Solved

I'm getting certificate errors when connecting to our RDS server

Posted on 2014-10-28
15
4,129 Views
Last Modified: 2014-11-05
I'm running RDS on Windows 2012 R2 and connecting with some XP, 7 and 8 desktops.
On some of the XP desktops I'm getting the following Remote Desktop Connection error when connecting to the server:
"The connection has been terminated because an unexpected server authentication certificate was received from the remote computer.  Try connecting again.  If the problem continues, contact the owner of the remote computer or your network administrator."
The XP stations have had SP3 installed,  They are using Remote Desktop Connection Shell Version 6.1.7600.  Network Level Authentication and RDP 7.0 are supported.
I've looked for hours for solutions and have come up empty.  Any ideas please?
0
Comment
Question by:smoakin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
15 Comments
 

Expert Comment

by:GMSMRM
ID: 40409200
I actually got this error yesterday on a couple of Thin Clients running WES 2009 and found that the latest Root Certificates for Windows XP KB931125 were nto installed. Here is a link. Try it and see if it works for you.

http://www.microsoft.com/en-us/download/details.aspx?id=41084
0
 

Author Comment

by:smoakin
ID: 40409247
I downloaded and ran that update earlier.  Unfortunately, it did not correct the problem.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40409253
So you say, it happens only on xp?
On any xp you tested with, with any user? Also on clean installations (only xp with SP3 and nothing else)?
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:smoakin
ID: 40409296
Yes, it only happens on XP desktops, and only some of the XP desktops.  There are no clean installs of XP, but all are the same hardware and are similarly configured.  Obviously there is a difference, but that's what I can't figure out.
0
 

Author Comment

by:smoakin
ID: 40409308
I've also installed the CredSSP Fix it 50588.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40409309
The difference can be found, only a question of effort you are willing to invest.
Take a clean system - it works.
-Install you most popular application - most probably it will still work.
-install the security suites you use - first crucial point and next test. if that still works...
-apply the computer GPOs that you normally apply and test. Next...
-apply the user GPOs
->if still no problem, install the less popular applications and test.
0
 

Author Comment

by:smoakin
ID: 40409358
Management decided to keep the older XP computers because it would save them money.  There are probably over 30 applications on each of those computers that can still be used.  It would be a very tedious process.  My instinct tells me it probably isn't one of the applications directly, but a system setting or two that were set at some point by the user while using the apps. I'm sure a fresh install of the OS would probably do the trick, but by the time that is done, they would have paid for a new computer.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40409363
I estimate the time investment to find out to be AT MAX between one and two hours depending on where the problem sits.
0
 

Author Comment

by:smoakin
ID: 40409412
The XP computers that are working are all using the same apps as those that are not working.  A fresh install of XP with updates and all apps will definitely resolve the problem.  The downside is that while we corrected the problem, we will never know what the cause was in order to correct it in the other XP desktops.  I was hoping to find a solution that could could correct the problem without rebuilds.

Now, if there is no other way to isolate the problem then we may have no choice but to replace the computers.  They definitely don't want to invest time and money into those old XP desktops.  I will need to discuss the alternatives with them.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40409428
"A fresh install of XP with updates and all apps will definitely resolve the problem" - if that would indeed be so, then all the computers where it is not working now are broken - they have the correct settings applied but "misbehave". That is simply not the case. There is a common factor for sure and it will not be some "bit corruption".
I recommend to do the analysis.
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40409742
I would investigate the certificate stores from a working machine and one that doesn't work.
0
 

Author Comment

by:smoakin
ID: 40409910
The certificate stores between a working and non-working machine are identical.
0
 

Author Comment

by:smoakin
ID: 40414304
Removed all apps one at a time until none remained.  Problem remained.  Wiped drive and reinstalled OS, followed by all apps, testing as I went.  The connection works fine.  I could not isolate a cause, and still do not know what the problem is, or how to go about fixing the other XP desktops.
0
 
LVL 55

Accepted Solution

by:
McKnife earned 500 total points
ID: 40414792
If you can't find a common course, the last resort would be monitoring with procmon to record a successful action and compare it to the unsuccessful action's log of another machine.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40425577
Did you find something useful in the log? Or how was it solved?
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question