Replacing self-signed Remote Desktop Services certificate on Windows 2019
Ask a question Quick access …
- Forums home
- Browse forums users
- FAQ
- Remove From My Forums
How to replace RDS self-signed certificate on server without Remote Desktop Services role installed
Question
-
0Sign in to vote
Hi,
On each windows server there is terminal service which allow to max 2 concurrent rdp sessions. This service use self-signed certificate and I have to replace it with CA-signed certificate, but all information, which I found on how to replace certificate used by terminal service, pertain to situation when Remote Desktop Services role is installed and it seems it not works when the role is not installed
Do you know how to replace the certificate used by built-in terminal service ?
Best regards
LukiD
All replies
-
1Sign in to vote
Hi,
Please test if this method works in your environment:
1. Import the certificate and its private key into Local Computer\ Personal store using certlm.msc
2. Configure the listener to use the certificate using below command in administrator command prompt:
wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="<certificate thumbprint>"
More details can be referred to this blog as well as registry method if you prefer:
https://blogs.technet.microsoft.com/askperf/2014/05/28/listener-certificate-configurations-in-windows-server-2012-2012-r2/
Kindly test when available and let us know if more assistance needed.
Thanks.
Jenny
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact .- Proposed as answer by Jenny YanMicrosoft contingent staff Wednesday, February 27, 2019 1:45 AM
-
0Sign in to vote
Hi,
This method works fine and powershell version too. Almost...
My fault was that when I was copying certificate thumbprint I also was catching 2 non-printing characters on beginning of string. When I use powershell method (garrettsyhampton.wordpress.com/2014/12/02/server-2012-r2-change-remote-desktop-ssl-certificate-in-3-easy-steps ; point 3) I have to omit the filter:
original command: $TSGeneralSetting = Get-WmiObject -class Win32_TSGeneralSetting -Namespace root\cimv2\terminalservices -Filter TerminalName=RDP-tcp'
throws error:
Get-WmiObject : Invalid query "select * from Win32_TSGeneralSetting where TerminalName=RDP-tcp'"
At C:\Users\duczmall\Documents\Untitled1.ps1:1 char:21
+ ... alSetting = Get-WmiObject -class Win32_TSGeneralSetting -Namespace ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
but without filter: $TSGeneralSetting = Get-WmiObject -class Win32_TSGeneralSetting -Namespace root\cimv2\terminalservices
works fine and return only one instance of the class. Rest of commands are okThank you for your help
Best regards
-
0Sign in to vote
Hi,
Glad to hear that and thanks for sharing the details.
You can mark as answer if any of above reply is helpful. It would make this reply to the top and easier to be found for other people who has the similar problem.
Thanks,
Jenny
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact .
Video liên quan
Related post
Home
Nhà thiết kế WebTôi là admin trang go plus là một người có đam mê với Blogspot, kinh nghiệm 5 năm thiết kế ra hàng trăm mẫu Template blogpsot như" Bán hàng, bất động sản, landing page, tin tức...