none
Problems with RDP/RDC from Mac OSX to Windows Server 2008 on External IP

    Question

  • We have a customer that is using Mac and Microsoft's RDC for Mac to their servers.

    They've just upgraded from Windows Server 2003 to 2008 and can't connect through RDP to their TS server on external IP.
    Their servers is not in any domain and it work for them to connect to another Windows Server 2008 that is located in their office when they use internal IP.

    The problem is that when using RDC to the external IP they get bellow:

    "Remote Desktop cannot verify the identity of the computer you want to connect to. This problem can occur if:

    1. The remote computer is running a version of Windows that is earlier than Windows Vista.
    2. The remote computer is configured to support only the RDP security layer.

    Contact your network administrator or the owner of the remote computer for assistance."

    From here they can choose "Connect" as they did on the Server 2003 but now they get: "Remote Desktop Connection cannot verify the identity of the computer that you want to connect to.Try reconnecting to the Windows-based computer, or contact our administrator." and is only able to choose "Ok".

    I've changed the settings on the "configuration for host server for remote desktop sessions" under General from "RDP-Security Layer" to "Negotiate" and in this case I get a logon windows where i type in all my information click logon. Here I get another error message which says something like: (We get it in Swedish). "Connection to the windows-based computer broke since there was a problem associated with the licensificationprotocol... Try to connect again" Where I can choose "Cansel" or "reconect" but it just keeps poping up if i chose reconnect.

    I've tried all settings in the TS server and there is not much to change on the RDP client. We have installed the server certificate on the Mac client but it didn't help.
    We've also tried with CoRD and it works fine as RDP from a normal Windows based computer.

    The only solution I've found on google is to use CoRD instead but we got problems with that connection since it keep crasching on our computer.

    In my eyes the problem is on the security requirements that the RDC for Mac needs but I can't find any inforamtion on MS sites about it.

    Greatfull for all tips and trix!

    Friday, August 03, 2012 12:41 PM

Answers

All replies

  • Hi,

    In RD Licensing Manager, what licensing mode you have set? If it is per device, please try to change the licensing mode from per device to per user to see if this help. Please check the server event viewer, to see if there any errors or warnings relate to licensing. In addition, please try to install version 2.1.1 of the Mac RD Client.

    Microsoft Remote Desktop Connection Client for Mac 2.1.1

    http://www.microsoft.com/en-us/download/details.aspx?id=18140

    Best Regards,

    Aiden


    Aiden Cao

    TechNet Community Support

    Monday, August 06, 2012 7:44 AM
    Moderator
  • It is set to per user.

    We have checked all logs in the event viewer but it doesn't record any messages at all that can be related to this. In fact there is no signs on a try for connection.

    We have also tried with 2.1.1 and get the same problems.

    Thanks for your reply


    Mikael K Person

    Monday, August 06, 2012 8:12 AM
  • Unfortunately I have the same issue.

    I can connect to the 2008 R2 Server via RDC on Win7 from a Virtual Machine on my Mac, but when I attempt to connect via Remote Desktop Connection for Mac 2.1.1 I receive the error:

    "Remote Desktop Connection cannot verify the identity of the computer to which you want to connect.

    Try reconnecting to the Windows-based computer, or contact your administrator."

    Thank you,

    Dan

    Tuesday, August 07, 2012 6:25 PM
  • Hi, 

    Could you please have a test with following workarounds:

    http://shebangme.blogspot.com/2010/05/remote-desktop-connection-cannot-verify.html -- And here: http://jens.raaby.co.uk/journal/2011/01/microsoft-remote-desktop-on-mac-os-x/#comment-329

    Thanks.

    Kevin Ni



    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, August 10, 2012 3:29 AM
  • Here's what I did to make the connection using RDC 2.1.1

    1. Make sure that Remote Desktop Connection is not running

    2. Delete all files in /user/{username}/Documents/RDC Connections

    3. Open 'Remote Desktop Connection'

    4. at the 'Computer' field put <servername>:3389 or <ip address>:3389 then hit Connect.

    Friday, August 10, 2012 4:17 PM
  • Hi Kevin,

    Thank you very much for the suggestions.  Unfortunately clearing the domain field and deleting the config files did not work for me.

    I was able to connect to Win Server 2003, but cannot connect to the new sever.  I am still able to connect via Remote Desktop on Win7 VM from the same Mac via Parallels.

    Just to verify, I am using RDC 2.1.1 on OS 10.8.

    Thank you,

    Dan

    Friday, August 10, 2012 8:26 PM
  • Thanks for the suggestion Hans!  Unfortunately still no luck for me.  I tried it in combination with Kevin's suggestions as well.
    Friday, August 10, 2012 8:27 PM
  • Last suggestion as I am also using RDC 2.1.1 on OS 10.8.

    At your Windows 2008 R2, can you set the RDP settings to less secure so that it will accept any versions of RDC.

    ** System Properties > Remote > Allow connections from computers running any version of Remote Desktop (less secure)

    Saturday, August 11, 2012 1:00 AM
  • Also have tried all suggestions and none of them seems to work.

    Mikael K Person

    Monday, August 13, 2012 6:01 AM
  • I've seen the same with one of our clients. We also tried to uninstall Office 2011 on the Mac and reinstall RDP 2.1.1; but still no joy.
    Tried to remove the RDP-role and add it again; no result.

    The client is able to connect to other servers, running either RDP-Security Layer or SSL/TLS encryption.

    As far as I can see there are no eventlog entries on the RDP server either.

    Wednesday, August 15, 2012 8:10 AM
  • Could you please capture a screenshot for the error message? Thanks. 

    Kevin Ni


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Wednesday, August 15, 2012 9:32 AM
  • Here's a screenshot of the error:

    As you can see, you're not able to continue away from the error

    Wednesday, August 15, 2012 10:20 AM
  • Hi Peter,

    It seemed that OS10.8 doesn't support RDP. For more information, please refer to following link:

    Windows and Mac OS version compatibility

    http://mac2.microsoft.com/help/office/14/en-us/rdc/item/53c85d88-67e2-4ee3-8667-f9490bc9a257

    Thanks for your time.

    Best regards,

    Kevin Ni


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    • Proposed as answer by prun01 Thursday, September 06, 2012 7:57 PM
    • Unproposed as answer by prun01 Thursday, September 06, 2012 7:57 PM
    Tuesday, August 21, 2012 2:20 AM
  • We have the same problem with RDC 2.1.1 / Any OS 10.x / Windows Server 2008.

    It seems that the problem is with RDC, so we are using CoRD 0.5.7 and it is working nicely, downloadable at http://cord.sourceforge.net/

    I hope MS releases a new version with this bug fixed.

    • Proposed as answer by prun01 Thursday, September 06, 2012 8:03 PM
    Thursday, September 06, 2012 8:02 PM
  • Same for us. Doesn't matter which OSx or version of RDC we are using. We had some problems with the last version of CoRD but the latest one is working so we are using it for now.

    Mikael K Person

    Friday, September 07, 2012 6:05 AM
  • I'm having the same issue and narrowed down the possible cause.  I posted this in a different forum "Microsoft Answers".

    I have a data server with administrative remote desktop on, and a Hyper-V RD/VPN server.  Both servers are identical in 2008 R2 SP1 version with the latest patches & updates as of 9-16-12.  The data server with administrative remote desktop works with 2.1.1 RDC Mac Client, the remote desktop/vpn server does not work with the mac RDC client.  So it has to do with the Remote Desktop Session Server running Microsoft RDP 7.1.  These are identical operating system versions and latest updates, just setup with different roles.

    In a different location, I have a 2008 R2 (without SP1) RD/VPN server running RDP 6.1 (7.0), it works fine with the RDC 2.1.1 mac client, this server has not been updated with the latest patches and updates.

    My only guess is, it has to do with something in RemoteFX since this is the major new feature with RDP 7.1.  I would like this to be resolved soon as possible since I have several OSX notebooks that VPN/RD into the server outside the office, as of now they are unable to connect using the Microsoft Remote Desktop client and temporary using CoRD as a band-aid.

    I have disabled RemoteFX on the RD/VPN server, and the RDC Mac client still does not connect. I doubt RemoteFX is the cause.

    It would be excellent if I can downgrade RDP 7.1 into 7.0, is there a way to downgrade so I can move on from this headache?.

    Add on: I also have a different 2008 R2 SP1 server I installed in June, this setup is a replica of the server installed this week.  This server is running RDP 7.1 and has the same issue with the Mac client not logging on.


    Wednesday, September 19, 2012 7:26 AM
  • I've got the same issues as the OP.

    Also having to use Cord as a workaround.

    -Paul

    • Proposed as answer by Grant.dryden Wednesday, October 17, 2012 4:17 PM
    • Unproposed as answer by Grant.dryden Wednesday, October 17, 2012 4:17 PM
    Monday, October 01, 2012 2:59 PM
  • Try the new Mac RDP Client Version 2.1.2

    https://dl.dropbox.com/u/18309066/rdc_2.1.2_120917_release_enu_ship_clean_standard_retail_redlab_120917-apex-build-XS26-.dmg

    from this thread: RDC for MAC cannot connect to TS server....

    Steve

    Wednesday, October 17, 2012 4:23 PM
  • From my understanding the problem arises if your RDS server used the entire 90days of the trial license. The mac RDP client does not recognize the full license, I think this was confirmed in the below link.

    I have tried it on 5 RDS server to date and works every time. I have quoted from this thread from about half way down.


    "NOTE: Perform the following procedure on each of the terminal servers.

      • Make sure that the terminal server registry has been successfully backed up.
      • Start Registry Editor.
      • Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM
      • On the Registry menu, click Export Registry File.
      • Type exported- Certificate in the File name box, and then click Save.

        NOTE: If you have to restore this registry subkey in the future, double-click the Exported-parameters.reg file that you saved in this step.
      • Right-click each of the following values, click Delete, and then click Yes to confirm the deletion:

        Certificate
        X509 Certificate
        X509 Certificate ID
        X509 Certificate2
      • Quit Registry Editor, and then restart the server.
      • Reactivate the Terminal Services Licensing server by using the Telephone connection method in the Licensing Wizard."

    I did'nt reactivate my licensing server over the phone, i just re-activated it online and all was fine.


    Wednesday, October 17, 2012 4:26 PM
  • Grant, although that fix seems to work for a lot of people, it is a lot of unnecessary work that is solved with the new release of the RDP client I posted above. 

    Steve

    Wednesday, October 17, 2012 4:30 PM
  • This was the solution for us. Thanks alot!

    Mikael K Person

    Thursday, October 18, 2012 6:59 AM
  • I've just tried your solutions and it worked great for me ! You've just save my day ;-)

    Thank you very much !

    Simon

    • Proposed as answer by Simon-75 Friday, November 02, 2012 3:25 PM
    • Unproposed as answer by Simon-75 Friday, November 02, 2012 3:25 PM
    Friday, November 02, 2012 3:25 PM
  • Thanks Steve, this seemed to fix my problem by using this newer client version.  However, I am able to see my desktop programs on the server but unable to see  the toolbar. Anyway, at least I can remote in now!
    • Proposed as answer by robin thakur Sunday, January 13, 2013 12:11 PM
    • Unproposed as answer by robin thakur Sunday, January 13, 2013 12:12 PM
    Tuesday, November 13, 2012 10:42 PM
  • Hi there, I have tried downloading 2.1.1 and 2.1.2 because I have the same issue. Unfortunately, I cannot install them because they complain that I am not running an Intel CPU (I am using a PowerPC G4 Powerbook) which is confusing because I thought it was a Universal Application that works on both. Has anybody got a solution which would work on a PowerPc based Mac? All I want to use it for is RDP, so suggestions like "buy a new Mac" are not helpful

    Sunday, January 13, 2013 12:21 PM
  • Try the new Mac RDP Client Version 2.1.2

    https://dl.dropbox.com/u/18309066/rdc_2.1.2_120917_release_enu_ship_clean_standard_retail_redlab_120917-apex-build-XS26-.dmg

    from this thread: RDC for MAC cannot connect to TS server....

    Steve

    The new 2.1.2 client does seem to resolve the issue. If MS could upload the new 2.1.2 client to the MS RDP web site.

    http://www.microsoft.com/mac/remote-desktop-client

    Monday, February 11, 2013 7:07 PM
  • Yes, I don't know why they haven't made it official yet.

    Steve

    Monday, February 11, 2013 7:15 PM
  • I too was having the problem same as everyone else. However, for me the problem all started when I replaced my SSL certificate that was used/selected in the Remote Desktop Session Host Configuration utility, connections, RDP-TCP Properties.  The security layer is negotiate and the certificate is the one selected on that screen.  It was not licensing related.

    The certificate had expired and I didn't believe I needed it.  But turns out I did, so I had to generate and validate a new one using GoDaddy (though they specifically were not part of the problem).  As my Terminal Servers (Remote desktop servers) do not have IIS installed, I was a bit stumped on how to create a new certificate request.   I finally found some instructions on how to create a certificate request using the MMC snap-in, advanced operations, create custom request. The template chosen was "legacy key", and without boring the rest of the details that part was the root cause of my problem.  The legacy key was not able to be processed correctly by the Mac RDC client. Neither the official 2.1.1 client or the 2.1.2 download.

    The Terminal Server system event log was showing the following two errors, 36874 and 36888.  The first one contained the best details and said: "An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed."  Upon searching the internet for that, I found this page which described the legacy key problem: http://social.msdn.microsoft.com/Forums/en-US/sqlreportingservices/thread/3a2d2eec-000d-432a-abd7-6b965268c671

    So, my solution most familiar to me was to use IIS and create the SSL certificate request, process that with my 3rd party CA, export the certificate with private key and then import that certificate into all of my terminal servers.  Then using the session host configuration tool, pick the new certificate and the problem was now solved.

    Tuesday, March 26, 2013 10:11 PM
  • Try first to use "rdp /console"

    If it works, then you have a licensing issue; you better get in touch with Microsoft or your dealer to fix this.

    Saturday, July 27, 2013 8:31 PM
  • Question for CorbettEnders69

    What kind of certificate did you create / select when you made the request to Go Daddy?

    When i run through the IIS Certificate request wizard i have two options

    Microsoft DH SChannel Cryptographic provider (512 or 1024)

    Microsoft RSA SChannel Cryptographic provider (512 or 1024)

    I dont see where you can choose CNG Key template

    Wednesday, September 11, 2013 4:59 AM
  • Reply for Dirt Cheap,

    I used RSA and a key length of 2048.  GoDaddy won't let you create a cert with anything less than 2048. If you are only seeing 512 or 1024, I can only assuming you are using an older version of IIS?   I think I may have confused people with the explaination in my post above... using the legacy key steps I describe is what ultimately caused my problem as without IIS on that server it was the easiest method to create the cert request.  However, a cert generated using that process can't be used by Mac clients.

    So, using a different server with IIS, I create and process a cert request. Then export that cert and private key from my IIS server to a file that can be imported on my Terminal Server (which does not have IIS).

    My scenario:  2008 R2 Terminal servers that do not have IIS installed.  Needed the SSL Cert for my RDP TCP connections.    Server A=Terminal Server. Server B=webserver (unrelated to my RDP server).

    1) Using Server B, IIS Management, create a cert request.

    2) Process Cert request at 3rd party (ie: GoDaddy).

    3) Use the generated cert from GoDaddy to complete the cert request process on Server B.

    4) Using the MMC Certificates Snap-in on Server B, Export the cert and private key to a file. (when opening the Certificates Snap-in, choose "computer account / Local Computer").

    5) Copy that file to Server A, and using the MMC Certificates Snap-in, import the certificate.

    6) Go into the RDP Connection manager, and drill into the screen where to pick the SSL certificate to use on the connection.

    Should work at that point.

    Wednesday, September 11, 2013 2:37 PM
  • No luck here. Leaving the domain field empty, specifying the port number, trashing the prefs or upgrading to 2.1.2 didn't help.

    I just reinstalled my test Windows 2012 server to R2, no upgrade but clean install. The box is not a terminal server, I just need RDC for administration. Plain W2012 worked out of the box but R2 doesn't. The server is a stand-alone (not in any domain) in both cases, same hardware, minimal configuration. Mac RDC is set up to connect even if the authentication fails, but no.

    I am running CoRD now, so my problem is solved, but there is still something wrong with the Mac RDC, even the 2.1.2 build.

    Friday, October 04, 2013 11:23 AM
  • Yeah, right. As if anybody with a sane mind would install a .dmg from a random dropbox share. Unbelievable.
    Tuesday, October 22, 2013 7:16 AM
  • There is a new RDP client for Mac, iOS and Android finally released by Microsoft. You can search for it in any of the related app stores.
    • Proposed as answer by snae Thursday, October 24, 2013 7:28 AM
    Wednesday, October 23, 2013 8:44 PM
  • On the App Store at:

    https://itunes.apple.com/us/app/microsoft-remote-desktop/id715768417

    Thursday, October 24, 2013 7:29 AM
  • On the App Store at:

    https://itunes.apple.com/us/app/microsoft-remote-desktop/id715768417

    ^^^^

    This worked for me connecting to a OpenStack Windows Server 2012 R2 Evaluation.

    No luck with the Mac's RDC to connect to the same VM.

    Wednesday, July 23, 2014 1:55 AM