question

cruise-6690 avatar image
0 Votes"
cruise-6690 asked CarlFan-MSFT edited

Replace Remote Desktop Connection Self-Signed Certificate Fingerprinting error

ERROR:
Description = Invalid parameter

remote-desktop-services
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CarlFan-MSFT avatar image
0 Votes"
CarlFan-MSFT answered CarlFan-MSFT edited

Hello,
Thank you for your information.
Please verify that the thumbprint is correct and that the certificate is stored in the Local Computer\Personal store.
If we want to install a SSL certificates to replace Self-Signed Certificate. Please check the Scenario 2 in the link below:
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/remote-desktop-connection-rdp-certificate-warnings/ba-p/259301
Hope this helps and please help to accept as Answer if the response is useful.
Best Regards,
Carl

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CarlFan-MSFT avatar image
0 Votes"
CarlFan-MSFT answered cruise-6690 commented

Hi,
According to your description, have you config the Remote Desktop certificates as the information below:
https://techcommunity.microsoft.com/t5/security-compliance-identity/configuring-remote-desktop-certificates/ba-p/247007
It seems that importe a certificate without a corresponding private key.
Also to get the fingerprint value

Open the properties dialog of your certificate and select the Details tab.
Scroll to the Fingerprint field and copy the hexagon enclosed by spaces in Notepad.
Delete all spaces in the chain.

This is the value you need to set in WMI.

Hope this helps and please help to accept as Answer if the response is useful.
Best Regards,
Carl

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

hello! How to view or set the downloaded certificate
The "Enhanced Key Usage" extension has a value of either "Server Authentication" or "Remote Desktop Authentication" (1.3.6.1.4.1.311.54.1.2). Certificates with no "Enhanced Key Usage" extension can be used as well.

Windows server 2016 Can I set it this way?

0 Votes 0 ·