Remote desktop certificate error - how to connect anyways?
I have a remote server that I can only access through RDP. It uses a proper SSL certificate from godaddy for RDP, not a self signed one. The server is 2008R2, and I believe is set to the default of requiring network level authentication. Unfortunately, I do not have any lights out management features or IPKVM on this server.
Due to heartbleed, I revoked all my certificates and reissued them. Unfortunately, I clearly missed setting RDP up for this new certificate. Now I get "This certificate has been revoked and is not safe to use", and "You may not proceed due to the severity of the certificate errors".
I know the certificate is revoked. That's why I'm trying to get in to fix it! But I can't replace the certificate until I can remote in. And I can't remote in until I replace the certificate.
Is my only option to drive there and login from the console, or is there a way to temporarily ignore the certificate error?
Solution 1:
Use with caution (as per Microsoft): There is a registry entry you can enter so this will go away: HKEY_LOCAL_MACHINE - Software – Microsoft – Terminal Server Client Add a new DWORD called AuthenticationLevelOverride and set its value to 0.
You can also push this out via GPO: Open Group Policy Management and create or edit a Group Policy Object Under computer configuration - Preferences - Windows Settings - Registry Right click and create a new registry item:
Action: Create Hive: HKEY_LOCAL_MACHINE Key Path: SOFTWARE\Microsoft\Terminal Server Client Value name: AuthenticationLevelOverride Value Type: REG_DWORD Value data: 00000000 Hexadecimal
Solution 2:
You can use mmc to accomplish what you need since the snap-in works on remote computers. See: http://technet.microsoft.com/en-us/library/cc731617.aspx. The caveat to this is that you need another Windows Server computer handy to use this snap-in, and working over the network is questionable if the firewall blocks a lot of things.
Solution 3:
NathanC's suggestion of using mmc from another computer worked perfectly.
Another option which works if you can't access it that way is using program which doesn't validate the certificate. Apparently Microsoft's RD Client for android is one such program.