I'm having a problem with using RDP to get into my PC. I have an RDP application published through Citrix to my desktop. I connect to our Citrix site, then open my RDP application and I get the error below. "The remote computer could not be fully authenticated due to problems with its security certificate. It may be unsafe to proceed. - The server name on the certificate is incorrect - The certificate is not from a trusting certifying authority. We have other applications published through Citrix and don't get cert errors, so I belive it's related to Windows. I found my cert in the Certificates MMC (local computer) > Remote Desktop > Certificates. It says it's "This cert is not trusted and should be installed in the Trusted Root Certification Authority Store". I moved it to the Trusted Root store, but still get the same error. The bigger problem is that this is now happening for every user with an RDP application. Can anyone help? Thanks, Scott

Open your certificate and switch to 'Certification path' tab. If you see more than one certificate, the top certificate MUST be installed on each client computer in Trusted Root CAs container. If the certificate is self-signed ('Issued by' and 'Issued to' fields are equals), then this certificate must be installed on clients. Another point is that certificate 'Issued to' (Subject) field must contain the same as clients uses for connection. For example, users uses citrixfarm.domain.com to access citrix applications, certificate Subject field MUST contain 'citrixfarm.domain.com'.http://en-us.sysadmins.lv

Thanks for your response. I checked the certification path and there is only 1 cert in there. The issued by and issued to fields are the same (mypc.domain.com). On the details tab, the subject is the same name. This is the same pc name that I'm trying to connect to. And this is the cert that's located in Certificates MMC (local computer) > Remote Desktop > Certificates. Does any of that look out of place? Thanks, Scott

I have asked about the Trusted Root CAs container. Does this container contains this certificate?http://en-us.sysadmins.lv

It didn't contain the certificate so I moved it there from the Remote Desktops > Certificates folder. After I moved it there, there was no change. I still received the warning.

A work around for this is to get a multi-domain certificate from a trusted provider (Verisign, Geotrust, etc). In the certificate, register the name of the Remote Desktop Servers as well as the name for the pool (if load balanced). Then, in your Remote Desktop Session Host Configuration, Right-Click "RDP-Tcp" under connections and select Properties. At the very bottom of the General tab click Select to choose the new certificate.

If you have ADCS in your environment, this link walks you through the process of setting up a certificate template specifically for Remote Desktop. The only catch is to make sure the rootca is trusted. http://blogs.msdn.com/b/rds/archive/2010/04/09/configuring-remote-desktop-certificates.aspx

Thanks for your response. I checked the certification path and there is only 1 cert in there. The issued by and issued to fields are the same (mypc.domain.com). On the details tab, the subject is the same name. This is the same pc name that I'm trying to connect to. And this is the cert that's located in Certificates MMC (local computer) > Remote Desktop > Certificates. Does any of that look out of place? Thanks, Scott Hi, It looks like this is a self-signed certificate. Please ensure that it is imported into the Trusted Root Certification Authorities store of all computers in the environment. If you have imported the certificate into the store, you should not see the error "This cert is not trusted and should be installed in the Trusted Root Certification Authority Store". Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.