Tuesday 14 April 2015

RDS Error: RemoteApp - The digital signature of this RDP File cannot be verified.

The following error was received on a client’s system this morning:

image RemoteApp

The digital signature of this RDP File cannot be verified. The remote connection cannot be started.

In this case the RDSH is using self-issued certificates for both Broker services. They had expired.

  1. Server Manager –> Remote Desktop Services –> Collections –> Tasks –> Edit Deployment Properties
  2. Click Certificates
  3. Click on the first Broker service and then the Create new certificate button
    • image
  4. Set a password and save to C:\Temp\2015-04-14-SelfIssuedSSL.pfx
  5. Click on the second Broker service and Select an Existing Certificate
  6. Choose the above newly created certificate

In the case where our client’s domains are .LOCAL or .CORP or some other non-Internet facing TLD we leave those two self-issued.

If we have an Internet facing domain then we use a third party trusted certificate as can be seen in the snip above.

Because we are deploying a lot of Remote Desktop Services solutions we always use an Internet TLD for the internal domain after making sure the client owns that domain and its registered for a decade.

Philip Elder
Microsoft Cluster MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

9 comments:

Unknown said...

Thanks for this, really helped me out :)

Anonymous said...

Thanks this helped me as well.

Anonymous said...

I could not make this work. It requires a certificate name but would not accept anything I entered.

Anonymous said...

Just to say Thanks a lot for the solution!!!
Dario Ramirez

Vinicius Oliveira Souza said...

The solution solved the problem.

Thanks!

Anonymous said...

Thank you!! Your solution fixed my issue

Anonymous said...

Doesn't work for me either, it will not accept any name for the new certificate.

Unknown said...

I get this error and understand the fix, but I am only getting this on ONE client computer. None of these computers are on the domain FYI. Replacing the cert will break all 20 other users so I am hoping to just de-regulate the cert necessity.

Anonymous said...

I think you must give a name such as NAME.pfx
otherwise it won't let you proceed with the dialog