question

German-2912 avatar image
0 Votes"
German-2912 asked German-2912 edited

0x607 Authentication Error

I'm deploying a simple solutions that consists on.

1*(RD Broker Server)
1*(RD Gateway/RDWeb)
1*(1RDSH)

A commercial wildcard certificate *.domain.com.

When I login, I got the following error.


119662-error.png


I have found multiple post this is the troubleshooting that I have done.

https://social.technet.microsoft.com/Forums/en-US/7c4c570b-0910-4242-bea2-b79b353ebff2/error-0x607-when-setup-sslcertificatesha1hash-to-change-default-certificate-on-rdsh?forum=winserverTS

This SSL hash it's not present on the RDSH Server

https://social.technet.microsoft.com/Forums/exchange/en-US/834ab2bf-1395-4b7d-9faa-fd4d726f2652/rds-2016-session-host-local-wildcard-certificate-mismatch?forum=winserverTS

No certificate mismatch the commercial certificate is deployed in the server that are present on the collection and it's not deployed on the RDSH Server

https://social.technet.microsoft.com/Forums/en-US/e0f8f58f-58c9-49fc-9d48-f6bfde830f17/rdweb-authentication-error-0x607?forum=winserverTS

The collection was set on Low Security to test.

the RDCAP and RAP Are using the default values and there are no time issues in the Virtualization Platform or AD.



remote-desktop-services
error.png (9.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JennyYan-MSFT avatar image
0 Votes"
JennyYan-MSFT answered

Hi,
Please help to confirm with more details to better understand your problem.

1.Was this issue occurred only while remote connection through RD gateway?
You may test via bypass gateway if internal network.

2.Have you tried to manually add the certificate into the trusted certificates into the clients?

3.Kindly check the event logs around the issue occurrence time and verify if anything useful has been recorded.
Event log checking:

TerminalServices-RemoteConnectionManager and TerminalServices-LocalSessionManager logs to view information about connections.

Step 1: Press Windows+R to open the Run dialog, enter eventvwr (or eventvwr.msc) and hit OK.

Step 2: Navigate to Event Viewer\ Applications and Services Logs\ Microsoft\ Windows\ TerminalServices-*

4.Also found one suggestion to manually add the IP of RDSH in the RD gateway manager, which also explains the workflow of certificates and warning for remote connection.
https://social.technet.microsoft.com/Forums/windows/en-US/6bc7b151-5f24-4d9f-86a6-f5bc806e87a9/rds-2012-r2-best-design-possible-with-wildcard-certificate?forum=winserverTS



If the Answer is helpful, please click Accept Answer and upvote it.

Best Regards,
Jenny

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

German-2912 avatar image
0 Votes"
German-2912 answered German-2912 edited

I was able to fix it and I did the following.

After that didn't have anymore issues, it's a shame Microsoft doesn't document this properly.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
It was glad to hear that the issue was resolved and thanks so much for sharing the detailed steps.

Your contribution shall be the great convience for those with similar issues.

Best Regards,
Jenny

0 Votes 0 ·