locked
rdweb authentication error 0x607 RRS feed

  • Question

  • Hi,

    I deployed a RDS 2012r2 with a self-singed certificate and everything worked until I changed the certificate with a third party cert.
    I can still login using RDP from a client through RDS Gateway and broker .. is working, but when I try to log on through RDWeb I get the famous "authentication error 0x607" error.
    Setting/changing the collection security to low ... is not working for me.I can't imaging that recreating the collection is the only solution to this.

    Thank You,
    Best Regards,


    MrFormula

    Friday, October 2, 2015 6:25 PM

Answers

  • Hi,

    1. Please make sure all client devices have at least RDP 8.0 capable client software.  For PCs, this means clients should have mstsc.exe version 6.2.9200 or later, with 6.3.9600 (RDP 8.1) or later preferred.  For iOS, OSX, Android, Windows Mobile, this means using the latest version of the Remote Desktop app available from the respective app store.

    2. On your RD Session Host servers only (not your broker), please delete the following registry value:

    HKLM\ SYSTEM\ CurrentControlSet\ Control\ Terminal Server\ WinStations\ RDP-Tcp

    SSLCertificateSHA1Hash     REG_DWORD

    NOTE:  Again, do not delete the above value from your broker.  Only your RDSH servers.

    After making the above changes, please test to make sure the issue has been resolved.

    Thanks.

    -TP

    • Proposed as answer by Amy Wang_ Tuesday, October 13, 2015 6:25 AM
    • Marked as answer by Amy Wang_ Wednesday, October 21, 2015 3:10 PM
    Saturday, October 3, 2015 12:51 AM
  • Hi,

    This registry value tells the server the thumbprint of the certificate that it should use for the RDP-Tcp listener.  If it is not present, the listener will use the automatically-managed self-signed certificate.  No restart needed.

    -TP

    • Proposed as answer by Amy Wang_ Tuesday, October 20, 2015 2:33 AM
    • Marked as answer by Amy Wang_ Wednesday, October 21, 2015 3:10 PM
    Friday, October 16, 2015 5:26 AM

All replies

  • Hi,

    1. Please make sure all client devices have at least RDP 8.0 capable client software.  For PCs, this means clients should have mstsc.exe version 6.2.9200 or later, with 6.3.9600 (RDP 8.1) or later preferred.  For iOS, OSX, Android, Windows Mobile, this means using the latest version of the Remote Desktop app available from the respective app store.

    2. On your RD Session Host servers only (not your broker), please delete the following registry value:

    HKLM\ SYSTEM\ CurrentControlSet\ Control\ Terminal Server\ WinStations\ RDP-Tcp

    SSLCertificateSHA1Hash     REG_DWORD

    NOTE:  Again, do not delete the above value from your broker.  Only your RDSH servers.

    After making the above changes, please test to make sure the issue has been resolved.

    Thanks.

    -TP

    • Proposed as answer by Amy Wang_ Tuesday, October 13, 2015 6:25 AM
    • Marked as answer by Amy Wang_ Wednesday, October 21, 2015 3:10 PM
    Saturday, October 3, 2015 12:51 AM
  • Thank You,

    What is this registry key exactly for ? So I remove this key (i'll make a registry backup) from the RD Session Host servers. Will this require a reboot ?
    I will give this a try and let you know if the problem is solved.

    Best regards,


    MrFormula



    • Edited by MrFormula Friday, October 16, 2015 5:10 AM
    Friday, October 16, 2015 5:08 AM
  • Hi,

    This registry value tells the server the thumbprint of the certificate that it should use for the RDP-Tcp listener.  If it is not present, the listener will use the automatically-managed self-signed certificate.  No restart needed.

    -TP

    • Proposed as answer by Amy Wang_ Tuesday, October 20, 2015 2:33 AM
    • Marked as answer by Amy Wang_ Wednesday, October 21, 2015 3:10 PM
    Friday, October 16, 2015 5:26 AM
  • I just wanted to let you know that this works !

    Thank You,
    Best regards,


    MrFormula

    Friday, November 13, 2015 5:47 AM
  • oh come on...i searched for this solution since 2 months. This is the solution for the 0x607 Problem through TMG and WAP (errorcode 0x80072efe)

    Thanks for sharing, many thanks

    Why is there no Microsoft article about it?


    • Edited by 0711 Wednesday, March 30, 2016 2:53 PM
    Wednesday, March 30, 2016 2:51 PM
  • Almost 3 years later on a Windows 2012R2 RDS server and this is still the answer.

    thank you.

    Tuesday, May 22, 2018 3:00 AM
  • Nearly 4 years later on WS2019 RDS and this is still the answer! 
    Saturday, March 2, 2019 7:54 AM
  • This is a stupid answer to the error. We are NOT using self signed certificates, period. The solution worked fine until this weekend. What is the real cause for this?
    Monday, March 11, 2019 8:32 AM
  • Just wanted to post that this was the solution for our problem with "authentication error 0x607" error and also Certificate name mismatch.

    Thank You,
    Best regards,

    Wednesday, April 3, 2019 6:33 AM
  • I do not have the registry key on my windows 2016 RDS servers at 

    HKLM\ SYSTEM\ CurrentControlSet\ Control\ Terminal Server\ WinStations\ RDP-Tcp

    SSLCertificateSHA1Hash     REG_DWORD

    But get the rdweb authentication error ox607

    Wednesday, November 13, 2019 3:02 PM
  • Why removal of the assigned certificate makes it actually work via RDS Farm?

    If connected directly to such host, one will of course always get the certificate mismatch error (which is correct, as it uses self-signed not trusted cert!)


    • Edited by scerazy Thursday, March 12, 2020 6:37 PM
    Thursday, March 12, 2020 6:36 PM