Share via


Event ID 1133 — Remote Desktop Services Authentication and Encryption

Applies To: Windows Server 2008 R2

Transport Layer Security (TLS) 1.0 enhances the security of sessions by providing server authentication and by encrypting RD Session Host server communications. The RD Session Host and the client computer must be correctly configured for clients to make successful remote connections and for TLS to provide enhanced security. For example, a certificate is needed to authenticate an RD Session Host server when SSL (TLS 1.0) is used to secure communication between a client and an RD Session Host server during Remote Desktop Protocol (RDP) connections.

Event Details

Product: Windows Operating System
ID: 1133
Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager
Version: 6.1
Symbolic Name: EVENT_TERMINAL_SERVER_CERTIFICATE_INVALID
Message: The certificate issued by the Remote Desktop license server to the Remote Desktop Session Host server is not valid. The license server will not issue Terminal Services client access licenses to clients connecting to the Remote Desktop Session Host server. To resolve this issue, delete the certificate on the Remote Desktop Session Host server and then restart the Remote Desktop Services service.

Resolve

Remove a certificate on the RD Session Host server and then restart the Remote Desktop Services service

To resolve this issue, you should delete the certificate from the RD Session Host server and then restart the Remote Desktop Services service.

To perform these procedures, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

Remove a certificate on the RD Session Host server

To remove a certificate on the RD Session Host server:

  1. On the RD Session Host server, open the Certificates snap-in. To open the Certificates snap-in, click Start, click Run, type mmc, and then press ENTER.
  2. On the File menu, click Add/Remove snap-in.
  3. In the Add or Remove Snap-ins dialog box, click Certificates, and then click Add.
  4. Select the Computer account option, and then click Next.
  5. Click Finish, and then click OK.
  6. Expand Certificates, and then expand the certificate store that contains the certificate to be removed.
  7. Right-click the certificate, and then click Delete.
  8. Click Yes to confirm that you want to delete the certificate.

After you remove the certificate, you must restart the Remote Desktop Services service on the RD Session Host server, as described in the following procedure.

Restart the Remote Desktop Services service

To restart the Remote Desktop Services service:

  1. On the RD Session Host server, open the Services snap-in. To open the Services snap-in, click Start, point to Administrative Tools, and then click Services.
  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
  3. In the Services pane, right-click Remote Desktop Services, and then click Restart.
  4. If you are prompted about restarting other services, click Yes.
  5. Confirm that the Status column for the Remote Desktop Services service displays Started.

Verify

When Transport Layer Security (TLS) 1.0 is functioning as expected for server authentication and encryption of RD Session Host server communications, clients can make connections to RD Session Host servers by using TLS 1.0 (SSL).

To verify that the TLS 1.0 (SSL) settings are correctly configured and working properly on the RD Session Host server to provide server authentication and encryption for connections, use Remote Desktop Connection from a client computer to connect to the RD Session Host server. If you can connect to the RD Session Host server and there is a lock symbol in the upper-left corner of the connection bar at the top of the window, TLS 1.0 (SSL) is being used for the connection.

Note: To ensure that the connection bar is displayed when you use Remote Desktop Connection to connect from a client computer, select full-screen mode when configuring Remote Desktop Connection settings.

To select full-screen mode in Remote Desktop Connection:

  1. Open Remote Desktop Connection. To open Remote Desktop Connection, click Start, click Accessories, and then click Remote Desktop Connection.
  2. Click Options to display the Remote Desktop Connection settings, and then click Display.
  3. Under Remote desktop size, drag the slider all the way to the right to ensure that the remote desktop that you plan to connect to is displayed in full-screen mode.

Remote Desktop Services Authentication and Encryption

Remote Desktop Services