{"id":2130,"date":"2016-11-29T16:28:25","date_gmt":"2016-11-29T21:28:25","guid":{"rendered":"http:\/\/www.ikriv.com\/blog\/?p=2130"},"modified":"2016-11-29T16:36:45","modified_gmt":"2016-11-29T21:36:45","slug":"cannot-connect-to-rdp","status":"publish","type":"post","link":"https:\/\/ikriv.com\/blog\/?p=2130","title":{"rendered":"Cannot connect to RDP"},"content":{"rendered":"

We have run into the strangest thing on our production machines, which are Windows Server 2012. The symptom is that you try to connect to the remote desktop, and immediately get a generic error, without asking for credentials.<\/p>\n

\"rdperror\"<\/p>\n

Fortunately, we still could connect to the remote computer’s Event Log and registry. We found that the Terminal Service fails with the following error in the System events log:<\/p>\n

TerminalServices-RemoteConnectionManager, Event ID 1057<\/strong><\/span><\/p>\n

The RD Session Host Server has failed to create a new self signed certificate to be used for RD Session Host Server authentication on SSL connections. The relevant status code was Object already exists.<\/span><\/p>\n

People on the Internet suggested <\/a>that cleaning Machine Certificates directory (C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys<\/code>) would resolve the issue, but it did not.<\/p>\n

We had to turn off RDP security by remotely setting this registry value to 0: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp\\SecurityLayer<\/code>. I believe this prevents RDP traffic from being encrypted, but I may be wrong.<\/p>\n

We suspect that this was a result of some Windows update, or some other similar action, since the problems started happening on all machines at the same time. The investigation is ongoing.<\/p>\n","protected":false},"excerpt":{"rendered":"

We have run into the strangest thing on our production machines, which are Windows Server 2012. The symptom is that you try to connect to the remote desktop, and immediately […]<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"Layout":"","footnotes":""},"categories":[4,1],"tags":[],"class_list":["entry","author-ikriv","post-2130","post","type-post","status-publish","format-standard","category-hack","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/ikriv.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2130","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ikriv.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ikriv.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ikriv.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ikriv.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2130"}],"version-history":[{"count":1,"href":"https:\/\/ikriv.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2130\/revisions"}],"predecessor-version":[{"id":2132,"href":"https:\/\/ikriv.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2130\/revisions\/2132"}],"wp:attachment":[{"href":"https:\/\/ikriv.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2130"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ikriv.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2130"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ikriv.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2130"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}