: KB2592687.
This update installs the RDP 8.0 Terminal Services Client which requires a secured connection. Previous clients did not. This is much simpler than the procedure outlined.
... and less secure
So you fixed it by removing a more secure update... Great admining.
Why would you want to uninstall the RDP 8.0 update, that's nonsense. If you really want to proceed to the less secure path of not creating a Certifate you would just have to disable the security confirmation on the RDP client.
Still it would be better to create the Certificate.
Post a Comment