none
Terminal Server Certificate issue

    Question

  • Not sure if this is the right forum:

    I have Windows 7 beta 1 installed on my Dell Latitude D630.   All is running very well.  However I have run into a snag.  When I attempt to connect to my Windows 2008 Terminal Server using RDP, I get a certificate error stating that the Certificate is not valid for this purpose. 

    Now, I have been running TS on windows 2008 for some time and my Vista and Windows XP users are not having an issue connecting.   How do I resolve this issue. 

    Note: the certificate is from an internal Cert server (windows 2003) and the root cert is installed on the windows 7 client.  The name of the cert is the same as the FQDN of the TS.  As I don't see this issue connecting via Vista or Windows XP, it must be a Windows 7 issue.  Perhaps Windows 7 is less forgiving of a Cert issue that I have had??

     

    I look forward to your assistance.


    Fred Zilz
    Thursday, January 29, 2009 7:13 PM

Answers

  • Looks like the issue is resolved.  I recieved a new intermidiate certificate (a non-SGC intermendiate cert).  After removing my other certs and adding this new one, all appears to be working correctly.
    Fred Zilz
    • Marked as answer by FredZilz Thursday, February 05, 2009 7:18 PM
    Thursday, February 05, 2009 7:18 PM

All replies

  • Looks like I have an existing issue with my TS Cert  (Globalsign certificate) that I need to work out.  Windows 7 just made the issue evident in that it does not allow me to just acknowledge and go on, as the users can with prior OS's.
    Fred Zilz
    Friday, January 30, 2009 1:10 AM
  • WHen you launch MSTSC click on options, then on the Advanced tab you have the Server Authentication section, Make sure the drop down box is set to Warn me, this should prompt you if there are any errors with the cert
    Friday, January 30, 2009 3:04 AM
  • Thank you for your assistance,

    Unfortunately, it is set to warn - I have also tried do not warn and connect, but it does not matter I get a warning box that is titled: "Your remote desktop connection failed because the remote computer cannot be authenticated"  "The remote computer could not be authenticated due to problems with its security certificate.  It may be unsafe to proceed."  Then below this: "Certificate name" and in a lightly outlined box "Name in the certificate from the remote computer:" followed by the FQDN of my TS server.  Then below that "Certificate errors" and in another lightly outlined box "The following errors were encountered while validating the remote computer's certificate: The certificate is not valid for this usage " warning.  The last line on the message is "You cannot proceed because authentication is required".  followed by 2 buttons "ok" and "View certificate".


    Fred Zilz
    Friday, January 30, 2009 4:33 PM
  • Looks like the issue is resolved.  I recieved a new intermidiate certificate (a non-SGC intermendiate cert).  After removing my other certs and adding this new one, all appears to be working correctly.
    Fred Zilz
    • Marked as answer by FredZilz Thursday, February 05, 2009 7:18 PM
    Thursday, February 05, 2009 7:18 PM
  • I'm having the same issue. Rather than use our internal CA (2003 CA Server) I'm trying to import a 3rd party wild card certificate. If I remove the internal one its automatically requested each time someone trys to connect. How did you determine if it was a non-SGC intermendiate cert
    Monday, February 01, 2010 11:13 PM
  • Interestingly, I am back to the same issue.  The issue was intermittent - which of course makes no sense - either the certificate is valid for the use or it isn't - never the less it would most often give me this message from internal win 7 clients, and rarely from external clients.   recently (no change in the Certificate or TS configuration - with the exception of regular MS updates) suddenly the issue was occurring most of the time.  My Certificate was getting close to time for renewal, so I renewed and installed.  No help, same issue.  I can access from win server 2003, vista, and xp with out issue.

    I am at a loss.  I hate recurring issues.
    Fred Zilz
    Friday, February 26, 2010 1:00 AM
  • It turns out that on some of my clients they had in their intermediate certificate store a different Globalsign intermediate valid certificate.  Once I deleted this from the store the clients picked up the correct intermediate certificate and the error stopped appearing.
    Fred Zilz
    Thursday, March 04, 2010 5:06 PM