1

I have been trying to get an installation of Remote Desktop Services deployed using Server 2012. I have now run into a problem where I need to use a certificate other than the self-signed cert from the server for Remote Desktop (to avoid cert errors for clients using network level authentication). I have searched the topic for days, and since the tools in server 2008 that gave you access to change the RDP-Tcp properties seem to no longer exist in 2012, this has proven very difficult.

Searching various sites (including this one) came up with a promising answer for changing the Win32_TSGeneralSetting class in WMI in the root\cimv2\TerminalServices namespace. (reference at: Configure custom SSL certificate for RDP on Windows Server 2012 in Remote Administration mode?).

I have tried this over and over again (and several variations of both the POSH script and the cmd script) to no avail. Instead of completing the process as I expect it to, I receive the error: Invalid Parameter.

I have the cert I want placed in both the Remote Desktop and the Personal certificate stores on this machine. Any suggestions, am I doing anything wrong here?

  • What's the question/problem here? Making a machine cert for RDP with custom properties, or placing it in the appropriate certificate stores? Or both? – HopelessN00b May 07 '14 at 17:05
  • The problem is this. I have a server running RDP Host role internally. I need users to access this publicly through RDWeb/RDGateway. I have a wildcard certificate configured to use for the public sector, and have applied that to RDWeb/RDGateway. The issue now is when a user clicks on an app to launch, the internal app server is using a self signed cert for RD connections (i.e. servername.internaldomain.local) As a result, users are receiving a cert error saying that it is not a trusted cert. – Adam Weight May 07 '14 at 18:06
  • I would like to change the certificate used from the self-signed one to the wildcard one (*.mydomain.com). That way they would not receive this error. When trying to use the script referenced at http://serverfault.com/questions/444286/configure-custom-ssl-certificate-for-rdp-on-windows-server-2012-in-remote-admini?answertab=votes#tab-top to replace the self-signed cert with the 3rd party cert, I receive the error: Invalid Parameter, and cannot replace the self-signed cert with the 3rd party cert. – Adam Weight May 07 '14 at 18:07
  • The answer at https://serverfault.com/a/927407/140709 worked for me. Just make sure you are running the commands in Powershell with administrative privileges. – Karthic Raghupathi Jun 17 '21 at 03:56

0 Answers0