Article ID: 112975, created on Dec 9, 2011, last review on May 11, 2014

  • Applies to:
  • Virtuozzo containers for Windows


An attempt to establish an RDP session into a container fails with the following error:

Remote Desktop cannot connect to the remote computer because the authentication certificate recieved from the remote computer is expired or invalid.
In some cases, this error might also be caused by large time discrepancy between the client and server computers.


One of the RDP certificates, installed inside the container, is expired and prevents the connection.


Delete the expired certificates using Command Line:

  1. Enter the container using vzctl enter:

    C:\> vzctl enter 511
    Microsoft Windows [Version 6.1.7600]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
  2. Get a list of the certificates from the Remote Desktop store:

    C:\Windows\system32> certutil -store "Remote Desktop" | findstr "Serial Before After"
    certutil -store | findstr "Serial Before After"
    Serial Number: 06376c00aa00648a11cfb8d4aa5c35f4
     NotBefore: 5/29/1996 4:02 AM
     NotAfter: 1/1/2040 5:59 AM
    Serial Number: 46fcebbab4d02f0f926098233f93078f
     NotBefore: 4/17/1997 6:00 AM
     NotAfter: 10/25/2016 5:59 AM
    Serial Number: 1e02240d
     NotBefore: 12/14/2001 8:03 AM
     NotAfter: 12/14/2002 8:03 AM
    Serial Number: 198b11d13f9a8ffe69a0
     NotBefore: 10/1/1997 1:00 PM
     NotAfter: 12/31/2002 1:00 PM
  3. Delete the expired certificates:

    C:\Windows\system32> certutil -delstore "Remote Desktop" 198b11d13f9a8ffe69a0
    certutil -delstore Remote Desktop 198b11d13f9a8ffe69a0
    Remote Desktop
    Deleting Certificate 3
    CertUtil: -delstore command completed successfully.
  4. Re-enroll the certificate for RDP:

    C:\Windows\system32> net stop sessionenv && net start sessionenv

965b49118115a610e93635d21c5694a8 d02f9caf3e11b191a38179103495106f 2897d76d56d2010f4e3a28f864d69223

Email subscription for changes to this article
Save as PDF