Hello, Jeremy, and thanks for the response. Actually, this is not the problem I am experiencing. I'll attempt to explain it clearer, step by step with images: As always, when I want to connect remotely to my PC, i open up RDP, enter computer name (for example, "mypc.net"), username, and proceed with connecting. Then, I am prompted to enter the password: It gets checked, and if it's correct, then I go further. Then, I receive the alert about any problems regarding certificates, like this one: Since the certificate is self-created by the target computer, I always expect to receive the "host name mismatch" error, because the computer name obviously differs from the internet hostname provided by my DNS provider ("My-PC" != "mypc.net"), and the one written in certificate. Of course I've added the target machine's certificate to trusted cert pool on the machine that is trying to connect. And here comes the conclusion and the meaning of my problem: I receive the certificate message AFTER entering username and password. The password might go to any other computer, for example fraud PC simply aiming at revealing entered credentials. So... How can I be sure that right when I enter the password, I am already sending it to a trusted machine? Is there any way to change the order in which the connection proceeds? Or maybe there is some way to obtain target machine's certificate information without risking my password to be captured by an unknown machine? I hope that my explanation is clear enough :) Also, I had to take screenshots on Win8 OS, since this is the only system installed on my pc that has English as language. The procedure remains the same on both OSes.

Greetings, I've already tried asking this question on microsoft answers, but didn't got any response. So, my problem is: I've managed to successfully configure a secure RDP connection, along with adding host's certificate to trusted ones for the client machine. Still there is one problem bugging me: how do I configure connection to prompt for user credentials AFTER the certificate validation/message? Since the message about how the certificate mismatches from the one installed on the client shows up after passing the credentials, it looks for me somehow unsafe to send password to potentially unknown host. Are my doubts justified, and if they are, how do I reconfigure remote desktop? Both workstations are up-to-date Windows 7 Professional. Any help will be greatly appreciated.

Hi, Based on my understanding, I think you can check Always ask for credentials to have a try: Also, based on my knowledge, the credential is saved under computer name. If you change the remote computer name, you will be asked for credentials again. Hope this helps. Jeremy Wu TechNet Community Support

Hi Ziaziu, Thanks for the response. In order to make sure that we connect to the correct remote desktop, based on my research, we need to perform the following steps: 1. Please perform the following steps on the PC which you want to remote to. 1) Search mmc in Start Menu. 2) Click File -> Add/Remove Snap-in -> Choose Certificates -> Add -> Computer Account -> Local Computer -> Finish -> OK. 3) Please navigate to Remote Desktop -> Certificates and export the certificate which issue to your full computer name. 2. Copy the certificate to your computer which you want to run Remote Desktop Connection. 3. Run MMC and add Certificates (Local Computer). 4. Import the certificate to Trusted Root Certification Authorities \Certificates. After that, the remote computer is authorized by you and it will no longer warn you when you connect to this computer. And of course, when you connect to other remote computers, it will warn you again. Hope this helps. Jeremy Wu TechNet Community Support

Thanks Jeremy for the response, In my last post I have already written that "...I've added the target machine's certificate to trusted cert pool on the machine that is trying to connect.". So, I have done long ago what you are suggesting me to do. There are two certificate prompts I might receive: I expect to see the first one, since remote address differs from machine's name. But, in case someone is trying a MIM attack or something, I am going to receive the second one. TO simplify my problem I'll attempt to explain it on an ATM example. I approach ATM. Insert the card and enter the PIN. And then I receive a message either if: a) The machine is legit b) The machine is fraud, and all my money is gone. The RDP works the same way: first I enter my password, and after that I know either if my password went where I expected, or has been revealed to someone. SSH, for example, presents the server fingerprint first, and then lets me log in if I accept it (using Putty, for example). Is there any way to achieve the similar procedure on RDP? Certificates first, and then passing credentials, when I am 100% the machine is the one I expect?