Event ID - 1054

Event Id1054
SourceMicrosoft-Windows-TerminalServices-RemoteConnectionManager
DescriptionThe Terminal Server is configured to use a certificate that does not contain an Enhanced Key Usage attribute of Server Authentication. %1 The SHA1 hash of the certificate is in the event data. The default certificate will be used for Terminal Server authentication from now on. Please check the security settings by using the Terminal Services Configuration tool in the Administrative Tools folder.
Event InformationAccording to Microsoft :
Cause :
This event is logged when the Terminal Server is configured to use a certificate that does not contain an Enhanced Key Usage attribute of Server Authentication.
Resolution :
Check the EKU value of the certificate and configure the terminal server to use an appropriate certificate for TLS 1.0 (SSL)
To resolve this issue, do the following:
  • Confirm that the certificate that the terminal server is configured to use for TLS 1.0 (SSL) does not have the correct Enhanced Key Usage (EKU) value. The certificate must have an EKU of Server Authentication (1.3.6.1.5.5.7.3.1) or no EKU.
  • If the certificate does not meet these requirements, install an alternate certificate on the terminal server that does meet these requirements, and then configure the terminal server to use this certificate for TLS 1.0 (SSL).
To perform these procedures, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.
Confirm that the certificate that the terminal server is configured to use for TLS 1.0 (SSL) does not have the correct EKU value
To confirm that the certificate does not have the correct EKU value:
  1. Open Terminal Services Configuration. To open Terminal Services Configuration, click Start, point to Administrative Tools, point to Terminal Services, and then click Terminal Services Configuration.
  2. In the details pane, under Connections, right-click the connection, and then click Properties.
  3. On the General tab, click Select.
  4. In the Select Certificate dialog box, note the certificate that is selected, and then click View Certificate.
  5. In the Certificate dialog box, click Details, and then check the EKU value. The certificate must have an EKU of Server Authentication (1.3.6.1.5.5.7.3.1) or no EKU. If the certificate does not have one of these values, you must specify an alternate certificate for the terminal server, as described in "To import a valid certificate onto the terminal server" and "Configure the terminal server to use a certificate for TLS 1.0 (SSL)."
  6. Click OK to close the Certificate dialog box.
  7. Click OK to close the Select Certificate dialog box.
  8. Click OK to close the Properties dialog box for the connection.
Install a certificate on the terminal server
Important : You should only install certificates obtained from trusted sources. Installing an altered or unreliable certificate could compromise the security of any system component that uses the installed certificate.
To install a certificate on the terminal server:
  1. Locate and then double-click the certificate that you want to install. The certificate might exist on the terminal server or be located on a share.
  2. If prompted to confirm whether you want to open the certificate file, click Open.
  3. In the Certificate Properties dialog box, on the General tab, click Install Certificate.
  4. In the Certificate Import Wizard, on the Welcome page, click Next.
  5. On the Certificate Store page, do one of the following:
    • If the certificate should be automatically placed in a certificate store based on the type of certificate, click Automatically select the certificate store based on the type of certificate.
    • If you want to specify where the certificate is stored, select Place all certificates in the following store, and then click Browse. In Select Certificate Store, click the certificate store to use, and then click OK.
  6. On the Certificate Store page, click Next.
  7. On the Completing the Certificate Import Wizard page, click Finish.
After you install a certificate, you must specify that it be used by the terminal server, as described in the following procedure.
Configure the terminal server to use a certificate for TLS 1.0 (SSL)
We recommend that you use the Terminal Services Configuration snap-in to specify the certificate that is used by the terminal server for server authentication and encryption. If you use Terminal Services Configuration to attempt to install a certificate that does not meet the requirements specified in "Certificate requirements" later in this topic, the certificate will not be installed.
To configure the terminal server to use a certificate for TLS 1.0 (SSL):
  1. Open Terminal Services Configuration. To open Terminal Services Configuration, click Start, point to Administrative Tools, point to Terminal Services, and then click Terminal Services Configuration.
  2. In the details pane, under Connections, right-click the connection, and then click Properties.
  3. On the General tab, click Select.
  4. In the Select Certificate dialog box, click the certificate that you want to use, and then click OK.
Certificate requirements
A certificate that is used by the terminal server for server authentication and encryption must meet the following requirements:
  • The certificate must be a computer certificate.
  • The certificate must have a corresponding private key. The container for the key must be accessible by the NT AUTHORITY\Network Service account.
  • The certificate must have an Enhanced Key Usage (EKU) of Server Authentication (1.3.6.1.5.5.7.3.1) or no EKU.
  • The following key usage value must be set for the certificate: CERT_KEY_ENCIPHERMENT_KEY_USAGE.
  • The certificate has not expired. We recommend that the certificate be valid one year from the date of installation.
Verify :
When Transport Layer Security (TLS) 1.0 is functioning as expected for server authentication and encryption of terminal server communications, clients can make connections to terminal servers by using TLS 1.0 (SSL).
To verify that the TLS 1.0 (SSL) settings are correctly configured and working properly on the terminal server to provide server authentication and encryption for connections, use Remote Desktop Connection from a client computer to connect to the terminal server. If you can connect to the terminal server and there is a lock symbol in the upper-left corner of the connection bar at the top of the window, TLS 1.0 (SSL) is being used for the connection.
Note : To ensure that the connection bar is displayed when you use Remote Desktop Connection to connect from a client computer, select full-screen mode when configuring Remote Desktop Connection settings.
To select full-screen mode in Remote Desktop Connection:
  1. Open Remote Desktop Connection. To open Remote Desktop Connection, click Start, click Accessories, and then click Remote Desktop Connection.
  2. Click Options to display the Remote Desktop Connection settings, and then click Display.
  3. Under Remote desktop size, drag the slider all the way to the right to ensure that the remote desktop that you plan to connect to is displayed in full-screen mode.
Reference LinksEvent ID 1054 from Source Microsoft-Windows-TerminalServices-RemoteConnectionManager

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.