Event Source: | Microsoft-Windows-TerminalServices-RemoteConnectionManager |
Event ID: | 1053 (0xC000041D) |
Event log: | System |
Event type: | |
Event text (English): | The RD Session Host Server is configured to use a certificate that is expired. %1 The SHA1 hash of the certificate is in the event data. The default certificate will be used for RD Session Host Server authentication from now on. Please check the security settings by using the Remote Desktop Session Host Configuration tool in the Administrative Tools folder. |
Event text (German): | The Remote Desktop session host server is configured to use a certificate that has expired. %1 The SHA1 hash of the certificate can be found in the event data. From now on, Remote Desktop session host server authentication uses the default certificate. Verify the security settings by using the Remote Desktop Session Host Configuration tool in the Administrative Tools folder. |
Tag: Remote Desktop (RDP)
Details of the event with ID 1052 of the source Microsoft-Windows-TerminalServices-RemoteConnectionManager
Event Source: | Microsoft-Windows-TerminalServices-RemoteConnectionManager |
Event ID: | 1052 (0xC000041C) |
Event log: | System |
Event type: | |
Event text (English): | The RD Session Host Server is configured to use a certificate that will expire in %2 days. %1 The SHA1 hash of the certificate is in the event data. Please check the security settings by using the Remote Desktop Session Host Configuration tool in the Administrative Tools folder. |
Event text (German): | The Remote Desktop session host server is configured to use a certificate that expires in %2 days. %1 The SHA1 hash of the certificate can be found in the event data. Verify the security settings by using the Remote Desktop Session Host Configuration tool in the Administrative Tools folder. |
Details of the event with ID 1051 of the source Microsoft-Windows-TerminalServices-RemoteConnectionManager
Event Source: | Microsoft-Windows-TerminalServices-RemoteConnectionManager |
Event ID: | 1051 (0xC000041B) |
Event log: | System |
Event type: | Error |
Event text (English): | The RD Session Host Server is configured to use SSL with user selected certificate, however, no usable certificate was found on the server. The default certificate will be used for RD Session Host Server authentication from now on. Please check the security settings by using the Remote Desktop Session Host Configuration tool in the Administrative Tools folder. |
Event text (German): | The Remote Desktop session host server is configured to use SSL with a user-selected certificate, but no usable certificate was found on the server. From now on, the default certificate is used for Remote Desktop session host server authentication. Verify the security settings using the Remote Desktop Session Host Configuration tool in the Administrative Tools folder. |
Remote desktop certificate request fails with error message "The permissions on the certificate template do not allow the current user to enroll for this type of certificate."
Assume the following scenario:
- Machines are configured by group policy to request certificates for the remote desktop session host.
- However, the certificates are not applied for.
- In the event log of the affected system, the Event with ID 1064 of source Terminalservices-RemoteConnectionManager logged:
The RD Session Host server cannot install a new template-based certificate to be used for Transport Layer Security (TLS) 1.0\Secure Sockets Layer (SSL) authentication and encryption. The following error occurred: The permissions on the certificate template do not allow the current user to enroll for this type of certificate.Continue reading „Die Beantragung von Remotedesktop-Zertifikaten schlägt fehl mit Fehlermeldung „The permissions on the certificate template do not allow the current user to enroll for this type of certificate.““
Remote desktop certificate request fails with error message "The requested certificate template is not supported by this CA."
Assume the following scenario:
- Machines are configured by group policy to request certificates for the remote desktop session host.
- However, the certificates are not applied for or existing certificates expire without renewal.
- In the event log of the affected system, the event with ID 1064 of the source Terminalservices-RemoteConnectionManager is logged:
The RD Session Host server cannot install a new template-based certificate to be used for Transport Layer Security (TLS) 1.0\Secure Sockets Layer (SSL) authentication and encryption. The following error occurred: The requested certificate template is not supported by this CA.Continue reading „Die Beantragung von Remotedesktop-Zertifikaten schlägt fehl mit Fehlermeldung „The requested certificate template is not supported by this CA.““
Remote desktop connection no longer possible after in-place upgrade of Windows Server operating system
Assume the following scenario:
- An in-place upgrade of the certification authority's operating system is performed.
- After the upgrade I can no longer log in via Remote Desktop. The connection fails with the following error message:
An authentication error has occurred. The function requested is not supported. Remote Computer: 192.168.1.149 This could be due to CredSSP encryption oracle remediation. For more information, see https://go.microsoft.com/fwlink/?linkid=866660
In German:
Authentication error. The requested function is not supported. Remote computer: 192.168.1.149 The cause could be a CredSSP Encryption Oracle defense. For more information, see https://go.microsoft.com/fwlink/?linkid=866660Continue reading „Keine Remotedesktopverbindung mehr möglich nach In-Place Upgrade des Windows Server Betriebssystems“
Login via smart card using Remote Desktop (RDP) fails with error message "The requested key container does not exist on the smart card."
Assume the following scenario:
- A user logs on to a remote desktop system using the smart card logon function.
- The user uses a Yubico Yubikey as a smartcard. The required middleware is installed on both the local and the remote system.
- The login fails with the following error message:
The system could not log you on. The requested key container does not exist on the smart card.Continue reading „Die Anmeldung via Smartcard über Remotedesktop (RDP) schlägt fehl mit Fehlermeldung „The requested key container does not exist on the smart card.““
Manually assigning a Remote Desktop (RDP) certificate
Was a Remote desktop certificate requested manuallyit must then be assigned to the Remote Desktop session host.
Continue reading „Manuelles Zuweisen eines Remotedesktop (RDP) Zertifikats“Manually requesting a Remote Desktop (RDP) certificate
There are cases in which you cannot or do not want to obtain Remote Desktop certificates from a certificate authority in your own Active Directory forest, for example, if the system in question is not a domain member.
In this case, the use of certificate templates is not possible, and one must manually create a Certificate Signing Request (CSR).
Continue reading „Manuelle Beantragung eines Remotedesktop (RDP) Zertifikats“Configuring a Certificate Template for Remote Desktop (RDP) Certificates
To use Remote Desktop certificates, it is necessary to configure an appropriate certificate template.
Continue reading „Konfigurieren einer Zertifikatvorlage für Remotedesktop (RDP) Zertifikate“Identify the active Remote Desktop (RDP) certificate
If one has a Remote Desktop Certificate Template and a appropriate group guidelines configured, or manually assigned a remote desktop certificateYou may want to verify that the certificates on the participating computers are being used correctly by the Remote Desktop session host.
Continue reading „Identifizieren des aktiven Remotedesktop (RDP) Zertifikats“Configuring a Group Policy (GPO) for Remote Desktop (RDP) Certificates
After configuring a certificate template for the distribution of Remote Desktop certificates (see the article "Configuring a Certificate Template for Remote Desktop (RDP) Certificates"), a group policy is still required that instructs the participating computers to also use the certificates originating from the template.
Continue reading „Konfigurieren einer Gruppenrichtlinie (GPO) für Remotedesktop (RDP) Zertifikate“