共用方式為


Remote Desktop Services Authentication and Encryption

Applies To: Windows Server 2008 R2

Transport Layer Security (TLS) 1.0 enhances the security of sessions by providing server authentication and by encrypting RD Session Host server communications. The RD Session Host and the client computer must be correctly configured for clients to make successful remote connections and for TLS to provide enhanced security. For example, a certificate is needed to authenticate an RD Session Host server when SSL (TLS 1.0) is used to secure communication between a client and an RD Session Host server during Remote Desktop Protocol (RDP) connections.

Events

Event ID Source Message

1050

Microsoft-Windows-TerminalServices-RemoteConnectionManager

The Terminal Server listener %1 is configured with inconsistent authentication and encryption settings. The Encryption Level is currently set to %2 and Security Layer is set to %3. These settings were automatically corrected to allow connections to proceed. Please change the Security Layer and Encryption Level settings in Group Policy or by using the Terminal Services Configuration tool in the Administrative Tools folder.

1051

Microsoft-Windows-TerminalServices-RemoteConnectionManager

The Terminal Server is configured to use SSL with user selected certificate, however, no usable certificate was found on the server. The default certificate will be used for Terminal Server authentication from now on. Please check the security settings by using the Terminal Services Configuration tool in the Administrative Tools folder.

1052

Microsoft-Windows-TerminalServices-RemoteConnectionManager

The Terminal Server is configured to use a certificate that will expire in %2 days. %1 The SHA1 hash of the certificate is in the event data. Please check the security settings by using the Terminal Services Configuration tool in the Administrative Tools folder.

1053

Microsoft-Windows-TerminalServices-RemoteConnectionManager

The Terminal Server is configured to use a certificate that is expired. %1 The SHA1 hash of the certificate is in the event data. The default certificate will be used for Terminal Server authentication from now on. Please check the security settings by using the Terminal Services Configuration tool in the Administrative Tools folder.

1054

Microsoft-Windows-TerminalServices-RemoteConnectionManager

The Terminal Server is configured to use a certificate that does not contain an Enhanced Key Usage attribute of Server Authentication. %1 The SHA1 hash of the certificate is in the event data. The default certificate will be used for Terminal Server authentication from now on. Please check the security settings by using the Terminal Services Configuration tool in the Administrative Tools folder.

1055

Microsoft-Windows-TerminalServices-RemoteConnectionManager

The Terminal Server is configured to use a certificate but is unable to access the private key associated with this certificate. %1 The SHA1 hash of the certificate is in the event data. The default certificate will be used for Terminal Server authentication from now on. Please check the security settings by using the Terminal Services Configuration tool in the Administrative Tools folder.

1056

Microsoft-Windows-TerminalServices-RemoteConnectionManager

A new self signed certificate to be used for Terminal Server authentication on SSL connections was generated. The name on this certificate is %1. The SHA1 hash of the certificate is in the event data.

1057

Microsoft-Windows-TerminalServices-RemoteConnectionManager

The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was %1.

1058

Microsoft-Windows-TerminalServices-RemoteConnectionManager

The Terminal Server has failed to replace the expired self signed certificate used for Terminal Server authentication on SSL connections. The relevant status code was %1.

1059

Microsoft-Windows-TerminalServices-RemoteConnectionManager

The Terminal Server authentication certificate configuration data was invalid and the service reset it. If the computer was configured to use a specific certificate, please verify it is available in the certificate store and use the administrative tools to select it again.

1062

Microsoft-Windows-TerminalServices-RemoteConnectionManager

The terminal server is configured to use a template-based certificate for Transport Layer Security (TLS) 1.0\Secure Sockets Layer (SSL) authentication and encryption, but the subject name on the certificate is invalid. %1 The SHA1 hash of the certificate is in the event data. Therefore, the default certificate will be used by the terminal server for authentication. To resolve this issue, make sure that template used to create this certificate is configured to use DNS name as subject name .

1063

Microsoft-Windows-TerminalServices-RemoteConnectionManager

A new template-based certificate to be used by the terminal server for Transport Layer Security (TLS) 1.0\Secure Sockets Layer (SSL) authentication and encryption has been installed. The name for this certificate is %1. The SHA1 hash of the certificate is provided in the event data.

1064

Microsoft-Windows-TerminalServices-RemoteConnectionManager

The terminal server cannot install a new template-based certificate to be used for Transport Layer Security (TLS) 1.0\Secure Sockets Layer (SSL) authentication and encryption. The following error occured: %1.

1065

Microsoft-Windows-TerminalServices-RemoteConnectionManager

The template-based certificate that is being used by the terminal server for Transport Layer Security (TLS) 1.0\Secure Sockets Layer (SSL) authentication and encryption has expired and cannot be replaced by the terminal server. The following error occurred: %1.

1133

Microsoft-Windows-TerminalServices-RemoteConnectionManager

The certificate issued by the Remote Desktop license server to the Remote Desktop Session Host server is not valid. The license server will not issue Terminal Services client access licenses to clients connecting to the Remote Desktop Session Host server. To resolve this issue, delete the certificate on the Remote Desktop Session Host server and then restart the Remote Desktop Services service.

Remote Desktop Session Host

Remote Desktop Services