RDS SSL Certificate installed but not working

Sometimes when you install an RDS certificate it does not work the likely reason is that you were using a self signed certificate and then changed to a public one.

RDS only likes one certificate in the local machine \remote desktop certificate store

To find out it is easiest to use powershell I find


PS C:\WINDOWS\system32> set-location cert:

PS Cert:\> dir

Location   : CurrentUser
StoreNames : {TrustedPublisher, ClientAuthIssuer, Root, MSIEHistoryJournal...}

Location   : LocalMachine
StoreNames : {TrustedPublisher, ClientAuthIssuer, Remote Desktop, Root...}

PS Cert:\> cd localmachine

PS Cert:\localmachine> dir

Name : TrustedPublisher
Name : ClientAuthIssuer
Name : Remote Desktop
Name : Root
Name : TrustedDevices
Name : MSIEHistoryJournal
Name : CA
Name : Windows Live ID Token Issuer
Name : AuthRoot
Name : WebHosting
Name : TrustedPeople
Name : Operations Manager
Name : My
Name : SmartCardRoot
Name : Trust
Name : Disallowed
Name : SMS

PS Cert:\localmachine> cd "remote desktop"
PS Cert:\localmachine\remote desktop> dir

    Directory: Microsoft.PowerShell.Security\Certificate::localmachine\remote desktop

Thumbprint                                Subject                                                                                                                             
----------                                -------                                                   
3532B71036D250F66489A7A93B0F62F59F918C81  E=operations@domain.com, CN=Servername, OU=Something, O=company, L=city, S=county, C=UK                 
0CDA4EB0693920F2DB9A6B94072827252DCE50C3  CN=Servername.domain.com

So check the thumbprint of the Certificate that should be for the RDS server and remove any certificates that do not match


get-childitem |where -Property thumbprint -eq 0CDA4EB0693920F2DB9A6B94072827252DCE50C3 |Remove-Item

things should then work

failing that reboot server and then it will work ­čÖé


Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.