RDP issue due to SSL cert issue and solution

 

Cause

=============

I manually triggered this issue, and found there is an error triggered every time in System event log:

 

A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

 

0x8009030d

The credentials supplied to the package were not recognized

 

This error is related to SSL certificate.

 

By default, RDP use self-signed certificate, but we find these machines are configured to use SSL certificate:

 

 

 


So we have a GPO configured to make RDP using this certificate template to generate SSL certificate for RDP connection.

 

Once we deleted the TemplateCertificate value in the registry, RDP works.

 

Comments

Post a Comment

Popular posts from this blog

NetSH collection commands

  create below content on one notepad file file name start-auth.txt set KerbDebugFlags=0x7ffffff set KdcDebugFlags=0x23083 set KpsDebugFlags=0xff set NtlmDebugFlags=0x15003 set NegoExtsDebugFlags=0xFFFF set Pku2uDebugFlags=0xFFFF set SslDebugFlags=0x0000FDFF set DigestDebugFlags=0x000003FF set CredsspDebugFlags=0x0000FFFF set DpapiSrvDebugFlags=0xFF set WebAuthDebugFlags=0xFFFF set IdstoreDebugFlags=0x2FF set IdcommonDebugFlags=0x2FF set LivesspDebugFlags=0x3FF set WlidsvcDebugFlags=0x7 set IdlistenDebugFlags=0x7FFFFFFF set BaseCspDebugFlags=0xFFFFFFFF set VaultDebugFlags=0xFFF set BcryptDebugFlags=0xFFFFFFFF set NcryptDebugFlags=0xFFFFFFFF set CryptspDebugFlags=0xFFFFFFFF set WinHttpDebugFlags=0x7FFFFF set WininetDebugFlags=0x7FFFFF set CloudAPFlags=0xfff set HttpSysDebugFlags=0xFFFFFFFF mkdir .\logs del /f /q .\logs\*.* logman.exe start LsaTrace -p {D0B639E0-E650-4D1D-8F39-1580ADE72784} 0x40141F -o .\logs\LsaTrace__%computername%.etl -ets logman.exe start LsaAudit -p {DAA76F6A...
Read more

Script for Host entry in remote servers

#Host entry script by Suresh ## Input the server list in below path $servers= Get-Content "C:\Users\u-07-adm-ad-08\Desktop\Servers.txt" foreach ($server in $servers) {      $adminpath = Test-Path " \\$Server\admin$ "     If ($adminpath -eq "True")         {          $hostfile = " \\$Server\c$\Windows\System32\drivers\etc\hosts "          Write-Host –NoNewLine "Updating $Server..."          #Add host entries below that need to be added on remote servers          "104.108.176.95  www.identityiq.philips.com " | Out-File $hostfile -encoding ASCII -append          "23.38.37.249  www.egrc.philips.com " | Out-File $hostfile -encoding ASCII -append          Write-Host "Done!"...
Read more