?
Solved

Remote Desktop and Certificates

Posted on 2014-01-28
14
Medium Priority
?
456 Views
Last Modified: 2014-03-08
I recently installed a Windows 2008R2 Hyper-V and a Windows 2008R2 virtual server. When I use remote desktop to connect to these servers I get a prompt about certificates. I know very little about certificates so what do i need to do to deal with this so that I am not constantly prompted (see picture)? Additionally now when I remote desktop into the Windows 7 PCs on the network these too give me a certificate prompt (although not always--don't know why that is either--why not consistent?). What do I need to do so that I and other users who will remote into the server and these PCs will no longer get these certificate prompt? Thank you.
RDP-Certicate-Prompts.jpg
0
Comment
Question by:Lionel MM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 3
  • 3
14 Comments
 
LVL 82

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 600 total points
ID: 39815833
buy commercial certificates or implement a Certificate Authority  on your site and import the CA's certificate into the trusted root certificate store, and now issue certificates to the machines that you will be remoting into. You are currently using self-signed certificates that NEVER will be trusted.. I could make one for 'google.com' or microsoft.com... but it will be untrusted since when it goes up the tree it will not find a trusted root authority.
0
 
LVL 25

Author Comment

by:Lionel MM
ID: 39815910
So are you say I can install a role or feature on Windows to issue a certificate for both servers (or create a certificate?) and then distribute that to remote desktop users for both server and Win7 use?
0
 
LVL 82

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 600 total points
ID: 39816685
if you implement a CA and use certificates from it you have to import the CA's certificate to the desktop users into their trusted root provider store then the certificates will be trusted (you trust the CA ergo any certificates issued by it are trusted)
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 11

Assisted Solution

by:hecgomrec
hecgomrec earned 900 total points
ID: 39820685
If you are connecting only from within your LAN you don't need to generate clients certificates, just check the option "Don't ask me again......".

You can also view the certificate and try to import it into your computer in the trusted computers.  But really, don't find it necessary if you know that the computer you're trying to reach is for sure your server.

This warning represent just that... a warning because you are about to connect to device that has a non-trusted certificate otherwise you won't be getting anything.  (Do you get this when you try to connect to another client?)
0
 
LVL 25

Author Comment

by:Lionel MM
ID: 39820743
I am connecting to the PCs and the server from remote locations using Windows Remote Desktop
0
 
LVL 11

Assisted Solution

by:hecgomrec
hecgomrec earned 900 total points
ID: 39820927
Still, this is a warning to let you know there is something "fishy" with the machine credentials.

You can choose not to connect if you don't trust the device but if you are sure this is your server you can continue with the connection.

The option "Don't ask me again...." you'll see it every time you connect for the first time on a client PC.

If you want to have certs for every device on your environment you can get them if you have the budget for that.  Just keep in mind this warning represent an advise this machine certificate is no longer valid or is not trusted and that a certificate doesn't necessarily means the computer you are about to connect is "SAVE"... it is just registered somewhere that will some how try to record someone who wants to give a "security feeling" about the machine or site they just connected to.
0
 
LVL 25

Author Comment

by:Lionel MM
ID: 39823878
OK its get clearer now so if I install certificate service son my Windows Server and create a certificate and "give" distribute that to my known and approved users then they can use remote desktop without this prompt (i.e they will have an approved certificate) but then if anyone tries to use remote desktop without this certificate they will be get that certificate prompt and that will show up in my event logs somewhere?
0
 
LVL 11

Assisted Solution

by:hecgomrec
hecgomrec earned 900 total points
ID: 39824049
No...

Again, the certificate is to give users certain assurance they are connecting to a computer/site that has some sort of better security and is register to appear as authentic/real service machine.

If this certificate is self generated you will always get this message in any machine that connects to your server unless you decide either:

1.  Select the "Don't ask me again....."

2. Get a certificate from a trusted company (GoDaddy) and install it on your server.

I'm not quite sure if you get this logged... I'll have to look into that!!!! hummmm!!
0
 
LVL 25

Author Comment

by:Lionel MM
ID: 39824606
OK we have selected the do not ask again check box, many, many times and it keeps popping up. I am not clear as to why this is happening to this particular site that I am supporting. I support several companies, with Windows 2003 Enterprise and Standard, Win 2008 and 2008 R2 and Win 2012 and it just this one company that has these certificate prompts so obviously somewhere something is causing this (I did take this customer over from another support pro so he may have done something I don't usually do when installing Windows servers and I guess that is what I need to find out).
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 39827135
don't forget that the users need the godaddy intermediate certificate
0
 
LVL 25

Author Comment

by:Lionel MM
ID: 39828698
What does that mean?
0
 
LVL 25

Author Comment

by:Lionel MM
ID: 39844390
I am reinstalling Hyper-V next week (several other issues that I have been unable to resolve) and will see if that fixes this certificate problem--I will let you know.
0
 
LVL 25

Accepted Solution

by:
Lionel MM earned 0 total points
ID: 39900870
Client kept delaying and delaying--finally reinstalled Hyper-V this weekend and the certificate issue has resolved itself so it had to something that the previous IT guy had done. Thanks for all the advise, I learned somethings even though it did not help me resolve my particular issue.
0
 
LVL 25

Author Closing Comment

by:Lionel MM
ID: 39914415
reinstalling removed the issue
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question