I have a 2012 R2 server for CRM that I can no longer RDP into. The error I get is "This computer can't connect to the remote computer."
In the event logs, I see 2 events that seem relevant.
Event 1057: The RD Session Host Server has failed to create a new self signed certificate to be used for RD Session Host Server authentication on SSL connections. The relevant status code was Access is denied.
Event 36870: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001.
Some Googling points to remove everything from the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys folder and restarting, but I am reluctant because CRM also uses SSL certificates and don't want to mess that up.
I also read somewhere to run the certutil -key command to get the TSSecKeySet1 certificate thumbprint. Mine has this besides it "cuLoadKeyEx: LoadKeys returned Key does not exist. 0x8009000d (-2146893811 NTE_NO_KEY) -- TSSecKeySet1"
Any help would be appreciated.
Found a solution to my problem.
I issued another certificate from my Enterprise Root CA. Then I used the following command to have RDP services use the
wmic /namespace:\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="Thumbprint"
Now I can successfully RDP into the server.
User contributions licensed under CC BY-SA 3.0