Select Page

How to use TLS with Remote Desktop Server RDS 2012

How to use TLS with Remote Desktop Server RDS 2012

If you are using Remote Desktop Services, you would know by now that by default, RDS session hosts will use a default RDP native encryption. This might sound good, but it is only encryption. There is no authenticity to verify the identity of the RDS session host server. You can enhance the security of your session host servers by using TLS. In this blog post, I will guide you through couple of steps to use TLS with Remote Desktop Server, and fix any certificate issues when using TLS.

TLS with Remote Desktop Server

I was deploying Windows Server 2012 R2 RDS farm once, and I configured two session host servers in a pool or collection, one broker and one licensing server. The deployment was easy, and I expected everything to work fine. I wanted end users to connect to a nice name space like, that will point to one of the session host servers.

When my users started accessing, they get a certificate warning indicating that there is some certificate name mismatch. This is because the session host servers will generate self-signed certificate with the name of the session host server itself, and not with the name

I started to look at the best way to use TLS with Remote Desktop Server, and how can I fix those certificate problems. First, I need a digital certificate [server authentication] from my internal certificate authority with the name I installed that certificate in the computer personal store of my two session host servers. I started asking myself then “how can I tell my session host servers to use that certificate instead of the self-signed one?”.

TLS with Remote Desktop Server

Then I found the solution:

  • On each session host server, open PowerShell using admin credentials, and type:

Note: replace Thumbnail with my new certificate thumbnail.

  • Or you can use this command instead:

  • Restart both servers.
  • Use this command to get the certificate hash being used:


About The Author

Ammar Hasayen

Ammar is a digital transformer, cloud architect, public speaker and blogger. He is considered a trusted advisory with the ability to quickly navigate complex multi-cultural organizations and continuously improve and motivate cross-functional teams to achieve higher productivity, collaboration, revenue gain and cross-group knowledge sharing. His contributions to the tech community helped him get awarded the Microsoft Most Valuable Professional. Ammar appears in a lot of global conferences, and he has many publications about digital transformation and next generation technologies.

1 Comment

  1. Krzysztof

    It works!


Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Hi, I’m Ammar Hasayen


About Me

Cloud Architect | Cybersecurity | CISSP | Microsoft MVP | Pluralsight Author | Book Author | International Speaker | World Explorer | @ammarhasayen


LinkedIn Profile

My Pluralsight Course

Speaking at Microsoft Ignite Dubai

Ammar Hasayen Speaker Ignite

Pin It on Pinterest