RDP from any client to Windows Server 2008 R2 not working. Fatal Error- SSL Server Credential (Network Steve Forum)

RDP from any client to Windows Server 2008 R2 not working. Fatal Error- SSL Server Credential

As the title states when trying to connect to one of my VMs all of a sudden I get a generic Can't connect, Contact your system administrator error.

If I look in the event logs I see...

Event 36871, SCHANNEL

- A fatal error has occurred while creating an SSL server credential. The internal error state is 10011.

Googling for info I found this post.

https://social.technet.microsoft.com/Forums/en-US/7a10b7bb-92fb-4a20-bfc6-eee3a6ee6752/windows-2008-r2-rdp-issue-this-computer-cant-connect-to-the-remote-computer-help?forum=winserverTS

This seems to be the exact issue I'm having. Enabling the client authentication to "RDP Security Layer" will bypass this error. But my only question is... Would this setting be enabled on the client or the host? I'm just confused because everywhere I read says "on the client side" but the setting is nested within "Remote Desktop Session Host Configuration". Makes me think it would be on the VM I'm connecting to and not the client? Just asking in advance before making the situation worse(Though I'm pretty sure lowering the encryption method won't lock me out.)

EDIT: Just FYI. I am going to be setting these through GPO. So would I set Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require use of specific security layer for remote (RDP) connections SET to RDP Layer on the Client or the Host?

Edited by DCDeez 13 hours 1 minutes ago

September 1st, 2015 1:30pm

Hi,

I suggest you log on to the server console, open RD Session Host Configuration (tsconfig.msc), delete the existing RDP-Tcp listener, and then re-create it and test. Any customizations you may have made to the old RDP-Tcp listener will be lost so you will need to make those again if needed.

If the above doesn't solve the issue and you would like to switch to RDP Security layer, then double-click on RDP-Tcp and modify the setting. I do not recommend RDP Security layer because it is subject to MITM attack.

-TP

Free Windows Admin Tool Kit Click here and download it now

September 1st, 2015 4:24pm

Would I modify the properties for the RDP-tcp listener on the host(system getting the error that I RDP to) or the client (system I'll be connecting from)?

I will try to recreate the connection first.

September 1st, 2015 8:43pm

This topic is archived. No further replies will be accepted.