wmic: error when setting remote desktop self-signed certificate

ssl-certificate remote-desktop windows-server-2012-r2

Solution 1:

Stuck with the same issue for 3 hours, but found the root of the problem. In my case the reason for "Invalid parameter" error was that I've mistakenly imported a certificate without a corresponding private key.

So make sure, that when you open your certificate in General tab you see in the last line a key symbol and the text "You have a private key that corresponds to this certificate." Certificate with private key

It's quite easy to combine certificate and a key into pfx file. Have a look here https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/

Solution 2:

Try placing the thumprint letters in caps instead of lower case. In Server 2012 R2, for some reason it doesn't take lower case characters in the thumbprint for the wmic command, so e.g. ‎d8f87e2cff8fcc5789f53b5539fc12a0b5eecba8 should be D8F87E2CFF8FCC5789F53B5539FC12A0B5EECBA8.

Easiest way for me to get the thumbprint "as it should be", was to open powershell and get the thumbprint with the following command:

Get-Childitem Cert:\LocalMachine\My

It will display the thumbprints for the local machine certificates without spaces and letters in caps.

Anyway, check out this article, it's really good: https://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/

Solution 3:

Trying to summarize the checklist, cause there are many ways this might happen.

  • Ensure you are running your powershell/command prompt under Administrative Privileges as stated from this answer
  • Make sure you import the certificate with private key. Check the answer from Dmitriy
  • Ensure when you are trying to import the certificate, import to the Machine Account->Personal. Please refer to this blog.
  • I have not yet faced this problem but someone might have, change the thumbprint to capital. Check the answer from Erick.
  • If you are having the same issue as many other people like Ryan said, run the Powershell version of it.
  • If you are using notepad to act as buffer when trying to remove space in thumbprint, make sure you have removed the ASCII symbol at the beginning of thumbprint. As stated from this support article by MS.

Hope this can solve your problem :D

Solution 4:

On a previous answer related to this topic, one of the comments from someone claimed the wmic version of the command didn't work for them on a 2012 R2 machine, but the Powershell equivalent version did work. You might try that. Here's the equivalent Powershell command.

$path = (gwmi -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path
swmi -Path $path -argument @{SSLCertificateSHA1Hash="THUMBPRINT"}

Solution 5:

Found the command above was not working as anticipated. After typing out the commands manually it worked, not sure what happened but just in case here is what I used

$TSGS = Get-WmiObject -Class "Win32_TSGeneralSetting" -Namespace "root\cimv2\terminalservices"
Set-WmiInstance -Path $TSGS -Arguments @{SSLCertificateSHA1Hash="4adcffbcf35ba044d93108ae2e2c51fa3c3fc983"}

Related

Purpose of vent holes on the top of rackmount servers?
Weird CentOS server behavior time zones
Using Two Monitors in Ubuntu 20.04
MSI Bravo 17 and Linux compatibility
Can an application run without appearing in the dock?
Unable to find hadoop-env.sh in hadoop folder
Find text history entered into ubuntu command line (get lost password)
KEYEXPIRED error while apt-get update and there is no expired key in apt-key list
failure to install ubuntu-restricted extras [duplicate]
Secondary internal HDD keeps changing permission to read only in Ubuntu 20.04 [duplicate]
How can I reset my BIOS using Ubuntu?
How can I check if a port is busy or closed?