Solved

Remote Desktop and Certificates

Posted on 2014-01-28
14
453 Views
Last Modified: 2014-03-08
I recently installed a Windows 2008R2 Hyper-V and a Windows 2008R2 virtual server. When I use remote desktop to connect to these servers I get a prompt about certificates. I know very little about certificates so what do i need to do to deal with this so that I am not constantly prompted (see picture)? Additionally now when I remote desktop into the Windows 7 PCs on the network these too give me a certificate prompt (although not always--don't know why that is either--why not consistent?). What do I need to do so that I and other users who will remote into the server and these PCs will no longer get these certificate prompt? Thank you.
RDP-Certicate-Prompts.jpg
0
Comment
Question by:Lionel MM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 3
  • 3
14 Comments
 
LVL 81

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 200 total points
ID: 39815833
buy commercial certificates or implement a Certificate Authority  on your site and import the CA's certificate into the trusted root certificate store, and now issue certificates to the machines that you will be remoting into. You are currently using self-signed certificates that NEVER will be trusted.. I could make one for 'google.com' or microsoft.com... but it will be untrusted since when it goes up the tree it will not find a trusted root authority.
0
 
LVL 25

Author Comment

by:Lionel MM
ID: 39815910
So are you say I can install a role or feature on Windows to issue a certificate for both servers (or create a certificate?) and then distribute that to remote desktop users for both server and Win7 use?
0
 
LVL 81

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 200 total points
ID: 39816685
if you implement a CA and use certificates from it you have to import the CA's certificate to the desktop users into their trusted root provider store then the certificates will be trusted (you trust the CA ergo any certificates issued by it are trusted)
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 11

Assisted Solution

by:hecgomrec
hecgomrec earned 300 total points
ID: 39820685
If you are connecting only from within your LAN you don't need to generate clients certificates, just check the option "Don't ask me again......".

You can also view the certificate and try to import it into your computer in the trusted computers.  But really, don't find it necessary if you know that the computer you're trying to reach is for sure your server.

This warning represent just that... a warning because you are about to connect to device that has a non-trusted certificate otherwise you won't be getting anything.  (Do you get this when you try to connect to another client?)
0
 
LVL 25

Author Comment

by:Lionel MM
ID: 39820743
I am connecting to the PCs and the server from remote locations using Windows Remote Desktop
0
 
LVL 11

Assisted Solution

by:hecgomrec
hecgomrec earned 300 total points
ID: 39820927
Still, this is a warning to let you know there is something "fishy" with the machine credentials.

You can choose not to connect if you don't trust the device but if you are sure this is your server you can continue with the connection.

The option "Don't ask me again...." you'll see it every time you connect for the first time on a client PC.

If you want to have certs for every device on your environment you can get them if you have the budget for that.  Just keep in mind this warning represent an advise this machine certificate is no longer valid or is not trusted and that a certificate doesn't necessarily means the computer you are about to connect is "SAVE"... it is just registered somewhere that will some how try to record someone who wants to give a "security feeling" about the machine or site they just connected to.
0
 
LVL 25

Author Comment

by:Lionel MM
ID: 39823878
OK its get clearer now so if I install certificate service son my Windows Server and create a certificate and "give" distribute that to my known and approved users then they can use remote desktop without this prompt (i.e they will have an approved certificate) but then if anyone tries to use remote desktop without this certificate they will be get that certificate prompt and that will show up in my event logs somewhere?
0
 
LVL 11

Assisted Solution

by:hecgomrec
hecgomrec earned 300 total points
ID: 39824049
No...

Again, the certificate is to give users certain assurance they are connecting to a computer/site that has some sort of better security and is register to appear as authentic/real service machine.

If this certificate is self generated you will always get this message in any machine that connects to your server unless you decide either:

1.  Select the "Don't ask me again....."

2. Get a certificate from a trusted company (GoDaddy) and install it on your server.

I'm not quite sure if you get this logged... I'll have to look into that!!!! hummmm!!
0
 
LVL 25

Author Comment

by:Lionel MM
ID: 39824606
OK we have selected the do not ask again check box, many, many times and it keeps popping up. I am not clear as to why this is happening to this particular site that I am supporting. I support several companies, with Windows 2003 Enterprise and Standard, Win 2008 and 2008 R2 and Win 2012 and it just this one company that has these certificate prompts so obviously somewhere something is causing this (I did take this customer over from another support pro so he may have done something I don't usually do when installing Windows servers and I guess that is what I need to find out).
0
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 39827135
don't forget that the users need the godaddy intermediate certificate
0
 
LVL 25

Author Comment

by:Lionel MM
ID: 39828698
What does that mean?
0
 
LVL 25

Author Comment

by:Lionel MM
ID: 39844390
I am reinstalling Hyper-V next week (several other issues that I have been unable to resolve) and will see if that fixes this certificate problem--I will let you know.
0
 
LVL 25

Accepted Solution

by:
Lionel MM earned 0 total points
ID: 39900870
Client kept delaying and delaying--finally reinstalled Hyper-V this weekend and the certificate issue has resolved itself so it had to something that the previous IT guy had done. Thanks for all the advise, I learned somethings even though it did not help me resolve my particular issue.
0
 
LVL 25

Author Closing Comment

by:Lionel MM
ID: 39914415
reinstalling removed the issue
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question