Assume the following scenario:
- A Manually requested Remote Desktop certificate should be on a computer be assigned to the remote desktop session host.
- The operation fails with the following error message:
Set-WMIInstance : Invalid parameter
At line:1 char:1
Set-WMIInstance -path $TerminalServicesConfig.__path -argument @{SSLC ...
~~~~~~~~~~~~~~~~~ CategoryInfo : InvalidOperation: (:) [Set-WmiInstance], ManagementException
FullyQualifiedErrorId : SetWMIManagementException,Microsoft.PowerShell.Commands.SetWmiInstance
Cause/Solution
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
The target system is a certification authority.
The following logic was used to determine the SHA1 fingerprint for the Remote Desktop certificate:
$RdcCertHash = (Get-ChildItem -path Cert:\LocalMachine\My | Where-Object { $_.Extensions.EnhancedKeyUsages.Value -eq "1.3.6.1.4.1.311.54.1.2" } | Sort-Object -Property NotAfter -Descending | Select-Object -First 1).Thumbprint
The certification authority certificate on the target system contains a Constraint on the issuance of Remote Desktop certificates.
Therefore, the previous command incorrectly selected the certificate authority certificate that also exists in the machine certificate store from this system, which cannot be assigned to the Remote Desktop session host.
English 
Deutsch