Unable to login to RDP - certificate error
Posted by zz-James Moir on 21 June 2016 04:08 PM


RDP into Windows VPS fails with the following error:

Remote Desktop cannot connect to the remote computer because the authentication certificate received from the remote computer is expired or invalid.
In some cases, this error might also be caused by large time discrepancy between the client and server computers.


One of the certificates installed inside the VPS is likely to be expired, preventing the connection.

It is necessary to delete the expired certificate using the command line.

1. Get a list of certificates from Remote Desktop store with this command:

C:\Windows\system32> certutil -store "Remote Desktop" | findstr "Serial Before After"

It will output something like this, look for the certificate with the NotAfter date which has passed:

certutil -store | findstr "Serial Before After"
Serial Number: 06376c00aa00648a11cfb8d4aa5c35f4
 NotBefore: 5/29/1996 4:02 AM
 NotAfter: 1/1/2040 5:59 AM
Serial Number: 46fcebbab4d02f0f926098233f93078f
 NotBefore: 4/17/1997 6:00 AM
 NotAfter: 10/25/2016 5:59 AM
Serial Number: 1e02240d
 NotBefore: 12/14/2001 8:03 AM
 NotAfter: 12/14/2002 8:03 AM
Serial Number: 198b11d13f9a8ffe69a0
 NotBefore: 10/1/1997 1:00 PM
 NotAfter: 12/31/2002 1:00 PM

2. Delete the expired certificate with this command (replacing the bold serial number with your own of course):

C:\Windows\system32> certutil -delstore "Remote Desktop" 198b11d13f9a8ffe69a0

It will output something like this:

certutil -delstore Remote Desktop 198b11d13f9a8ffe69a0
Remote Desktop
Deleting Certificate 3
CertUtil: -delstore command completed successfully.

The next time you connect via RDP a new self signed certificate should be created allowing you to login.

Article from: