Server Authentication Certificate Error for Remote Desktop Connection


I have a CA installed on my domain controller. Server Authentication
certificate is enrolled in Computer Certificate/Personal folder. The same
certificate is used for ssl and is working OK. If I use it for Remote
Desktop Server Authentication I get an error from client:
"The connection has been terminated because an unexpected server
authentication certificate was received from the remote computer."
If I try to connect from domain controller, certificate is accepted.

If I use self signed (generic) certificate, connection works without a
problem.

Certificate is enrolled from Web Server template (CA).

Thanks for help in advance!

__________ Information from ESET NOD32 Antivirus, version of virus signature database 4778 (20100116) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


Sponsored Links:



I am wondering if someone can help.

I am used to using Server 2008 and its Remote Desktop Connection to get
a full screen connection to a Hyper-V VM on the same machine (running
beta code etc.) The RDC runs in a full screen window, very nice.

In 2008 R2, RDC does not seem to exist - it is replaced by Remote
Desktop Services/Remote Desktops, and I am forced to try and run from an
MMC window which does not have all the config options available for an
RDC connection, nor can I seem to run it full-screen -- if I select a
high resolution like 1600 x 1200, it just runs that in the MMC windows
and I have to scroll around.

Am I missing something? Can I duplicate the user experience I had with RDC?

Thanks!




Hello:

Every night, I logon to a Windows Server 2003 machine through the Remote
Desktop Connection as an administrator. It's a long story but, in order for
some Scheduled Tasks (macros) to run automatically overnight, Microsoft and I
confirmed that this administrative user has to remain logged onto the server.

My only concern with this, of course, is if this user is ever accidentally
logged off. I need for this user to remain on.

Someone told me that there might be a way to write a script or a VB program
to automatically establish the RDP session if the connection is down. Is
that true? If so, how?

childofthe1980s




Hello:

Every night, I logon to a Windows Server 2003 machine through the Remote
Desktop Connection as an administrator. It's a long story but, in order for
some Scheduled Tasks (macros) to run automatically overnight, Microsoft and I
confirmed that this administrative user has to remain logged onto the server.

My only concern with this, of course, is if this user is ever accidentally
logged off. I need for this user to remain on.

Someone told me that there might be a way to write a script or a VB program
to automatically establish the RDP session if the connection is down. Is
that true? If so, how?

I had posted these questions on 12/10/09 on this newsgroup, but my questions
were misunderstood. It's not that we do not know how to keep this
administrative user logged on. My question is "Is there a way
programmatically to keep the session going or immediately come back on again
if this administrative user is accidentally logged off through another
Terminal Server session by someone who logs on with the same credentials?".

We have to keep this connection up and I am not always going to be around to
check on a daily basis that this Remote Desktop Session remains on.

childofthe1980s




I recently updated our Exchange Server 2001 SP1 with Security Update KB958690, KB960225 and anti-spam 3.3.7517.600 and after restart I can no longer connect to our server via Remote Desktop.

the error is "Remote Desktop Disconnected, the computer can't connect to the remote computer error". I've tried to search the logs for related error but nothing in there. Tried disabling and re-enabling the Remote desktop option on Exchange but I still can't connect via RDP.

Would it be safe if i'll just uninstall those update? I'm sure on of those KB update causes this problem.




Hi Folks

I am a SysAdmin and to remotely connect to my windows servers I use
remote desktop, I was wondering if anyone knows of a free remote
connection manager that allows multi-tabs. Meaning connecting to
multiple servers.

Thanks for any help




I have an Exchange 2007 server cluster. At one point, it was hosting several different customers. I've worked that down to one now as I am planning on shutting down those servers. Back in September, the security certificate expired. I don't want to purchase a new one. I've moved our own internal email to our own server, and my other customers to another hosted solution. Those are working great. The only problem is that on anyone I moved over, I am still getting certificate errors about the old server. I created a new Outlook profile and imported their old email (via a PST). However, every time they (and myself included) open up Outlook, we still get a certificate error for the OLD server. I've removed the old Outlook profile, and the error persists. Does anyone know of how to remove this old certificate from Outlook? Or why it is even trying to contact the old server? I've looked around in the Trust Center. I've only tried this in Outlook 2007, so I am not sure about 2003, but I don't think I have anyone using that. Would it help if I did something on the server to the certificate? And what kind of issues will I end up running into when I actually do shutdown the old server, and Outlook is still trying to contact it?




Over the weekend we had an issue where 12 of our Windows 2003 servers
suffered from an error following a reboot. We were unable to access the
machines using a remote desktop connection or an SMS remote control
connection (SMS allowed the logon process to start but hung at Applying
Setting).

The main issue was that we have a client application that use DCOM to
connect to a component on the server which then accesses a database. This
DCOM connection could not be made to the server. There were also a number of
DCOM 10016 errors on the server system logs relating to the IWAM_
account.

All of the serevrs are Domain controllers and the issue was cleared
following a reboot but I'd like to try and find out the root cause so we can
take steps to prevent any reoccurance.




This may be a bit long winded so my apologies in advance!
We have a rather sticky problem with certificates on our new Exchange 2007
Client Access server set up. We are currently in the process of trying to
migrate from Ex2K3 to Ex2K7. We've moved a few test clients over to the new
Ex2K7 server and they are all getting certificate errors when Outlook 2007
starts up on domain joined machines (internal clients). The error states that
the site name that Outlook is looking for is different from what is on the
cert. And it is correct. Here is the whole sorry saga of our certificate
tragedy:
We are a school in the UK. We have a publicly registered domain name that
ends with .sch.uk. Our internal/private AD domain name is nearly identical to
our public domain name and also ends in .sch.uk (don’t ask, this was before
my time) and looks very much like a public domain name. Because of this, we
were unable to find a single commercial certificate provider that would
include our internal FQDNs to any UCC certificate we wanted. In the end, we
ended up purchasing a Digicert UCC cert that had only our external FQDNs for
the CAS server and autodiscover services. We tried to work around this
problem by enabling both our commercial cert as well as the default MS cert
that ships with Ex2K7 which we added all of our internal FQDNs to. The hope
was that the external clients would be able to use the commercial cert, while
the internal clients would be able to use the default simple cert. This
seemed to work for a brief time, but after a few weeks, Outlook 2K7 on the
internal clients began ignoring the internal certificate and started using
the commercial cert which, of course, didn't have any of the internal
information on it and hence they started getting the certificate error on
startup. After much wrestling with this issue, we made the decision to
register our internal domain name so that we could provide Digicert with a
"whois" for it and they would then be happy to add our internal FQDNs to our
commercial cert and we could decommission the MS default cert. However, I
then spoke to Nominet and was told that we could NOT register our internal
domain name because it has the .sch.uk suffix and since we already have one
..sch.uk domain name registered, we can't register another one.
We've been given two options by certificate providers, domain name
registrants and Nominet alike:
1. Rename our external domain name so that it is the same as our internal
domain name
2. Rename our internal domain name to use a suffix like .int or .local
Neither of these options is even slightly appealing to us so we are
desperately trying to find a work-around.
I am now aware that having two active certificates running on the same CAS
server is not supported. Is it possible to have two CAS servers in the same
organisation and to force internal clients to use a specific one for
autodiscover? If so, we could set the two up and just have the Digicert
commercial cert on one for external access and have the MS default cert
enabled on the other for internal access.
Any other thoughts or ideas would be greatly appreciated. Many thanks,
Adam




Hello.

I was hoping someone could point me in the right direction. I have added a second exchange server to our environment to act as the target server in a Standby Continuous Replication configuration. After installing exchange on the second server, lets call it exchange02 users are receiving the following certificate error in outlook.

"The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority"

I took exchange02 off the network and the cert errors stopped.I am a little confused. If all the mailboxes are configured on exchange01 and exchange01 has a valid certificate why would adding the second exchange server generate certificate errors. I would like to move forward with configuring SCR. I dont want to put exchange02 back on the network and have it begin to generate certificate errors to the users. Any suggestions as to what my next step should be?

Thanks




Hello All!
This is really odd. Everytime I connect to my PC inside our Corporate
network via RDC (Remote Desktop Connection) I seem to lose settings in
Outlook and I seem to lose the ability to use the Right-Click functionality
from my mouse. I notice when I leave my office and have Outlook opened on my
desktop PC, then I log onto another PC on our Network and open Outlook, then
connect via RDC to my desktop PC, once I get back to my desktop PC I have
lost the right-click functionality on my mouse within Outlook. Also, closing
Outlook down and reopening, I now receive an error: Could not Install the
Custom Actions: The Object could not be found.

I used to receive this error on all previous Office suites. Office 2000,
2003 and now on Office 2007.




We are running Exchange 2007 on a 2003 x64 server and are also running the
Outlook Anywhere certificate on it. Everything seems to be working great
except one single user who is running Outlook 2007 is always getting a
certificate error shen she opens it. She is on a workstation on the domain so
she's not using OWA or outlook anywhere from home.

It has the red X next to "The name on the security certificate is invalid or
does not match the name of the site"

Is there a reason just one user out of the entire network would be getting
this message?




Greetings,

I moved the Outlook PST file to the Windows Server 2003 server box; the PST
file is accessible both via LAN and “Remote Desktop Connection” (Terminal
Server). The Outlook’s “address books” and “contacts” information displayed
fine via the LAN connection but the “Address book” displayed nothing via
“Remote Desktop Connection”. I would like the Address book information to be
displayed via both LAN and Remote Desktop Connection (Terminal Service).
Thanks

Patrickc




Dear Sir,

I am using Windows Server 2003 & Installed Terminal Server. It works fine.
But I want lock user to logon server using remote desktop connection from
specific computer (MAC address).

Please help me how to do it.

Thanks,

Sanjay Shah




I use remote desktop to connect to Windows Server 2008 R2 from my
windows 2000 computer.
The remote desktop connection to Windows Server 2008 R2 occupies my
LCD monitor partially.
How to make the remote desktop to occupy the entire LCD monitor
display?




Hello,
I am unable to connect to one of our fileservers via RDP or console login.
Trying to login via RDP just seems to refuse connection. I can ping server
and TELNET to server. It is setup for Remote desktop too.
Server is part of a server farm on ESX boxes. Loggin onto ESX I can open
console to server with no problems, but cannot access from any PC.

Also, this happened two weeks ago, possibley after a windows update as the
server has rebooted over the weekend. Problem does not seem to affect any
other server.

Other wierd thing is that none of our users can access thier PST files
either. All other files accessible via mapped drives.

Any suggestions would help as I do not want to reboot server during working
hours !

Thanks




Hello:

Everyone at the office can access a network's PC from home through Remote
Desktop except me. Why is that? I am using the same VPN connection that
they are. I cannot successfully to VPN but when I hit "Connect" on Remote
Desktop, a message comes up saying that my laptop cannot find the remote
computer.

childofthe1980s




Hi,

I have manually updated the certificates for one of my email providers (OpenMail.cc) as per the instructions here. In IE Internet Options > Content > Certificates I can see that the expiration date for the relevant certificate is many 2020 or so.

But when I open Outlook 2007 to get mail from the inbox I keep getting the certificate error message (see attached image). When I then click to view the certificate as Outlook has it, it shows an expiration date of last August. But I can't find that certificate anywhere in IE's list (if I could, I would uninstall it), nor can I get this error message to stop popping up.

As far as I can see, IE has all the necessary certificates properly installed, but Outlook is showing the wrong one, one that is NOT in IE. So I guess I need to get Outlook to remove its version of the certificate but I don't know how/where to do that.

Any assistance would be appreciated.




Hey,

I have successfully setup autodiscover redirection, it's working as tested below. However when I open my outlook, it always show a pop up for autodiscover.tenant-domain.com, saying that the name is mismatch. Although I have already directed autodiscover.tenant-domain.com (email account) to autodiscover.host-domain.com (host) successfully as below. Can anyone advise?

Or anything is able to offer their services for us in setting up our certificate so that it redirects properly without certificate error? (for multi tenant environment for auto discover)




I can not receive email from outside my LAN.
Internal email works fine, and I can send external messages - they are received ok too.

I think the problem might be something to do with 1 of 3 things:

1. There may be some issue with the mail box's not being able to receive and store mail at the Exchange Server - I get an odd error message when sending and receiving form Outlook 2003; 0X8004010F The operation failed. An object could not be found.

2. The problem might be related to the ADSL router - its a vigor 2800V. I have it port forwarding to 2 servers and several workstations for remote desktop administration. The issue I spotted here is that when I try to remote desktop to mail.mydomain.net I am sent to the wrong server. When logged onto the LAN, if I try the same domain name (mail.mydomain.net) I log onto the Exchange 2007 Server.

3. Something I have missed or dont know! Perhaps I have not set up the mail exchange records correctly in DNS?

I am using the router for port forwarding (I dont have NAT configured on the server), so I have port 25 pointing to the Exchange Server.