Share via

After updating certs in my RDS environment RDWeb will present an error "your session ended because an unexpected server authenticate certificate was recieved from the remote PC..."

Angelworks42 46 Reputation points
2020-12-02T18:52:29.573+00:00

Details: I've been testing LetsEncrypt certs in my RDS environment - because of how quickly those expire I have to renew them every 2 months (roughly). I've found that clients that have cached version of RDWeb will get the error in the subject. I've attached a screenshot what the client see's.

Clearing the cache fixes the problem. Changing to a different browser that didn't cache the rdweb pre certificate change - also works.

To be clear - the certificates are configured properly, clearing the cache solves it every time, but I feel like this is going to generate helpdesk calls.

Is there a way to disable cert checking in rdweb?

Edit: I should add too I've double checked the output from Get-RDWebClientBrokerCert it shows that the server is definitely configured with the broker's public key A75F5E31E508F0A4E29AFE9DC8E115489C569701.

44427-image-9.png

Windows for business | Windows Client for IT Pros | User experience | Remote desktop services and terminal services
Accepted answer
  1. Jenny Yan-MSFT 9,356 Reputation points
    2020-12-03T06:46:02.397+00:00

    Hi,
    I am afraid not since the Certificate verification is necessary and used to enhance the remote connection for MS remote desktop service.

    And per searching, this seemed to be a common behavior that cached files in the browser that resulted in the certificate mismatch issues. If you have any feature request or changes, kindly post in the user voice forum, where the product team will regularly visit.
    https://social.technet.microsoft.com/Forums/en-US/c30c3e1f-1e9a-4fd2-9ab3-5f2f89d78ecb/replaced-ssl-cert-now-getting-certificate-error-when-launching-remote-apps?forum=winserverTS
    https://remotedesktop.uservoice.com/forums/911494-remote-desktop-client-for-web/suggestions/38655946-certificate

    Hope this helps and please help to accept as Answer if the response is useful.

    Thanks,
    Jenny

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Philippe Levesque 5,836 Reputation points
    2020-12-02T19:19:41.06+00:00

    Hi, Does the computer are domain joined ? I ask as another solution you might try is to push by GPO the new certificate in the thrusted store of all computers to prevent such error.

    It's not an direct answer to your question, but having the GPO in place will help if someday you want to publish via the Control Panel the rdweb URL. As the certificate need to installed and thrusted to make the connector work.

  2. Angelworks42 46 Reputation points
    2020-12-04T17:17:41.68+00:00

    For anyone who finds this - I managed to solve this by setting cache-control to 0 on the load balancer:

    (F5 irule): - there's probably a way to do this in IIS as well.

    when HTTP_RESPONSE {
    HTTP::header insert Cache-Control "max-age=0"
    }

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.