none
The connection has been terminated because an unexpected server authentication certificate was received from the remote computer

    Question

  • All of a sudden, my users are getting  “The connection has been terminated because an unexpected server authentication certificate was received from the remote computer”.  I looked at the server and nothing was changed.  I noticed that if I go into the general TAB of the Terminal Server Configuration, I set the certificate to “Auto Generate”, it works.  This solution is just a work around as I want to use a Certificate Authority Certificate “Godaddy” that I created for the server.  Choosing the “Auto Generate” means it’s using a self-signed certificate.  I’m noticing some threads are stating you have to insure the certificate is installed on the XP workstations.  This will not be feasible as I have 100 users using Terminal Server and most of them are not connected to our domain, so using GPO is not an option.  Is there something going on with Godaddy Certs or my server?

    Thursday, December 09, 2010 3:28 PM

Answers

All replies

  • According to your post, we can use the CryptoAPI called CAPICOM to add or remove certificates from stores. The CAPICOM properties and methods can be used in JScript or VBScript.

     

    CAPICOM Reference

    http://msdn.microsoft.com/en-us/library/Aa375732

     

     

    You will need to install and register capicom.dll on the computer before you can make use of it. The install package for CAPICOM can be found here:

     

    Platform SDK Redistributable: CAPICOM

    http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=860EE43A-A843-462F-ABB5-FF88EA5896F6

     

    Installing CAPICOM is very simple. You can extract capicom.dll from the installation package, copy it into the %windir%\system32 folder on the computer, and then run the following command:

     

    regsvr32 /s capcom.dll

     

    There is also sample code in the install package that you can review. Of specific insterest to you will be CStore.vbs, located in the \CAPICOM 2.1.0.1\samples\vbs folder. The usage for this script is:

     

    Usage: CStore Command [Options] <[Store] | CertFile [Password]>

     

    Command:

     

    View -- View certificate(s) of store or file"

    Import -- Import certificate(s) from file to store"

    Export -- Export certificate(s) from store to file"

    Delete -- Delete certificate(s) from store"

    Archive -- Archive certificate(s) in store"

    Activate -- Activate (de-archive) certificate(s) in store

     

     

    Thanks.

    Wednesday, December 15, 2010 2:32 AM
    Moderator
  • This will not help me as my servers are 64bit
    Wednesday, December 15, 2010 1:06 PM
  • Hi,

     

    There is another tool called “certutil” to add a certificate to the store. You can refer to the following article to find all parameter in the certutil and how to use it.

     

    Certutil

    http://technet.microsoft.com/en-us/library/cc732443(WS.10).aspx

     

    How to import third-party certification authority (CA) certificates into the Enterprise NTAuth store

    http://support.microsoft.com/kb/295663

     

     

    Thanks.

    Friday, December 17, 2010 2:29 AM
    Moderator
  • Hi Alan, James,

    We had EXACTLY the same problem a couple of weeks ago, NOTHING had changed, yet we then started to receive the error.  We also had to switch to the auto-generate certificate model in order to get people working, which frankly makes us look like clowns without a proper certificate.

    I have a couple of specific questions relating to this exact item if I may.  Presumably something must have changed with the GoDaddy CA as far as Microsofts library of supported CA's are concerned?  Perhaps during a Windows Update?  If not what would have caused this system to simply stop recognising our GoDaddy certificates?

    Also from the solution it wasnt clear exactly what you wanted James to do, was this to somehow bulk install the certificate into the client PC's?  Because if that's the solution it wont work for us as we have absolutely no control over the client PC's connecting to our hosted environment over RDS beyond advising them to install the latest RDP client.

    Ultimately something has changed, a certificate that was working perfectly has now stopped, from what James has said it sounds likely this is to do with the GoDaddy CA, but what could have changed that would affect us in this way?

    Thanks for your efforts in advance.

    kind regards,

    Ross

    Wednesday, December 29, 2010 4:36 PM
  • Ross, you are right on!!!!!!

    we too have no control with end users.  Yes, it has to do something with Godaddy.  I would love to speak with you more on this topic, let me know if you would like me to post my email and we contact each other.  This is good news.  with the brain power of 2, we can find a solution.

    thanx!

    Wednesday, December 29, 2010 4:41 PM
  • Hi just to open an old thread..

     

    What was the solution to this? we just began to have this problem 14day ago.

    When users try to start a RemoteApp - we have 15-20 machines of 200 doing this randomly, and always in the morning...

    We are also using af GoDaddy Cert.

    Monday, December 19, 2011 12:11 PM