none
rdweb authentication error 0x607

    Question

  • Hi,

    I deployed a RDS 2012r2 with a self-singed certificate and everything worked until I changed the certificate with a third party cert.
    I can still login using RDP from a client through RDS Gateway and broker .. is working, but when I try to log on through RDWeb I get the famous "authentication error 0x607" error.
    Setting/changing the collection security to low ... is not working for me.I can't imaging that recreating the collection is the only solution to this.

    Thank You,
    Best Regards,


    MrFormula

    Friday, October 2, 2015 6:25 PM

Answers

  • Hi,

    1. Please make sure all client devices have at least RDP 8.0 capable client software.  For PCs, this means clients should have mstsc.exe version 6.2.9200 or later, with 6.3.9600 (RDP 8.1) or later preferred.  For iOS, OSX, Android, Windows Mobile, this means using the latest version of the Remote Desktop app available from the respective app store.

    2. On your RD Session Host servers only (not your broker), please delete the following registry value:

    HKLM\ SYSTEM\ CurrentControlSet\ Control\ Terminal Server\ WinStations\ RDP-Tcp

    SSLCertificateSHA1Hash     REG_DWORD

    NOTE:  Again, do not delete the above value from your broker.  Only your RDSH servers.

    After making the above changes, please test to make sure the issue has been resolved.

    Thanks.

    -TP

    Saturday, October 3, 2015 12:51 AM
    Moderator
  • Hi,

    This registry value tells the server the thumbprint of the certificate that it should use for the RDP-Tcp listener.  If it is not present, the listener will use the automatically-managed self-signed certificate.  No restart needed.

    -TP

    Friday, October 16, 2015 5:26 AM
    Moderator

All replies

  • Hi,

    1. Please make sure all client devices have at least RDP 8.0 capable client software.  For PCs, this means clients should have mstsc.exe version 6.2.9200 or later, with 6.3.9600 (RDP 8.1) or later preferred.  For iOS, OSX, Android, Windows Mobile, this means using the latest version of the Remote Desktop app available from the respective app store.

    2. On your RD Session Host servers only (not your broker), please delete the following registry value:

    HKLM\ SYSTEM\ CurrentControlSet\ Control\ Terminal Server\ WinStations\ RDP-Tcp

    SSLCertificateSHA1Hash     REG_DWORD

    NOTE:  Again, do not delete the above value from your broker.  Only your RDSH servers.

    After making the above changes, please test to make sure the issue has been resolved.

    Thanks.

    -TP

    Saturday, October 3, 2015 12:51 AM
    Moderator
  • Thank You,

    What is this registry key exactly for ? So I remove this key (i'll make a registry backup) from the RD Session Host servers. Will this require a reboot ?
    I will give this a try and let you know if the problem is solved.

    Best regards,


    MrFormula



    • Edited by MrFormula Friday, October 16, 2015 5:10 AM
    Friday, October 16, 2015 5:08 AM
  • Hi,

    This registry value tells the server the thumbprint of the certificate that it should use for the RDP-Tcp listener.  If it is not present, the listener will use the automatically-managed self-signed certificate.  No restart needed.

    -TP

    Friday, October 16, 2015 5:26 AM
    Moderator
  • I just wanted to let you know that this works !

    Thank You,
    Best regards,


    MrFormula

    Friday, November 13, 2015 5:47 AM
  • oh come on...i searched for this solution since 2 months. This is the solution for the 0x607 Problem through TMG and WAP (errorcode 0x80072efe)

    Thanks for sharing, many thanks

    Why is there no Microsoft article about it?


    • Edited by 0711 Wednesday, March 30, 2016 2:53 PM
    Wednesday, March 30, 2016 2:51 PM
  • Almost 3 years later on a Windows 2012R2 RDS server and this is still the answer.

    thank you.

    Tuesday, May 22, 2018 3:00 AM