Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 789
  • Last Modified:

can't log into remote desktop. SSL error.

We did a windows update over the weekend and one of our servers now won't allow us to rdp into it.  It's the domain controller in a Win 2012 environment.  We run a number of servers and a RD connection broker to allow remote clients to use our software.  That part of the infrastructure works fine.   I've checked the 3rd party created certificate for the farm (issued in the last couple of months) and it appears to be fine.
What we can't do is get onto the domain controller remotely for admin purposes.

The server logs show an error.
A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001.


This is most likely the problem.  A look on the internet says that the problem is with the private key for the certificate. However what I don't know is where the certificate for RDP resides for a single server and how to repair the problem.  The certificate we use for the farm does not name this server explicitly since it doesn't directly participate in the farm login process.  So it must have an internally generated certificate.  I'm just not sure where and how to go about creating and storing a new one.
0
geekdad1
Asked:
geekdad1
1 Solution
 
geekdad1Author Commented:
Solved the issue.  Here are the steps:

Log onto the server using the vm console.
Run the mmc console.
Go to file/ add remove snap-in
Select certificates
Select computer account
Select local computer
Click on finish
Click on OK
Expand Certificates / Personal / Certificates
Look for the intended purpose being Client Authentication
Copy that certificate
Expand Remote Desktop / Certificates
Paste the certificate into here.
Open that certificate and copy the thumbprint.
Paste it into notepad and remove all of the spaces
Copy the new thumbprint

Open powershell as administrator
Cd \certificates

(at this point I've created a ps1 script that looks like:
$hash = read-host "Enter Certificate thumbprint: "
wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="$hash"
)

.\tscert.ps1
Paste the copied thumbprint here

That should resolve the problem.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now