The following error was received on a client’s system this morning:
The digital signature of this RDP File cannot be verified. The remote connection cannot be started.
In this case the RDSH is using self-issued certificates for both Broker services. They had expired.
- Server Manager –> Remote Desktop Services –> Collections –> Tasks –> Edit Deployment Properties
- Click Certificates
- Click on the first Broker service and then the Create new certificate button
- Set a password and save to C:\Temp\2015-04-14-SelfIssuedSSL.pfx
- Click on the second Broker service and Select an Existing Certificate
- Choose the above newly created certificate
In the case where our client’s domains are .LOCAL or .CORP or some other non-Internet facing TLD we leave those two self-issued.
If we have an Internet facing domain then we use a third party trusted certificate as can be seen in the snip above.
Because we are deploying a lot of Remote Desktop Services solutions we always use an Internet TLD for the internal domain after making sure the client owns that domain and its registered for a decade.
Philip Elder
Microsoft Cluster MVP
MPECS Inc. 
Co-Author: SBS 2008 Blueprint Book
 
 
9 comments:
Thanks for this, really helped me out :)
Thanks this helped me as well.
I could not make this work. It requires a certificate name but would not accept anything I entered.
Just to say Thanks a lot for the solution!!!
Dario Ramirez
The solution solved the problem.
Thanks!
Thank you!! Your solution fixed my issue
Doesn't work for me either, it will not accept any name for the new certificate.
I get this error and understand the fix, but I am only getting this on ONE client computer. None of these computers are on the domain FYI. Replacing the cert will break all 20 other users so I am hoping to just de-regulate the cert necessity.
I think you must give a name such as NAME.pfx
otherwise it won't let you proceed with the dialog
Post a Comment