The connection has been terminated because an unexpected server authentication certificate was received from the remote computer


  • All of a sudden, my users are getting  “The connection has been terminated because an unexpected server authentication certificate was received from the remote computer”.  I looked at the server and nothing was changed.  I noticed that if I go into the general TAB of the Terminal Server Configuration, I set the certificate to “Auto Generate”, it works.  This solution is just a work around as I want to use a Certificate Authority Certificate “Godaddy” that I created for the server.  Choosing the “Auto Generate” means it’s using a self-signed certificate.  I’m noticing some threads are stating you have to insure the certificate is installed on the XP workstations.  This will not be feasible as I have 100 users using Terminal Server and most of them are not connected to our domain, so using GPO is not an option.  Is there something going on with Godaddy Certs or my server?

    Thursday, December 09, 2010 3:28 PM


All replies

  • According to your post, we can use the CryptoAPI called CAPICOM to add or remove certificates from stores. The CAPICOM properties and methods can be used in JScript or VBScript.


    CAPICOM Reference



    You will need to install and register capicom.dll on the computer before you can make use of it. The install package for CAPICOM can be found here:


    Platform SDK Redistributable: CAPICOM


    Installing CAPICOM is very simple. You can extract capicom.dll from the installation package, copy it into the %windir%\system32 folder on the computer, and then run the following command:


    regsvr32 /s capcom.dll


    There is also sample code in the install package that you can review. Of specific insterest to you will be CStore.vbs, located in the \CAPICOM\samples\vbs folder. The usage for this script is:


    Usage: CStore Command [Options] <[Store] | CertFile [Password]>




    View -- View certificate(s) of store or file"

    Import -- Import certificate(s) from file to store"

    Export -- Export certificate(s) from store to file"

    Delete -- Delete certificate(s) from store"

    Archive -- Archive certificate(s) in store"

    Activate -- Activate (de-archive) certificate(s) in store




    Wednesday, December 15, 2010 2:32 AM
  • This will not help me as my servers are 64bit
    Wednesday, December 15, 2010 1:06 PM
  • Hi,


    There is another tool called “certutil” to add a certificate to the store. You can refer to the following article to find all parameter in the certutil and how to use it.




    How to import third-party certification authority (CA) certificates into the Enterprise NTAuth store




    Friday, December 17, 2010 2:29 AM
  • Hi Alan, James,

    We had EXACTLY the same problem a couple of weeks ago, NOTHING had changed, yet we then started to receive the error.  We also had to switch to the auto-generate certificate model in order to get people working, which frankly makes us look like clowns without a proper certificate.

    I have a couple of specific questions relating to this exact item if I may.  Presumably something must have changed with the GoDaddy CA as far as Microsofts library of supported CA's are concerned?  Perhaps during a Windows Update?  If not what would have caused this system to simply stop recognising our GoDaddy certificates?

    Also from the solution it wasnt clear exactly what you wanted James to do, was this to somehow bulk install the certificate into the client PC's?  Because if that's the solution it wont work for us as we have absolutely no control over the client PC's connecting to our hosted environment over RDS beyond advising them to install the latest RDP client.

    Ultimately something has changed, a certificate that was working perfectly has now stopped, from what James has said it sounds likely this is to do with the GoDaddy CA, but what could have changed that would affect us in this way?

    Thanks for your efforts in advance.

    kind regards,


    Wednesday, December 29, 2010 4:36 PM
  • Ross, you are right on!!!!!!

    we too have no control with end users.  Yes, it has to do something with Godaddy.  I would love to speak with you more on this topic, let me know if you would like me to post my email and we contact each other.  This is good news.  with the brain power of 2, we can find a solution.


    Wednesday, December 29, 2010 4:41 PM
  • Hi just to open an old thread..


    What was the solution to this? we just began to have this problem 14day ago.

    When users try to start a RemoteApp - we have 15-20 machines of 200 doing this randomly, and always in the morning...

    We are also using af GoDaddy Cert.

    • Proposed as answer by Loin75 Friday, January 30, 2015 1:12 PM
    • Unproposed as answer by Loin75 Friday, January 30, 2015 1:12 PM
    Monday, December 19, 2011 12:11 PM
  • Not sure if this will help anyone with this problem...    We had a 2012 RDS setup working perfectly fine with our external CA, and then one day we started to get this same message for users connecting externally.

    The only change I had made that day was to remove an entry for one of my RDS servers from the "Terminal Services Licensing Server" group in AD.  The server in question did not have RD Licensing installed, so not sure why it was a member of that group in the first instance.  But as soon as I had done this, it all kicked off.   When I re-added the server back to that permission group, everything started working again.  

    Sounds completely coincidental and random, but thought I would share it..


    Friday, January 30, 2015 1:20 PM