Unable to remote desktop to windows server 2012 due to failed to create self signed certificate

All replies

• 

  

  2

  Sign in to vote

  Hi Richard,
  
  The error which you are facing might cause due to not having enough available memory. To resolve you can try to increase the available memory. You can check the below article for more information on Event ID 1057.
  
  Event ID 1057 — Terminal Services Authentication and Encryption (As there is no official document for server 2012, you can take for your reference.)
  http://technet.microsoft.com/en-us/library/cc775192(v=ws.10).aspx
  
  In addition, you can try the following method. 
  
  Check the MachineKeys directory.
  C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\XXX
  Copy the keys to a different directory by taking a backup and go into the file system and also delete the files in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\.
  
  After deletion log off and log in to see how it works.
  
  Refer below threads for additional details.
  1.  How can I reissue the Remote Desktop self-signed certificate for a standard Windows 7 client machine?
  2.  Remote Desktop management not working
  
  Hope it helps!
  Thanks.
  
  

  • Edited by Dharmesh SMicrosoft employee Thursday, December 19, 2013 9:16 AM
  • Marked as answer by Dharmesh SMicrosoft employee Monday, December 30, 2013 1:28 AM

  Thursday, December 19, 2013 9:14 AM
• 

  

  0

  Sign in to vote

  Hi Richard,
  
  How is everything going? Could you please tell us the present situation? If you need any further assistance, please let us know.
  
  Thanks.

  Sunday, December 22, 2013 5:02 AM
• 

  

  0

  Sign in to vote

  Finding this blog in my research, I made a directory and moved all keys to it from the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys directory. After rebooting the server, I was successfully able to RDP to my Windows Server 2012 R2 machine. This server hosts MS System Center Configuration Manager and WSUS. However, I have also tested this with a Windows Server 2012 R2 File Server and it worked flawlessly...thank you Richard.

  ---

  Rick Ankrom

  Friday, August 29, 2014 6:31 PM
• 

  

  0

  Sign in to vote

  This worked for me to resolve the same issue! 

  Thank you very much!

  Thursday, May 7, 2015 3:59 PM
• 

  

  0

  Sign in to vote

  Same problem encountered with my 2012 R2 Lync Edge server.

  Followed this fix and it work like a charm.

  All I did was rename the folder and restart the "Remote Desktop Configuration" service and the new cert was generated.

  Thanks very much.

  Jason.

  Monday, October 31, 2016 2:27 PM
• 

  

  0

  Sign in to vote

  Caution/Warning:

  "also delete the files in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\."

  Do not do this, it will cause whatever applications to stop working.

  Once you give the "System account the correct permissions", it will replace/regenerate the key as needed.

  Also, this is also incorrect:

  "After deletion log off and log in to see how it works."

  It's a machine level key, thus you need to reboot.

  Thx.

  ---

  Yong Rhee [MSFT]

  Thursday, March 2, 2017 1:14 AM
• 

  

  0

  Sign in to vote

  I'm experiencing same issues and have removed the files in the MachineKeys folder to another folder, restarted the desktopservices services only to continue to receive the following error when trying to RDP to my windows 2012 r2 server:

  

  • Proposed as answer by nerd01 Friday, March 31, 2017 7:20 PM
  • Unproposed as answer by nerd01 Friday, March 31, 2017 7:20 PM

  Saturday, March 4, 2017 2:17 PM
• 

  

  5

  Sign in to vote

  I also had this issue and was unable to Remote into my server.

  The issue is that one of the machine keys had invalid permissions on it which was preventing RDP from renewing or creating a new RDP cert.
  
  This solution does not require rebooting and only deletes the key that RDP uses. To resolve this I did the following...
  
  Step 1. Remove the expired RDP cert
  Open Certificates (Local Computer)
  Expand Remote Desktop --> Certificates
  Delete the expired certificate
  If there is no cert listed, that is fine.
  

  Step 2. Fix the owner on the corrupt file.
  Browse to C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
  Locate the file starting with f686aace
  Right click and select properties --> Security --> Advanced
  Change the owner to "Administrators"  or "SYSTEM"
  Click OK
  Backup the file (optional)
  Delete the file starting with f686aace
  
  Step 3: Fix the permissions on the MachineKeys folder
  In my case someone added "NETWORKSERVICE"
  Browse to C:\ProgramData\Microsoft\Crypto\RSA
  Right click and select properties --> Security --> Advanced
  Make sure only "Everyone" and "Administrators" are listed and remove everything else
     NOTE, DO NOT REPLACE ALL CHILD PERMISSION ENTRIES!
  Click OK
  
  
  
  Step 4: Restart the RDP services
  Open services
  Restart "Remote Desktop Service"
    Select yes to restart "Remote Desktop Services UserMode Port Redirector"
  This should automatically create a new RDP cert
  I also restarted "Remote Desktop Configuration", but I am not sure if that is necessary.
  
  At this point you should be able to log in using RD.
  
  Good luck!
  

  
  

  • Edited by nerd01 Friday, March 31, 2017 7:51 PM Fix spelling
  • Proposed as answer by Eponymous1 Saturday, May 19, 2018 1:39 PM

  Friday, March 31, 2017 7:49 PM
• 

  

  1

  Sign in to vote

  I solved this by adding the SYSTEM account with Full permissions to the folder C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys and then restarting the Remote Desktop Configuration service. I then noticed one of the Machinekeys got a last modification equal to the time of the service restart.

  After that RDP worked again.

  • Proposed as answer by Eponymous1 Saturday, May 19, 2018 1:39 PM

  Wednesday, July 5, 2017 7:22 AM
• 

  

  0

  Sign in to vote

  I'm going to chime in first to say thank you and secondly to acknowledge that your post as well as that of nerd01 solved this issue for me. Moreover, I am writing in the hope that the search engines will find this as a solution to both the "An internal error has occurred" problem with RDP as well as various Windows Store problems and the particularly vexing "INET_E_RESOURCE_NOT_FOUND" problem with Microsoft Edge.  I had tried just about everything for the latter problem and when I applied the RDP fix, Windows Store and Edge began to behave again.  During an update, it seems that Windows can lose some of these important permissions and I am very glad to know this information now.

  Saturday, May 19, 2018 1:44 PM
• 

  

  0

  Sign in to vote

  That's the trick that did it for me.

  Saturday, September 8, 2018 12:45 PM
• 

  

  0

  Sign in to vote

  Its worked...

  thank you so much..

  Saturday, November 30, 2019 9:20 AM
• 

  

  0

  Sign in to vote

  Thanks Michel. This solution work for me!

  Wednesday, July 15, 2020 6:14 AM