AVD certificate error using RDPW files

From time to time we have users that see error messages come up when using .rdpw files to launch an AVD connection. Connecting from the avd workspace inside the RD Client does work fine but using the rdpw file (same as downloaded from the html avd web client) give the error.

I wanted to know if anyone else has seen reports of similar behavior and if there is a known/issue or fix to put in place to prevent it from happening. If we recreate the .rdpw file (even using the exact same info) the connection starts normally again.

I have looked through lots of Microsoft documentation and other forum posts and have seen some people mention it but nothing as to why it happens or if there is anything to do about it. I wasn't aware there is any specific Certificate info saved in the rdpw file. And it doesnt make sense that if we recreate the file with the same info as before, why it then works.

This is the error message: 
We've blocked the connection because the certificate in the connection information has expired. Either refresh your Workspace or contact Support for help.

0

Comments (5 comments)

Avatar
Gregory Barr

We started seeing that a few months after getting started with AVD for users that had pinned file to task bar rather than connecting through app. The fix so far has been to delete file and recreate by connecting again through Remote Desktop app.

I brought this up at Microsoft table during roundtable session at Nerdiocon 2023 and it seemed they had not heard of that before and wrote a note to look at it. I haven't seen any change of behavior since. Users that use a pinned .rdpw have certificate expire after several months.

1
Avatar
Phil Long

I searched for as much info as I could and the only info is ONE SCENTANCE at the bottom of the “Using AVD Web Client” section on Microsoft’s website.  It states that the RDPW files downloaded from the web client “expire after a matter of time” or something similar but says nothing about how long or why or anything else.  

Ive set myself a manual monthly process of downloading a new RDPW file and using RMM to copy it (overwriting) to everyones desktop that uses it.  

1
Avatar
Joseph F. Estes

Just got his with about 50 thin clients using a generated RDPW file and got this error over the weekend. We had to regenerate the RDPW file and push it out. It would be helpful to have some firmer documentation providing this as a warning, or to set administrative expectations if we choose to deploy in this manner.

0
Avatar
Phil Long

Joseph F. Estes I still have not come across any specific info as to how long the RDPW files are valid for.  I actually had an instance myself today and the RDPW shortcut file was from July...so this one was around 5 months?  I haven't tracked any single instance but maybe that will be my next step.  Currently i have a monthly reminder to manually generate a new file from the webclient then use our RMM to replace the file on the desktops.  :(

0
Avatar
DStephenson

Joseph F. Estes, I'm not sure which vendor you're using for thin clients, but I would think they would be able to fix that with some kind of update on their end.

Phil Long, I checked the Connection Information for my AVD Session(s) (in the same host pool), and it looks like the certificates are unique per server (stored in the "LocalMachine\Remote Desktop" certificate store, but they are all valid for about 6 months (see screenshots below).
I'm guessing that once we reimage an AVD host, it resets the certificate clock.

It's possible to run a PowerShell script to get the certificate and expiration date (see below) and take action based on that.
Maybe until Microsoft fixes this (or provides more information around it), Nerdio Support can add a new info button on the Hosts screen with the certificate information?

 

PowerShell Script:

# Define the certificate store location
$storeLocation = 'Cert:\LocalMachine\Remote Desktop'

# Get all certificates
Get-ChildItem -Path $storeLocation | Format-Table -Property Subject, Thumbprint, NotBefore, NotAfter


AVD Host 1

 

AVD Host 2

0

Please sign in to leave a comment.