?
Solved

can't log into remote desktop. SSL error.

Posted on 2016-09-07
1
Medium Priority
?
358 Views
Last Modified: 2016-09-07
We did a windows update over the weekend and one of our servers now won't allow us to rdp into it.  It's the domain controller in a Win 2012 environment.  We run a number of servers and a RD connection broker to allow remote clients to use our software.  That part of the infrastructure works fine.   I've checked the 3rd party created certificate for the farm (issued in the last couple of months) and it appears to be fine.
What we can't do is get onto the domain controller remotely for admin purposes.

The server logs show an error.
A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001.


This is most likely the problem.  A look on the internet says that the problem is with the private key for the certificate. However what I don't know is where the certificate for RDP resides for a single server and how to repair the problem.  The certificate we use for the farm does not name this server explicitly since it doesn't directly participate in the farm login process.  So it must have an internally generated certificate.  I'm just not sure where and how to go about creating and storing a new one.
0
Comment
Question by:geekdad1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 1

Accepted Solution

by:
geekdad1 earned 0 total points
ID: 41788839
Solved the issue.  Here are the steps:

Log onto the server using the vm console.
Run the mmc console.
Go to file/ add remove snap-in
Select certificates
Select computer account
Select local computer
Click on finish
Click on OK
Expand Certificates / Personal / Certificates
Look for the intended purpose being Client Authentication
Copy that certificate
Expand Remote Desktop / Certificates
Paste the certificate into here.
Open that certificate and copy the thumbprint.
Paste it into notepad and remove all of the spaces
Copy the new thumbprint

Open powershell as administrator
Cd \certificates

(at this point I've created a ps1 script that looks like:
$hash = read-host "Enter Certificate thumbprint: "
wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="$hash"
)

.\tscert.ps1
Paste the copied thumbprint here

That should resolve the problem.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question