An attempt to establish an RDP session into a container fails with the following error:
Remote Desktop cannot connect to the remote computer because the authentication certificate recieved from the remote computer is expired or invalid. In some cases, this error might also be caused by large time discrepancy between the client and server computers.
One of the RDP certificates, installed inside the container, is expired and prevents the connection.
Delete the expired certificates using Command Line:
Enter the container using
C:\> vzctl enter 511 Microsoft Windows [Version 6.1.7600] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32>
Get a list of the certificates from the Remote Desktop store:
C:\Windows\system32> certutil -store "Remote Desktop" | findstr "Serial Before After" certutil -store | findstr "Serial Before After" Serial Number: 06376c00aa00648a11cfb8d4aa5c35f4 NotBefore: 5/29/1996 4:02 AM NotAfter: 1/1/2040 5:59 AM Serial Number: 46fcebbab4d02f0f926098233f93078f NotBefore: 4/17/1997 6:00 AM NotAfter: 10/25/2016 5:59 AM Serial Number: 1e02240d NotBefore: 12/14/2001 8:03 AM NotAfter: 12/14/2002 8:03 AM Serial Number: 198b11d13f9a8ffe69a0 NotBefore: 10/1/1997 1:00 PM NotAfter: 12/31/2002 1:00 PM
Delete the expired certificates:
C:\Windows\system32> certutil -delstore "Remote Desktop" 198b11d13f9a8ffe69a0 certutil -delstore Remote Desktop 198b11d13f9a8ffe69a0 Remote Desktop Deleting Certificate 3 CertUtil: -delstore command completed successfully.
Re-enroll the certificate for RDP:
C:\Windows\system32> net stop sessionenv && net start sessionenv