[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 463
  • Last Modified:

Remote Desktop and Certificates

I recently installed a Windows 2008R2 Hyper-V and a Windows 2008R2 virtual server. When I use remote desktop to connect to these servers I get a prompt about certificates. I know very little about certificates so what do i need to do to deal with this so that I am not constantly prompted (see picture)? Additionally now when I remote desktop into the Windows 7 PCs on the network these too give me a certificate prompt (although not always--don't know why that is either--why not consistent?). What do I need to do so that I and other users who will remote into the server and these PCs will no longer get these certificate prompt? Thank you.
RDP-Certicate-Prompts.jpg
0
Lionel MM
Asked:
Lionel MM
  • 8
  • 3
  • 3
6 Solutions
 
David Johnson, CD, MVPOwnerCommented:
buy commercial certificates or implement a Certificate Authority  on your site and import the CA's certificate into the trusted root certificate store, and now issue certificates to the machines that you will be remoting into. You are currently using self-signed certificates that NEVER will be trusted.. I could make one for 'google.com' or microsoft.com... but it will be untrusted since when it goes up the tree it will not find a trusted root authority.
0
 
Lionel MMSmall Business IT ConsultantAuthor Commented:
So are you say I can install a role or feature on Windows to issue a certificate for both servers (or create a certificate?) and then distribute that to remote desktop users for both server and Win7 use?
0
 
David Johnson, CD, MVPOwnerCommented:
if you implement a CA and use certificates from it you have to import the CA's certificate to the desktop users into their trusted root provider store then the certificates will be trusted (you trust the CA ergo any certificates issued by it are trusted)
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
hecgomrecCommented:
If you are connecting only from within your LAN you don't need to generate clients certificates, just check the option "Don't ask me again......".

You can also view the certificate and try to import it into your computer in the trusted computers.  But really, don't find it necessary if you know that the computer you're trying to reach is for sure your server.

This warning represent just that... a warning because you are about to connect to device that has a non-trusted certificate otherwise you won't be getting anything.  (Do you get this when you try to connect to another client?)
0
 
Lionel MMSmall Business IT ConsultantAuthor Commented:
I am connecting to the PCs and the server from remote locations using Windows Remote Desktop
0
 
hecgomrecCommented:
Still, this is a warning to let you know there is something "fishy" with the machine credentials.

You can choose not to connect if you don't trust the device but if you are sure this is your server you can continue with the connection.

The option "Don't ask me again...." you'll see it every time you connect for the first time on a client PC.

If you want to have certs for every device on your environment you can get them if you have the budget for that.  Just keep in mind this warning represent an advise this machine certificate is no longer valid or is not trusted and that a certificate doesn't necessarily means the computer you are about to connect is "SAVE"... it is just registered somewhere that will some how try to record someone who wants to give a "security feeling" about the machine or site they just connected to.
0
 
Lionel MMSmall Business IT ConsultantAuthor Commented:
OK its get clearer now so if I install certificate service son my Windows Server and create a certificate and "give" distribute that to my known and approved users then they can use remote desktop without this prompt (i.e they will have an approved certificate) but then if anyone tries to use remote desktop without this certificate they will be get that certificate prompt and that will show up in my event logs somewhere?
0
 
hecgomrecCommented:
No...

Again, the certificate is to give users certain assurance they are connecting to a computer/site that has some sort of better security and is register to appear as authentic/real service machine.

If this certificate is self generated you will always get this message in any machine that connects to your server unless you decide either:

1.  Select the "Don't ask me again....."

2. Get a certificate from a trusted company (GoDaddy) and install it on your server.

I'm not quite sure if you get this logged... I'll have to look into that!!!! hummmm!!
0
 
Lionel MMSmall Business IT ConsultantAuthor Commented:
OK we have selected the do not ask again check box, many, many times and it keeps popping up. I am not clear as to why this is happening to this particular site that I am supporting. I support several companies, with Windows 2003 Enterprise and Standard, Win 2008 and 2008 R2 and Win 2012 and it just this one company that has these certificate prompts so obviously somewhere something is causing this (I did take this customer over from another support pro so he may have done something I don't usually do when installing Windows servers and I guess that is what I need to find out).
0
 
David Johnson, CD, MVPOwnerCommented:
don't forget that the users need the godaddy intermediate certificate
0
 
Lionel MMSmall Business IT ConsultantAuthor Commented:
What does that mean?
0
 
Lionel MMSmall Business IT ConsultantAuthor Commented:
I am reinstalling Hyper-V next week (several other issues that I have been unable to resolve) and will see if that fixes this certificate problem--I will let you know.
0
 
Lionel MMSmall Business IT ConsultantAuthor Commented:
Client kept delaying and delaying--finally reinstalled Hyper-V this weekend and the certificate issue has resolved itself so it had to something that the previous IT guy had done. Thanks for all the advise, I learned somethings even though it did not help me resolve my particular issue.
0
 
Lionel MMSmall Business IT ConsultantAuthor Commented:
reinstalling removed the issue
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 8
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now