Hello,
Firstly, you can disable NLA to use RDP layer for communication instead of SSL.
This is the step:
- Open the Group Policy Management Editor by typing "gpedit.msc" in the Run dialog and pressing Enter.
- Navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.
- In the right pane, double-click on "Require user authentication for remote connections by using Network Level Authentication."
- Select the "Disabled" option.
- Click "Apply" and then "OK" to save the changes.
- In the right pane, double-click on "Require use of specfic security layer for remote(rdp) connections."
- Select the "Enabled" option and choose 'RDP'.
- Click "Apply" and then "OK" to save the changes.
If you want to use SSL, and ensure you certificate back, you could keep the following tips:
- Back up "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" , delete it.
- Open "services.msc" , find CNG Key Isolation. Ensure its state is running
- Restart your rdp service , you will see a brand new "MachineKeys" folder.
Note : actually the specific key should be "f686aace6942fb7f7ceb231212eef4a4_6d79d916-3396-4e4a-a786-639cad86eac2" , but the permission of the parent folder is also important.
follow the document you found before "Check the permissions of the MachineKeys folder"
Kind Regards,
Karlie Weng