Earlier, we’ve seen how to create and use Remote Desktop Connection from Windows to other devices in following article:

How to use Remote Desktop feature to connect Windows to other devices

Recently, we were not able to establish Remote Desktop Connection with one of our Windows 10 Pro running machine. Whenever we try to create the connection on this client machine with Remote Desktop gateway, following error appears immediately:

The connection has been terminated because an unexpected server authentication certificate was received from the remote computer.

Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.

[FIX] The Connection Has Been Terminated Because An Unexpected Server Authentication Certificate Was Received From The Remote Computer In Windows 10

This issue might occur to due to:

  • The server certificate required is either missing or outdated
  • Remote Desktop Client Certificate Revocation List (CRL) validation is not working
  • Remote Desktop is broken on your Windows 10 client machine

If you’re also victim of this problem, this article is for you. For first cause mentioned above, you may update the certificates installed on the machines. You can check this guide to install the required or missing certificates. For second cause, though you can disable the CRL validation but we don’t recommend doing it from security point of view. For third point, below mentioned fixes should resolve the issue for you:

FIX : The Connection Has Been Terminated Because An Unexpected Server Authentication Certificate Was Received From The Remote Computer In Windows 10/8.1/8/7

FIX 1 – Replace mstsc.exe & mstscax.dll Files

If you’re experiencing this issue after upgrading your Windows 10 to Anniversary Update (Version 1607) or later, then you can fix this problem by replacing Remote Desktop Client files located in System32 folder (viz. C:\Windows\system32). The files are mstsc.exe and mstscax.dll and you need to replace them with similar files from older Windows 10 version (such as Version 1507, Version 1511 etc.).

[FIX] The Connection Has Been Terminated Because An Unexpected Server Authentication Certificate Was Received From The Remote Computer In Windows 10

So if you’ve any Windows 10 V1507 running machine. Copy these files and replace them with existing ones on your system. (Tip: rename the existing files to anything or move them elsewhere)

After replacing the files, retry with creating the Remote Desktop Connection and it should work this time.

FIX 2 – Using Registry

Registry Disclaimer: The further steps will involve registry manipulation. Making mistakes while manipulating registry could affect your system adversely. So be careful while editing registry entries and create a System Restore point first.

1. Press W8K + R and put regedit in Run dialog box to open Registry Editor (if you’re not familiar with Registry Editor, then click here). Click OK.

Windows 10 Registry Editor

2. In the Registry Editor window, navigate to following registry key:

HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client

[FIX] The Connection Has Been Terminated Because An Unexpected Server Authentication Certificate Was Received From The Remote Computer In Windows 10

3. In the right pane of Terminal Server Client registry key, double click on the RDGClientTransport registry DWORD (REG_DWORD).

[FIX] The Connection Has Been Terminated Because An Unexpected Server Authentication Certificate Was Received From The Remote Computer In Windows 10

4. Finally, set the Value data to 1 and click OK. Close Registry Editor and reboot the machine and retry to connect with Remote Desktop, you should have no issues.

FYI: Microsoft is already aware of this problem and has released patches for it sometime back. So if you’re regularly installing cumulative updates, you should not face this issue. But just in case if it happens, you can simply try above mentioned fixes.

Hope this helps!

15 Comments

Add your comment

  • Ben Thoele

    My Windows 10 machine is patched up to the current 2017-08 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4034674) and I am still experiencing the issue.

  • Kapil Arya

    ^^ Have you tried steps mentioned here?

  • jestrella

    You can try Remote Desktop> show options> Advanced> If server authentication fails -> connect and do not warm me up

  • Kapil Arya

    ^^ Thanks for your inputs 😊

  • Adeniyi

    While I try to replace the mstsc.exe and mstscax.dll, a dialogue box pop up showing
    “You need permission to perform this action”

    What should I do?

  • Kapil Arya

    ^^ You can click Continue and provide permissions.

  • Tanoli

    Hello,

    I don’t see this registry entry, after Microsoft there is no folder called Terminal Server Client? Please, let me know. HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client

  • Kapil Arya

    ^^ You can manually create new Terminal Server Client registry key. Right click Microsoft registry key, select New > Key. Then rename it to Terminal Server Client.

  • ExShire

    **What worked for me** – None of the above solutions worked. – my Issue was that the client certificate could not be verified.. I reviewed the remote SSL cert and found it was a Godaddy cert.. I then went into my firewall settings and Whitelisted godaddy.com. – Badda-Bing!!! my issue with this has been solved.

  • Kapil Arya

    ^^ Thanks for adding this!

  • paritosh

    this worked for me from jestrella

    jestrella
    3 years ago

    You can try Remote Desktop> show options> Advanced> If server authentication fails -> connect and do not warm me up

  • esdee

    You can also just configure mstsc to ignore security warnings and not notify you. Follow these steps:
    1) Click “Show Options”
    2) Select “Advanced” tab
    3) In Dropdown under “If server authentication fails:” select “Connect and don’t warn me”
    4) [optional] Click “Hide Options”
    5) Click “Connect”

  • Kapil Arya

    ^^ Thanks for your inputs 😊

  • Ken C

    It has been suggested to me in another thread that the following is a possible solution. I have yet to try this but plan to later this week.

    – Run regedit.exe
    – Find key: HKLM\System\CurrentControlSet\Control\LSA\CredSSP
    – Add DWORD key in the registry named: UseCachedCRLOnlyAndIgnoreRevocationUnknownErrors
    – Value: 1 (hexadecimal)

  • Ken C

    I should add that the above solution I just posted is not recommended because it “loosens” remote desktop security.

  • Leave a Reply

    Your email address will not be published. Required fields are marked *