The following error was received on a client’s system this morning:
The digital signature of this RDP File cannot be verified. The remote connection cannot be started.
In this case the RDSH is using self-issued certificates for both Broker services. They had expired.
- Server Manager –> Remote Desktop Services –> Collections –> Tasks –> Edit Deployment Properties
- Click Certificates
- Click on the first Broker service and then the Create new certificate button
- Set a password and save to C:\Temp\2015-04-14-SelfIssuedSSL.pfx
- Click on the second Broker service and Select an Existing Certificate
- Choose the above newly created certificate
In the case where our client’s domains are .LOCAL or .CORP or some other non-Internet facing TLD we leave those two self-issued.
If we have an Internet facing domain then we use a third party trusted certificate as can be seen in the snip above.
Because we are deploying a lot of Remote Desktop Services solutions we always use an Internet TLD for the internal domain after making sure the client owns that domain and its registered for a decade.
Originally posted in 2015 this popular post was migrated over from our previous blog
Make your IT business better than the competition. Help for IT Pros, TechYourBooks, Super Secret News, Women in IT Scholarship program, Ransomware Prevention Kit, 365 Security kit and more. https://www.thirdtier.net