Windows server

RDP: A fatal error occurred when attempting to access the SSL servercredential private key.

By Chris Gibson 14 August 2017
RDP: A fatal error occurred when attempting to access the SSL servercredential private key.

I had a problem recently when I couldn’t RDP to a windows 2008 R2 server. The server’s RDP connections are secured by a certificate, but apart from that its a normal server. Each time I tried to connect it failed before getting to a login prompt.  This normally always points to a problem with the network level authentication (The certificate bit).

I did some googling and found an MS article (KB2001849) which didn’t quite fit the problem but had the solution.  Some how the permissions for local account NETWORK SERVICE on the certificate securing RDP has been lost.  The steps from the article on how to resolve this are

  1. Click Start, click Run, type mmc, and click OK.
  2. On the File menu, click Add/Remove Snap-in.
  3. In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, click Certificates, and click Add.
  4. In the Certificates snap-in dialog box, click Computer account, and click Next.
  5. In the Select Computer dialog box, click Local computer: (the computer this console is running on), and click Finish.
  6. In the Add or Remove Snap-ins dialog box, click OK.
  7. In the Certificates snap-in, in the console tree, expand Certificates (Local Computer), expand Personal, and navigate to the SSL certificate that you would like to use.
  8. Right-click the certificate, select All Tasks, and select Manage Private Keys.
  9. In the Permissions dialog box, click Add, type NETWORK SERVICE, click OK, select Read under the Allow checkbox, then click OK."

This allowed me to get to the login prompt, but any credentials I tried were rejected.  I knew this was still related to the Certificate as I couldn’t see any RDP attempts (failed or otherwise) in the event logs.   So I reselected the cert for the rdp connection using the below steps

a. Click Start > Administrative Tools > Remote Desktop Services > Remote Desktop Session Host Configuration.

b. Select RDP-TCP in the Connections window, right click and go to Properties.

c. Click on the select button at the bottom and choose the certificate

Image1

Image2

d. Click ok and ok again and you will now be able to log into your server