Skip to main content

How to solve server authentication certificate failures on Microsoft RDP over SSL

Issue / Details

User gets the following error when trying to get connected to a remote machine using .rdp file

ERROR: The connection has been terminated because an unexpected server authentication certificate was received from the remote computer.

ERROR: The connection has been terminated because an unexpected server authentication certificate was received from the remote computer.

Related Products

Microsoft Remote Desktop, CyberArk - Privileged Access Manager (PAM, self-hosted); Privilege Cloud

Environment


What product(s), category, or business process does the requestor have? Has anything been changed recently, such as upgrades, additions, deletions?

RDS, Remote Desktop Services configured with TLS/SSL.

Cause

The underlying cause of the issue. Cause is an optional field as it is not appropriate or necessary for some types of articles.

The end-user's RDP Client is configured to not allow RDP session connection on server authentication failures.

The specifics of the error is typically related to one of the following:

  • Self-Signed Cert in use with RDS
  • Expired Cert in use with RDS
  • PSM is configured with IP (in CyberArk), and not the FQDN listed on the SAN of the RDS certificate.
  • The PSM's RDS Cert CA, is not in the "Trusted Certificate" Store of the End-User's system.

Behavior change:

These types of failures use to prompt the End User with a Warning, and allow them to continue connecting through RDP. Microsoft, and other RDP Client vendors, are updating the default behavior for better security practices, and not allowing the end-user to ignore, or connect through RDP, when there is an 'unexpected' server authentication certificate received.

Resolution

The answer or the steps taken to resolve the issue.

3rd party vendor recommendation is to fix the underlining cause;
Correctly implementing RDP/RDS over SSL with a CA signed Certificate, that is also trusted by the end-users system, following best security practices.

For completeness in understanding the behavior change, and configuration, the following settings are responsible for this behavior:

RDP Client

(mtsc.exe - Remote Desktop Connection)
Options > Advanced > Server authentcation >
If server authentication fails: 

  • <Drop Down>
  • Connect and don't warn me.
  • Warn me
  • Do not connect



RDP file:
authentication level:i:<Value>
Set the authentication level value to one of the following values:
0: If server authentication fails, connect to the computer without warning.
1: If server authentication fails, don't establish a connection
2: If server authentication fails, show a warning, and choose to connect or refuse the connection.

Example: to connect without warning, "authentication level:i:0".

Registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Terminal Server Client\
HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\
*Note: if set in HKEY_CURRENT_USER; overrides HKEY_LOCAL_MACHINE

Variable: AuthenticationLevelOverride
DWORD Value.

0 Type this value to configure an authentication level of "No authentication."
1 Type this value to configure an authentication level of "Require authentication."
2 Type this value to configure an authentication level of "Attempt authentication."

Example change using PowerShell:

Set-ItemProperty -Path "HKLM:\Software\Microsoft\Terminal Server Client\" -Name AuthenticationLevelOverride -Value 0 -Type DWord


RDP-over-SSL-server-authentication-certificate-failures


 

Labels:

Comments

Post a Comment

Popular posts from this blog

High Valuations and Potential Corrections: Precautions for Global Investors in NYSE and NASDAQ

he New York Stock Exchange (NYSE) and NASDAQ are key investment hubs not only for American investors but also for those from Canada, Britain, Europe, and Australia. However, given the current economic signals—specifically the Buffett Indicator which suggests extreme overvaluation at a 193% ratio—investors worldwide should exercise caution. This gauge compares the total market capitalization of publicly traded stocks to the gross domestic product (GDP), and a reading near 200% indicates potential overvaluation which could lead to significant market corrections. Understanding the Current Market Environment The Buffett Indicator, a measure devised by Warren Buffett, assesses whether the stock market is fairly valued relative to the economic output. A ratio of 100% is seen as fair, but the current 193% suggests that the market is potentially overheated. This scenario resembles past conditions, like those in late 2021 when the...
Post a Comment
Read more

Neon Desolation: A CyberPunk Short Story

In the city of Neo-Babylon, year 2073, rain seemingly never stopped. Metallic droplets clattered on chrome roofs, a ceaseless symphony of the future. Neon lights punctured the gloom, reflecting off slick streets and towering monoliths of steel and glass. Amid this panorama of progress, countless digital billboards flashed images of prosperity and satisfaction. But beneath the glossy surface, shadows crept. Our protagonist, Jack, was an echo runner. A professional data thief, wired to the teeth with the latest sub-dermal implants. He carried secrets from one end of the city to the other, an encrypted courier in an age where trust was as scarce as clean air.
2 comments
Read more