0x80004005 Error When RDPing to CA-certified computers


I have a server (let's call it srv1) on my network that I use RDP to connect to and manage, from my Windows 10 computer.

Recently, I deployed RDP server certificates so that I could stop the certificate errors that were plaguing all my RDP connections. Either way, I implemented Method 2, and now have my CA server auto-deploying certificates to machines, and Group Policy is enforcing the use of the certificates for RDP connections. All good.

However, every time I try to connect from my specific machine, I get the dreaded 0x80004005 error:

An authentication error has occurred (code 0x80004005)

Remote computer: srv1.domain.com

This happens with every machine with a deployed certificate, without exceptions, although sometimes the error simply becomes An internal error has occurred. without an error code, though the log entries are the same (barring the second 4005 mentioned in the log excerpt below). I have looked in Event Log, and the only relevant logs I found were in Microsoft-Windows-TerminalServices-RDPClient-Operational:

[I] RDP ClientActiveX is trying to connect to the server (srv1.domain.com)
[I] Server supports SSL = supported
[I] Base64(SHA256(UserName)) is = -
[W] RDPClient_SSL: An error was encountered when transitioning from TsSslStateHandshakeInProgress to TsSslStateDisconnecting in response to TsSslEventHandshakeContinueFailed (error code 0x80004005)
[I] The multi-transport connection has been disconnected.
[I] RDP ClientActiveX has been disconnected (Reason = 519)
[I] The multi-transport connection has been disconnected.
[W] RDPClient_TCP: An error was encountered when transitioning from TcpStateExpectingX244CC to TcpStateFailure in response to TcpEventErrorProcessingX224CC (error code 0x80004005)

No error logs are present on any of the servers, though they do see the connection and notice it just ends. The machines I am trying to connect to are not behind an RDP broker or gateway or anything similar - this is just straight RDP.

However, using the new (modern) Windows 10 Remote Desktop UWP app will connect without issue, and the certificate is used and accepted. This is restricted to the old-style mstsc.exe version of RDP. I have confirmed all systems are up to date, all certificates are valid, my certificate server is running smoothly, and everything is otherwise good. There are no VPNs or network firewalls that are causing this. Connections work from every other machine; it's just mine that's causing issues.

What can I do/where can I look to figure out what's causing this error on my machine?

Update: Further testing shows that self-signed certificates do work on my machine, but not certificates issued by the internal enterprise CA. All certificates are granted the Client Authentication and Server Authentication enhanced key usages (instead of the specific RDP key usage), but my machine remains the only one with an inability to connect.

I can verify certificates from my machine, as well as test against the CRL and AIA servers. I can further request servers and run standard operations against AD CS, meaning my system is able to reach everything it's supposed to.

asked on Server Fault Sep 26, 2018 by Kaz Wolfe • edited Sep 26, 2018 by Kaz Wolfe

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0