This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 71%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EUN%3C/text%3E%3C/svg%3E)
Hi Team,
I have the following RDP error when RDPing into machine.
The Machine has a valid certification. However, when i click on view certifcate
Under the certifcation Path , i do not see the root CA
The Root CA is under the trusted root CA.
Any idea why the cert does not have the chain to the root CA ?
TIA
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi,
Have you checked if the answer helps?
If the Answer is helpful, please click "Accept Answer" and upvote it. Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 98%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVI%3C/text%3E%3C/svg%3E)
No chain means that is a self-signed certificate.
Try by installing that certificate under the Trusted Root Certification Authorities store.
Do you have a Certification Authority (CA)? Try this: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn781533(v=ws.11)?redirectedfrom=MSDN
I have a CA in my environment.
All my machines when doing RDP has this error.
Do i have to implement the steps that you have shared on the link to remove this error (or Have the Chain from the Root CA)
TIA
Umaish
Yes, you need to issue a certificate from a template using your CA. You could create a GPO to deploy it more efficently.
Distribute Certificates to Client Computers by Using Group Policy
Hi,
Whether you use certificate issued by the internal CA or public CA, you will need to follow the steps in below artcicle to configure Remote Desktop listener certificate to resolve the error.
Remote Desktop listener certificate configurations
https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/remote-desktop-listener-certificate-configurations
In summary, all what you need to do are as below:
Thanks,
Eleven
----------
If the Answer is helpful, please click "Accept Answer" and upvote it. Thanks.
