RD Web Broker Cert Issue RRS feed

  • Question

  • I just recently renewed the wildcard certificate on all services and the IIS config for our RDWeb service in every single location.

    I can log into the RD Web gateway but when trying to launch via the HTML client I get the following error:

    'Your session ended because an unexpected service authentication certificate was received from the remote PC.' please see screenshot below.

    RDP, launching from the standard RdWeb Portal and Remote app etc all still work fine without issues. I only get the issue via the HTML5 client. It also worked fine till the cert refresh.

    Any ideas?

    Tuesday, November 12, 2019 12:30 AM

All replies

  • Hi,

    On the RDWeb server, did you update the HTML5 web client with the new cert using Import-RDWebClientBrokerCert <.cer file path> ?

    After updating the cert, on the client PC, please delete the browser cache before opening the HTML5 web client page.


    Tuesday, November 12, 2019 12:40 AM
  • Hi James,


    1.Please test with a new browser in case there was issue with current browser caching the old cert.

    2. Please go through the steps of Deploy a Windows Server 2019 RDS farm with HTML5 client below, especially the cert configuration and Html 5 client.


    Note: Since the websites are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information.


    Best Regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Tuesday, November 12, 2019 6:10 AM
  • I have done this and the certificate thumbprint matches, just it still produces this error.
    Tuesday, November 12, 2019 8:41 PM
  • I have done this and the certificate thumbprint matches, just it still produces this error.

    On the client PC, please download the certificate using URL similar to below and save the file to the desktop:

    Double-click on the brokercert.cer file on the desktop and verify that the thumbprint matches your new certificate.  If it does not match, please check the following file on your RDWeb server: 

    C:\Program Files\RemoteDesktopWeb\Internal\Config\brokercert.cer

    If it does not match your new certificate, rename it to .bak and copy in the new cert's .cer file and name it brokercert.cer

    After performing the above, please test again from a client PC, making sure to clear browser cache before the test.



    Tuesday, November 12, 2019 10:06 PM