By Ellie / Last Updated March 6, 2023

Remote Desktop Gateway server’s certificate has expired

 

One of our users keeps getting the following certificate error message when try connecting a remote computer using RDP services:

Your computer can’t connect to the remote computer because the Remote Desktop Gateway server’s certificate has expired or has been revoked. Contact your network administrator for assistance.

Any suggestions on how to fix this?”

- Question from Microsoft Community

Gateway Server Certificate Has Expired

How to fix Remote Desktop Gateway server’s certificate has expired [4 solutions]

Before knowing how to fix the Remote Desktop Gateway server's certificate has expired on Windows 11/10, you need to figure out the causes of the problem and suit the methods to the situation.

Solution 1. Check whether the certificate is valid

All RDP certificates will have some information, including issuer name, issued, and expiry dates. So you need to check two things. First, whether the certificate is still valid. Second, whether you have the correct date and time on your workstation.

Step 1. Click the View certificate button on the certificate error warning window to view the certificate.

View Certificates

Step 2. You can see the expiry date there. First, ensure the certificate has not expired (if it is expired, go to Solution 3). Second, ensure you have the correct month, day, and year set on your workstation.

Certificate Information

Solution 2. Check the certificate revocation issue

If the problem is related to the server certificate revocation, it will be solved by unchecking Check for server certificate revocation.

Step 1. Press Win + R, and run the “inetcpl.cpl” command.

inetcpl.cpl

Step 2. Go to the Advanced tab. Under the Security pane, remove the tick from Check for server certificate revocation. Click Apply, OK.

Check for Server Certificate Revocation

Step 3. Restart the PC and test to see if the error still occurs.

Solution 3. Create a new certificate

If the RDP server certificate expires, you must create a new certificate to fix the problem.

Step 1. Press Win + R, and run the "certmgr.msc" command to open Certificates snap-in within Microsoft Management Console (MMC).

certmgr.msc

Step 2. The path to the expired certificate is Certificates > Remote Desktop > Certificates. From the Consolidated Certificate Repository, remove the expired certificate (CCS).

Remote Desktop Certificate Store

Step 3. Run the "services.msc" command to open Services. Scroll down and locate "Remote Desktop Services". Right-click it and choose Stop to stop the RDP (Remote Desktop Services) service.

Stop Remote Desktop Services

Step 4. Go to C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys, find the file f686aace6942fb7f7ceb231212eef4a4_. Take ownership of the f686 key file and give the owner user account Full Control permissions to this file. After this, delete it.

Windows 10 Cryptographic Key Store

Step 5. Start the Remote Desktop Services service in Services.

Step 6. Verify that a new certificate has been generated via the Certificates snap-in in MMC.

Step 7. Check if the error still occurs.

Solution 4. Try an RDP alternative

The final solution for you is to use a Remote Desktop alternative. When selecting a Remote Desktop alternative, the sheer number of options can be enough to make your head spin. Fortunately, finding your ideal tool doesn't have to be tough. After a comprehensive comparison, we have picked the best Remote Desktop alternative.

AnyViewer is a free remote desktop application for Windows, iOS, and Android. It is the best Remote Desktop alternative for the following reasons:

  • ✍ AnyViewer is very easy to set up and use. Remote Desktop requires a series of setup process. Users need to enable remote access, get the IP address, computer name, and computer password.
  • ✍ AnyViewer doesn't require additional network configuration when the two devices are on different networks. Remote Desktop requires that the two devices be on the same network, otherwise, users need to set up port forwarding, which is complicated.
  • ✍ AnyViewer can be used on Windows Home and Standard versions. Remote Desktop can’t be used to connect to Windows Home computers and Windows Standard computers.

Step 1. Install and run AnyViewer on both of your computers. Navigate to Log in and then Sign up on the Controller computer (if you have already registered on the official website, you can log in directly).

Log in AnyViewer

Step 2. Fill out the sign-up form.

Sign Up for AnyViewer

Step 3. You should now see that you have successfully logged into AnyViewer. Your device will be assigned to the account to which you have logged in automatically.

Free Editions

Step 4. Log in to the same AnyViewer account on the two devices, then you can click One-click control to achieve a direct connection, click View the screen to see another’s screen, or click File transfer to share files between computers.

Connect to My Devices

Notes:✎...
Additionally, you can change your account's plan to a Professional or Enterprise one. What a business or professional plan can provide for you is:
More devices will be allowed to assign to the same account for unattended remote access.
More connection channels for more devices to be able to start remote connection at the same time.
One device can connect to more devices simultaneously.
Black the remote PC screen and disable the remote keyboard & mouse click to protect privacy.
Transfer 1TB files at 10 MB/s. 

 

The bottom line

This post primarily introduces four solutions to fix the fix Remote Desktop Gateway server's certificate has expired issue. If this continues to be an issue, try a Remote Desktop alternative, for example, AnyViewer.