RDP certificate name mismatch - name in remote certificate ::1

Question

I'm trying to RDP to a Windows 10 computer and I'm getting a name mismatch error stating that it was expecting domain.net.au but the name on the certificate from the remote server was ::1

The background is that this is an Azure joined computer that I couldn't rdp into and after extensive research, the only reason that I could find was that the TPM module needed updating. After updating, I was expecting to have to recreate Windows Hello PINs but I wasn't expecting the tsunami of issues that accompanied it, with one being this.

The primary DNS suffix is set correctly, and the certificate name that RDS server creates is correct. But on the client side, I get the above error. Where is the ::1 (local host) coming from? When I look at subject alternatives in the certificate, it lists ::1 and the IP address of the client computer.

Regards,

RDP certificate name mismatch - name in remote certificate ::1

Answer

Hello,

You can reinstall the self-signed certificate on your client, making sure it's issued by the same server. If not, consider foregoing SSL authentication by disabling NLA:

a. Open the gpedit.msc applet.

b. Go to Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security.

c. Activate the "Require use of specific security layer for remote (RDP) connections" and choose RDP as the Security Layer.

d. Turn off the "Require user authentication for remote connections by using Network Level Authentication" policy.

e. Restart the Terminal server.

If the Answer is helpful, please click "Accept Answer" and upvote it.

Share via

RDP certificate name mismatch - name in remote certificate ::1

1 answer