Solved

Remote Desktop and Certificates

Posted on 2014-01-28
14
444 Views
Last Modified: 2014-03-08
I recently installed a Windows 2008R2 Hyper-V and a Windows 2008R2 virtual server. When I use remote desktop to connect to these servers I get a prompt about certificates. I know very little about certificates so what do i need to do to deal with this so that I am not constantly prompted (see picture)? Additionally now when I remote desktop into the Windows 7 PCs on the network these too give me a certificate prompt (although not always--don't know why that is either--why not consistent?). What do I need to do so that I and other users who will remote into the server and these PCs will no longer get these certificate prompt? Thank you.
RDP-Certicate-Prompts.jpg
0
Comment
Question by:lionelmm
  • 8
  • 3
  • 3
14 Comments
 
LVL 78

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 200 total points
ID: 39815833
buy commercial certificates or implement a Certificate Authority  on your site and import the CA's certificate into the trusted root certificate store, and now issue certificates to the machines that you will be remoting into. You are currently using self-signed certificates that NEVER will be trusted.. I could make one for 'google.com' or microsoft.com... but it will be untrusted since when it goes up the tree it will not find a trusted root authority.
0
 
LVL 24

Author Comment

by:lionelmm
ID: 39815910
So are you say I can install a role or feature on Windows to issue a certificate for both servers (or create a certificate?) and then distribute that to remote desktop users for both server and Win7 use?
0
 
LVL 78

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 200 total points
ID: 39816685
if you implement a CA and use certificates from it you have to import the CA's certificate to the desktop users into their trusted root provider store then the certificates will be trusted (you trust the CA ergo any certificates issued by it are trusted)
0
 
LVL 11

Assisted Solution

by:hecgomrec
hecgomrec earned 300 total points
ID: 39820685
If you are connecting only from within your LAN you don't need to generate clients certificates, just check the option "Don't ask me again......".

You can also view the certificate and try to import it into your computer in the trusted computers.  But really, don't find it necessary if you know that the computer you're trying to reach is for sure your server.

This warning represent just that... a warning because you are about to connect to device that has a non-trusted certificate otherwise you won't be getting anything.  (Do you get this when you try to connect to another client?)
0
 
LVL 24

Author Comment

by:lionelmm
ID: 39820743
I am connecting to the PCs and the server from remote locations using Windows Remote Desktop
0
 
LVL 11

Assisted Solution

by:hecgomrec
hecgomrec earned 300 total points
ID: 39820927
Still, this is a warning to let you know there is something "fishy" with the machine credentials.

You can choose not to connect if you don't trust the device but if you are sure this is your server you can continue with the connection.

The option "Don't ask me again...." you'll see it every time you connect for the first time on a client PC.

If you want to have certs for every device on your environment you can get them if you have the budget for that.  Just keep in mind this warning represent an advise this machine certificate is no longer valid or is not trusted and that a certificate doesn't necessarily means the computer you are about to connect is "SAVE"... it is just registered somewhere that will some how try to record someone who wants to give a "security feeling" about the machine or site they just connected to.
0
 
LVL 24

Author Comment

by:lionelmm
ID: 39823878
OK its get clearer now so if I install certificate service son my Windows Server and create a certificate and "give" distribute that to my known and approved users then they can use remote desktop without this prompt (i.e they will have an approved certificate) but then if anyone tries to use remote desktop without this certificate they will be get that certificate prompt and that will show up in my event logs somewhere?
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 11

Assisted Solution

by:hecgomrec
hecgomrec earned 300 total points
ID: 39824049
No...

Again, the certificate is to give users certain assurance they are connecting to a computer/site that has some sort of better security and is register to appear as authentic/real service machine.

If this certificate is self generated you will always get this message in any machine that connects to your server unless you decide either:

1.  Select the "Don't ask me again....."

2. Get a certificate from a trusted company (GoDaddy) and install it on your server.

I'm not quite sure if you get this logged... I'll have to look into that!!!! hummmm!!
0
 
LVL 24

Author Comment

by:lionelmm
ID: 39824606
OK we have selected the do not ask again check box, many, many times and it keeps popping up. I am not clear as to why this is happening to this particular site that I am supporting. I support several companies, with Windows 2003 Enterprise and Standard, Win 2008 and 2008 R2 and Win 2012 and it just this one company that has these certificate prompts so obviously somewhere something is causing this (I did take this customer over from another support pro so he may have done something I don't usually do when installing Windows servers and I guess that is what I need to find out).
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 39827135
don't forget that the users need the godaddy intermediate certificate
0
 
LVL 24

Author Comment

by:lionelmm
ID: 39828698
What does that mean?
0
 
LVL 24

Author Comment

by:lionelmm
ID: 39844390
I am reinstalling Hyper-V next week (several other issues that I have been unable to resolve) and will see if that fixes this certificate problem--I will let you know.
0
 
LVL 24

Accepted Solution

by:
lionelmm earned 0 total points
ID: 39900870
Client kept delaying and delaying--finally reinstalled Hyper-V this weekend and the certificate issue has resolved itself so it had to something that the previous IT guy had done. Thanks for all the advise, I learned somethings even though it did not help me resolve my particular issue.
0
 
LVL 24

Author Closing Comment

by:lionelmm
ID: 39914415
reinstalling removed the issue
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now