RDP into Windows VPS fails with the following error:
Remote Desktop cannot connect to the remote computer because the authentication certificate received from the remote computer is expired or invalid.
In some cases, this error might also be caused by large time discrepancy between the client and server computers.This is caused because
One of the certificates installed inside the VPS is likely to be expired, preventing the connection.
It is necessary to delete the expired certificate using the command line.
1. Get a list of certificates from Remote Desktop store with this command:
C:\Windows\system32> certutil -store "Remote Desktop" | findstr "Serial Before After"
It will output something like this, look for the certificate with the 'NotAfter' date which has passed:
certutil -store | findstr "Serial Before After"
Serial Number: 06376c00aa00648a11cfb8d4aa5c35f4
NotBefore: 5/29/1996 4:02 AM
NotAfter: 1/1/2040 5:59 AM
Serial Number: 46fcebbab4d02f0f926098233f93078f
NotBefore: 4/17/1997 6:00 AM
NotAfter: 10/25/2016 5:59 AM
Serial Number: 1e02240d
NotBefore: 12/14/2001 8:03 AM
NotAfter: 12/14/2002 8:03 AM
Serial Number: 198b11d13f9a8ffe69a0
NotBefore: 10/1/1997 1:00 PM
NotAfter: 12/31/2002 1:00 PM
2. Delete the expired certificate with this command (replacing the serial number with your own of course):
C:\Windows\system32> certutil -delstore "Remote Desktop" 198b11d13f9a8ffe69a0It will output something like this:
certutil -delstore Remote Desktop 198b11d13f9a8ffe69a0
Remote Desktop
Deleting Certificate 3
CertUtil: -delstore command completed successfully.The next time you connect via RDP a new self signed certificate should be created allowing you to login.
