Remote Desktop Gateway server’s certificate has expired
One of our users keeps getting the following certificate error message when try connecting a remote computer using RDP services:
Your computer can’t connect to the remote computer because the Remote Desktop Gateway server’s certificate has expired or has been revoked. Contact your network administrator for assistance.
Any suggestions on how to fix this?”
- Question from Microsoft Community
How to fix Remote Desktop Gateway server’s certificate has expired [4 solutions]
Before knowing how to fix the Remote Desktop Gateway server's certificate has expired on Windows 11/10, you need to figure out the causes of the problem and suit the methods to the situation.
Solution 1. Check whether the certificate is valid
All RDP certificates will have some information, including issuer name, issued, and expiry dates. So you need to check two things. First, whether the certificate is still valid. Second, whether you have the correct date and time on your workstation.
Step 1. Click the View certificate button on the certificate error warning window to view the certificate.
Step 2. You can see the expiry date there. First, ensure the certificate has not expired (if it is expired, go to Solution 3). Second, ensure you have the correct month, day, and year set on your workstation.
Solution 2. Check the certificate revocation issue
If the problem is related to the server certificate revocation, it will be solved by unchecking Check for server certificate revocation.
Step 1. Press Win + R, and run the “inetcpl.cpl” command.
Step 2. Go to the Advanced tab. Under the Security pane, remove the tick from Check for server certificate revocation. Click Apply, OK.
Step 3. Restart the PC and test to see if the error still occurs.
Solution 3. Create a new certificate
If the RDP server certificate expires, you must create a new certificate to fix the problem.
Step 1. Press Win + R, and run the "certmgr.msc" command to open Certificates snap-in within Microsoft Management Console (MMC).
Step 2. The path to the expired certificate is Certificates > Remote Desktop > Certificates. From the Consolidated Certificate Repository, remove the expired certificate (CCS).
Step 3. Run the "services.msc" command to open Services. Scroll down and locate "Remote Desktop Services". Right-click it and choose Stop to stop the RDP (Remote Desktop Services) service.
Step 4. Go to C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys, find the file f686aace6942fb7f7ceb231212eef4a4_. Take ownership of the f686 key file and give the owner user account Full Control permissions to this file. After this, delete it.
Step 5. Start the Remote Desktop Services service in Services.
Step 6. Verify that a new certificate has been generated via the Certificates snap-in in MMC.
Step 7. Check if the error still occurs.
Solution 4. Try an RDP alternative
The final solution for you is to use a Remote Desktop alternative. When selecting a Remote Desktop alternative, the sheer number of options can be enough to make your head spin. Fortunately, finding your ideal tool doesn't have to be tough. After a comprehensive comparison, we have picked the best Remote Desktop alternative.
AnyViewer is a free remote desktop application for Windows, iOS, and Android. It is the best Remote Desktop alternative for the following reasons:
- ✍ AnyViewer is very easy to set up and use. Remote Desktop requires a series of setup process. Users need to enable remote access, get the IP address, computer name, and computer password.
- ✍ AnyViewer doesn't require additional network configuration when the two devices are on different networks. Remote Desktop requires that the two devices be on the same network, otherwise, users need to set up port forwarding, which is complicated.
- ✍ AnyViewer can be used on Windows Home and Standard versions. Remote Desktop can’t be used to connect to Windows Home computers and Windows Standard computers.
Step 1. Install and run AnyViewer on both of your computers. Navigate to Log in and then Sign up on the Controller computer (if you have already registered on the official website, you can log in directly).
Step 2. Fill out the sign-up form.
Step 3. You should now see that you have successfully logged into AnyViewer. Your device will be assigned to the account to which you have logged in automatically.
Step 4. Log in to the same AnyViewer account on the two devices, then you can click One-click control to achieve a direct connection, click View the screen to see another’s screen, or click File transfer to share files between computers.
- Additionally, you can change your account's plan to a Professional or Enterprise one. What a business or professional plan can provide for you is:
- More devices will be allowed to assign to the same account for unattended remote access.
- More connection channels for more devices to be able to start remote connection at the same time.
- One device can connect to more devices simultaneously.
- Black the remote PC screen and disable the remote keyboard & mouse click to protect privacy.
- Transfer 1TB files at 10 MB/s.
The bottom line
This post primarily introduces four solutions to fix the fix Remote Desktop Gateway server's certificate has expired issue. If this continues to be an issue, try a Remote Desktop alternative, for example, AnyViewer.