Personal certificate release prompt not showing on user desktop

'Client Certificate Private Key release prompt is incorrectly shown on a different session desktop rather than on the session desktop of the active user who has selected the client certificate to submit to a website.'

I have a client who is have a few issues with personal identify certificates for secure login to various websites through a Remote Desktop server (Unipass). Having read around on the issue I found a few who encountered a similar issue in various technical forums but could find no resolution mentioned in the posts. (I will post these after my account has been verified)

This is a Server 2012 R2 RDS and doesn't seem to be an issue based on the browser which is accessing the website. It has been tested with IE11 and the latest Google Chrome both of which have the same effect.

The behaviour can be replicated while shadowing the user session on an admin login. The user goes to the website, the certificate prompt appears and the user clicks ok to continue. For the user the website then pauses, seemingly processing the logon, however it is waiting for a certificate release prompt to be pressed to allow the website to use the certificate which has appeared on the admin session desktop that I am using, without any visibility of the user. Obviously this does not work in day to day operation.

Just to confirm the following also:

The client certificate is correctly imported and shows up in the personal certificate store of the user. The Third party CA has also been imported into the LM store.

Tried adding websites to Trusted sites in IE to raised integrity level from Low to Medium but that seemed to have no effect.

The issue isn't prevalent on Server 2008 and the personal certificates operate as you would expect, any prompts are directed at the user who is trying to use the certificate to identify themselves.

After Proc Mon traces the issue seems to be because read/write access to the certificate store/registry is denied so it reverts to LM which requires higher privileges and therefore appears on the admin desktop and not the desktop of the user who wants to use the certificate to connect to the website.

Can anyone point me in the direction of a fix for this issue?

March 20th, 2015 4:39pm

Hi,

You can check the below blog post might helpful for your case.
Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx

Hope it helps!

Thanks.
Free Windows Admin Tool Kit Click here and download it now
March 23rd, 2015 1:48am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics