RDS Replacing the Custom (Self Signed) Default Certificate on a Remote Desktop Session Host Server10 November 2019 Off By Rached CHADERYour RDS farm will use a custom (self-signed) certificate, at each remote connection you will get an error message When you import or create a certificate through Active Directory Certificate Services (AD CS) on a Remote Desktop Session Host (RDSH) server, it will not be activated automatically. Even if you delete the custom certificate (self-signed) it will not be replaced by the certificate import is at the next restart of the server it will reappear This is a PowerShell solution that saves and sets the fingerprint of the first SSL certificate in the personal store of the computer. If your system has multiple certificates, you must add a -Filter option to the gci command to make sure you reference the correct certificate.
To get the fingerprint value Open the properties dialog of your certificate and select the Details tab. This is the value you need to set in WMI. It should look like this: 1ea1fd5b25b8c327be2c4e4852263efdb4d16af4. Now that you have the fingerprint value, here is a line that you can use to set the value using wmic:
Or via PowerShell:
Hits: 9207 TagsCertificate Remote desktop services ADCS Create a Template for Remote Desktop Certificate via (AD CS) PowerShell Import-CSV: Analysis of a CSV text file comma delimited |