Select Page

How to use TLS with Remote Desktop Server RDS 2012

How to use TLS with Remote Desktop Server RDS 2012

If you are using Remote Desktop Services, you would know by now that by default, RDS session hosts will use a default RDP native encryption. This might sound good, but it is only encryption. There is no authenticity to verify the identity of the RDS session host server. You can enhance the security of your session host servers by using TLS. In this blog post, I will guide you through couple of steps to use TLS with Remote Desktop Server, and fix any certificate issues when using TLS.

TLS with Remote Desktop Server

I was deploying Windows Server 2012 R2 RDS farm once, and I configured two session host servers in a pool or collection, one broker and one licensing server. The deployment was easy, and I expected everything to work fine. I wanted end users to connect to a nice name space like, that will point to one of the session host servers.

When my users started accessing, they get a certificate warning indicating that there is some certificate name mismatch. This is because the session host servers will generate self-signed certificate with the name of the session host server itself, and not with the name

I started to look at the best way to use TLS with Remote Desktop Server, and how can I fix those certificate problems. First, I need a digital certificate [server authentication] from my internal certificate authority with the name I installed that certificate in the computer personal store of my two session host servers. I started asking myself then “how can I tell my session host servers to use that certificate instead of the self-signed one?”.

TLS with Remote Desktop Server

Then I found the solution:

  • On each session host server, open PowerShell using admin credentials, and type:

Note: replace Thumbnail with my new certificate thumbnail.

  • Or you can use this command instead:

  • Restart both servers.
  • Use this command to get the certificate hash being used:


About The Author

Ammar Hasayen

Ammar Hasayen is a trusted technology adviser and entrepreneur and has been in the software industry for over 10 years with a special focus on the security, Office 365, and cloud solutions. Ammar is an active blogger and is active speaker in many local tech communities where he talks about Azure and Office 365. A part from that, Ammar appears in many global tech events and conferences like Microsoft Teched and Ignite.

1 Comment

  1. Krzysztof

    It works!


Leave a reply

Your email address will not be published. Required fields are marked *

Pin It on Pinterest