0

enter image description hereI'm unable to RDP to a server on our child domain after adding a Remote desktop certificate that is signed by one of our Certificate authorities. We have intentionally removed the self-signed RDP certificate and when I attempt to connect via RDP I get the error "This computer can't connect to the remote computer."

When comparing the certificate of the server on the child domain to the certificate of a server on our root domain I notice that the value for "Enhanced Key usage" is Unknown key usage (1.3.6.1.4.1.311.54.1.2)

The template i'm using for the child domain is copied from the root domain's template, with the only difference being on the "subject name" tab. On the child domain template we have used the option "supply in the request". This option is selected because we are using an .inf file to generate the certificate signing request.

Any ideas on how I can get the enhanced key usage field on the certificate of the server in the child domain to read Remote Desktop Authentication (1.3.6.1.4.1.311.54.1.2) instead of Unknown key usage (1.3.6.1.4.1.311.54.1.2)? I believe this is the reason I can not connect to the server using RDP.

redhatsamurai
  • 3
  • 7
  • @garethTheRed you are incorrect, RDP client checks for OID only. I have non-domain clients that don't have this OID registered and can successfully to connect to RDS via this RDS OID. redhatsamurai, what is exact error message? I think, the reason is different than you think. – Crypt32 May 31 '20 at 11:39
  • @Crypt32 the error message is "This computer can't connect to the remote computer. Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator." – redhatsamurai Jun 01 '20 at 12:53
  • There should be exact error message next to yellow triangle. – Crypt32 Jun 01 '20 at 12:55
  • @Crypt32 sorry if that error message is in plain site but i can't seem to find it. Should I be looking for it on the client or server? I tried to find valuable information in the event log on the server, but didn't see anything particularly useful. – redhatsamurai Jun 01 '20 at 13:29
  • On a client. Does the error dialog look like this: https://i.stack.imgur.com/IU0f2.png? If not, can you post a screenshot of error dialog? I suspect you are receiving error message because there is no RDP link to server. RDS service may be stopped or other firewall/network issues. It is not a certificate issue. – Crypt32 Jun 01 '20 at 13:35
  • An error dialog box like that does appear, but unfortunately the only dialog is the error I provided above. – redhatsamurai Jun 01 '20 at 13:59
  • can you post a screenshot of the dialog? – Crypt32 Jun 01 '20 at 14:05
  • Do you think it's a problem that instead of having the value "Remote Desktop Authentication" the certificate on the server I can't connect to has the OID as the value instead? On servers in our root domain the certificate values just say Remote Desktop authentication. – redhatsamurai Jun 01 '20 at 14:05
  • I don't think this error is not related to Remote Desktop Authentication. – Crypt32 Jun 01 '20 at 14:07
  • I see the message box. It is firewall/network issue. – Crypt32 Jun 01 '20 at 14:13
  • I've reached out to our firewall team and they claim no traffic is being blocked between our Certificate Authority and all subnets :( – redhatsamurai Jun 03 '20 at 16:28

0 Answers0