Event ID - 1062

Event Id1062
SourceMicrosoft-Windows-TerminalServices-RemoteConnectionManager
DescriptionThe terminal server is configured to use a template-based certificate for Transport Layer Security (TLS) 1.0\Secure Sockets Layer (SSL) authentication and encryption, but the subject name on the certificate is invalid. %1 The SHA1 hash of the certificate is in the event data. Therefore, the default certificate will be used by the terminal server for authentication. To resolve this issue, make sure that template used to create this certificate is configured to use DNS name as subject name.
Event InformationAccording to Microsoft :
Cause :
This event is logged when the terminal server is configured to use a template-based certificate for Transport Layer Security (TLS) 1.0\Secure Sockets Layer (SSL) authentication and encryption, but the subject name on the certificate is invalid.
Resolution :
Configure the certificate template Subject name to match the DNS name of the terminal server
To resolve this issue, you must modify the certificate template that Active Directory Certificate Services (AD CS) uses as the basis for server certificates enrolled to terminal servers. The certificate template must be modified so that the alternate subject name for the certificate matches the DNS name of the terminal server.
To perform this procedure, you must have membership in the Enterprise Admins or Domain Admins group of the forest root domain, or you must have been delegated the appropriate authority.
To configure the alternate subject name of the certificate to match the DNS name of the terminal server:
  1. On a computer where AD CS is installed, open the Certificate Templates snap-in. To open the Certificate Templates snap-in, click Start, click Run, type mmc, and then press ENTER.
  2. On the File menu, click Add/Remove snap-in.
  3. In the Add or Remove Snap-ins dialog box, click Certificate Templates, click Add, and then click OK.
  4. In the console tree, click Certificate Templates.
  5. In the results pane, right-click the certificate template that is used as the basis for the certificates that are enrolled to terminal servers, and then click Properties.
  6. On the Subject Name tab, ensure that Build from this Active Directory information is selected.
  7. Under Subject name format, click Fully distinguished name.
  8. Under Include this information in alternate subject name, select the DNS name check box.
  9. Click OK to close the Properties dialog box for the certificate template.
  10. Restart the Terminal Services Configuration service on the terminal server. To restart the Terminal Services Configuration service, click Start, click Run, type services.msc, and then press ENTER. In the Name column of the Services snap-in, right click Terminal Services Configuration, and then click Restart.
  11. If the attempt to restart only the service fails, restart the computer. This forces all related and dependent services to restart.
Verify :
When Transport Layer Security (TLS) 1.0 is functioning as expected for server authentication and encryption of terminal server communications, clients can make connections to terminal servers by using TLS 1.0 (SSL).
To verify that the TLS 1.0 (SSL) settings are correctly configured and working properly on the terminal server to provide server authentication and encryption for connections, use Remote Desktop Connection from a client computer to connect to the terminal server. If you can connect to the terminal server and there is a lock symbol in the upper-left corner of the connection bar at the top of the window, TLS 1.0 (SSL) is being used for the connection.
Note : To ensure that the connection bar is displayed when you use Remote Desktop Connection to connect from a client computer, select full-screen mode when configuring Remote Desktop Connection settings.
To select full-screen mode in Remote Desktop Connection:
  1. Open Remote Desktop Connection. To open Remote Desktop Connection, click Start, click Accessories, and then click Remote Desktop Connection.
  2. Click Options to display the Remote Desktop Connection settings, and then click Display.
  3. Under Remote desktop size, drag the slider all the way to the right to ensure that the remote desktop that you plan to connect to is displayed in full-screen mode.
Reference LinksEvent ID 1062 from Source Microsoft-Windows-TerminalServices-RemoteConnectionManager

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh