14 August 2011

RDP /RDS unexpected server authentication certificate was received from the remote computer

When configuring  an RDS environment you will most probably be using a 3rd party SAN certificate to authenticate the servers.  This is used when you are using network level authentication.

I recently ran into a very interesting problem.  Some of the machines within my company could connect and work without a problem.  Others would fail at connection with the  "unexpected server authentication certificate was received from the remote computer" error.

The certificates are perfectly valid.  Connecting from the Client machines to the web interface showed the SSL cert being trusted.

It took a while to figure out what the issue was.  It turns out that the intermediary certification authorities certificate was missing from the local machine's certificate store.

  • The certificate Root is Entrust (2048)
  • The Intermediary is Entrust Certification Authority -L1C

Installing the missing certificate on the client machines resolved the connectivity issue.
It was just a "unlikely" place to look for a problem since this is after all public 3rd party trusted CA.  But it just shows that certificates can be tricky at the best of times.

To install the Entrust certificate chain follow the instructions here http://www.entrust.net/knowledge-base/technote.cfm?tn=7869

Ultimately to ensure that at least in the company we do not run into the same issue, I added the certificates with a group policy across the domain.

No comments:

Post a Comment