5,100 questions
(see above)
[a solution] "Internal server error" when connecting to a Windows server over RDP. Error 0x8009030D in Windows System log
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 94%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEL%3C/text%3E%3C/svg%3E)
Evgeny Lotosh
161
Reputation points
It took me a couple of hours to resolve this sudden issue, so I'm placing the solution here. The error appeared after changing an expired server SSL certificate with a new one.
== Symptoms
Impossible to RDP to a server. Error message appears immediately after the connection is initiated: "Internal server error".
Error messages with code 36870 from Schannel appear in System log after the failed connection attempt:
A fatal error occurred when attempting to access the TLS server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001.
== The root cause
SYSTEM has lost access to a file with the private key under C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys. An example of such a key:
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_6885a9e6-2e13-4b1d-9b44-6ff242ad1751
== Resolution
Use Procmon to identify the file accessed by svchost under that folder. Take ownership of the file and assign Full Control right to SYSTEM. Restart the server.
Windows for business Windows Client for IT Pros User experience Remote desktop services and terminal services
Windows for business Windows Server User experience Other
20,212 questions
2 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Thameur-BOURBITA 36,261 Reputation points Moderator2023-12-27T10:37:04.63+00:00 Thank you for sharing this information in our forum.
I will copy past the root cause and the solution here to be able to accept it and help forum visitors facing the same issue to identify the root cause and the solution:
== The root cause
SYSTEM has lost access to a file with the private key under C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys. An example of such a key:
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_6885a9e6-2e13-4b1d-9b44-6ff242ad1751
== Resolution
Use Procmon to identify the file accessed by svchost under that folder. Take ownership of the file and assign Full Control right to SYSTEM. Restart the server.