Probably I am doing the wrong procedure (I am not an expert in Windows Servers).
Our server was using a 128 SHA1 self-signed certificate for RDP on SBS 2011. The certificate has expired. I proceeded to create a new certificate from IIS 7 Server Certificate selecting the option "Create Self-Signed Certificate".
Then I went to Remote Desktop Session Host Configuration and then right-click on RDP-Tcp, then I selected the generated certificate from RDP-Tcp properties.
After Apply and test again the RDP, I am getting a warning that says "this ca root certificate is not trusted. to enable trust…"
Even though I can establish the RDP, the complaint is there.
How can I fix it?
Best Answer
The correct way to renew or add certificates (whether self-signed or signed by a public CA) in Windows Small Business Server is to use the Windows SBS Console's "Fix my network" wizard. The wizard does two things:
Run the Fix my network wizard to fix the certificate as follows:
Now, in your case since you have already manually renewed the certificate, the wizard may not find an expired certificate to fix. If so, re-install the already-renewed certificate through the SBS console as follows:
How I expect this to solve your problem
Based on your comment, all of the machines using RDP on the server are domain-joined. Therefore, they should all trust the certificate installed by the SBS Console. Only non-domain workstations need additional action performed in order to trust a self-signed certificate in use by the SBS server, namely using the provided certificate install package to configure the non-domain machine to add the certificate to its Trusted Root Certificates store.