ExTS Admin BetaTime Posted October 17, 2018 ExTS Admin Posted October 17, 2018 Hi, I'm in the process of replacing self-signed RDP certificates with CA-signed ones. I'm working with Windows 10 Education clients, so RDS is not involved. The certificate is installed in the local computer's "Personal" (and "Remote Desktop") certificate store, a corresponding private key is present on the machine and the Enhanced Key Usage extension has a value of "Server Authentication". Unfortunately, I cannot seem to change the SSLCertificateSHA1Hash value: $thumb = (gci -path "cert:/LocalMachine/My" | select -first 1).Thumbprint Set-WmiInstance -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -argument @{SSLCertificateSHA1Hash="$thumb"} Results in: Set-WmiInstance : At line:1 char:1 + Set-WmiInstance -class "Win32_TSGeneralSetting" -Namespace root\cimv2 ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [set-WmiInstance], UnauthorizedAccessException + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetWmiInstance C:\Windows\system32> wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="THUMBPRINT" Results in: Updating property(s) of '\\CLIENT\root\CIMV2\TerminalServices:Win32_TSGeneralSetting.TerminalName="RDP-Tcp"' ERROR: Description = Invalid parameter When creating the value SSLCertificateSHA1Hash in Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp, the entire value is deleted on rebooting the machine. Oddly, not even the hash of the self-signed certificate appears to be present in that key. Am I missing something? Thanks, I appreciate your help! More... Quote Forum Squared | SEO Help Forum | Web Server Forum
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.