The following error was received on a client’s system this morning:
The digital signature of this RDP File cannot be verified. The remote connection cannot be started.
In this case the RDSH is using self-issued certificates for both Broker services. They had expired.
- Server Manager –> Remote Desktop Services –> Collections –> Tasks –> Edit Deployment Properties
- Click Certificates
- Click on the first Broker service and then the Create new certificate button
- Set a password and save to C:\Temp\2015-04-14-SelfIssuedSSL.pfx
- Click on the second Broker service and Select an Existing Certificate
- Choose the above newly created certificate
In the case where our client’s domains are .LOCAL or .CORP or some other non-Internet facing TLD we leave those two self-issued.
If we have an Internet facing domain then we use a third party trusted certificate as can be seen in the snip above.
Because we are deploying a lot of Remote Desktop Services solutions we always use an Internet TLD for the internal domain after making sure the client owns that domain and its registered for a decade.
Microsoft Cluster MVP
Co-Author: SBS 2008 Blueprint Book