wmic: error when setting remote desktop self-signed certificate
Solution 1:
Stuck with the same issue for 3 hours, but found the root of the problem. In my case the reason for "Invalid parameter" error was that I've mistakenly imported a certificate without a corresponding private key.
So make sure, that when you open your certificate in General tab you see in the last line a key symbol and the text "You have a private key that corresponds to this certificate." Certificate with private key
It's quite easy to combine certificate and a key into pfx file. Have a look here https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/
Solution 2:
Try placing the thumprint letters in caps instead of lower case. In Server 2012 R2, for some reason it doesn't take lower case characters in the thumbprint for the wmic command, so e.g. d8f87e2cff8fcc5789f53b5539fc12a0b5eecba8 should be D8F87E2CFF8FCC5789F53B5539FC12A0B5EECBA8.
Easiest way for me to get the thumbprint "as it should be", was to open powershell and get the thumbprint with the following command:
Get-Childitem Cert:\LocalMachine\My
It will display the thumbprints for the local machine certificates without spaces and letters in caps.
Anyway, check out this article, it's really good: https://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/
Solution 3:
Trying to summarize the checklist, cause there are many ways this might happen.
- Ensure you are running your powershell/command prompt under Administrative Privileges as stated from this answer
- Make sure you import the certificate with private key. Check the answer from Dmitriy
- Ensure when you are trying to import the certificate, import to the Machine Account->Personal. Please refer to this blog.
- I have not yet faced this problem but someone might have, change the thumbprint to capital. Check the answer from Erick.
- If you are having the same issue as many other people like Ryan said, run the Powershell version of it.
- If you are using notepad to act as buffer when trying to remove space in thumbprint, make sure you have removed the ASCII symbol at the beginning of thumbprint. As stated from this support article by MS.
Hope this can solve your problem :D
Solution 4:
On a previous answer related to this topic, one of the comments from someone claimed the wmic version of the command didn't work for them on a 2012 R2 machine, but the Powershell equivalent version did work. You might try that. Here's the equivalent Powershell command.
$path = (gwmi -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path
swmi -Path $path -argument @{SSLCertificateSHA1Hash="THUMBPRINT"}
Solution 5:
Found the command above was not working as anticipated. After typing out the commands manually it worked, not sure what happened but just in case here is what I used
$TSGS = Get-WmiObject -Class "Win32_TSGeneralSetting" -Namespace "root\cimv2\terminalservices"
Set-WmiInstance -Path $TSGS -Arguments @{SSLCertificateSHA1Hash="4adcffbcf35ba044d93108ae2e2c51fa3c3fc983"}