Question

I am trying to ignore the certificate warning on remote desktop connection - the one in the image:

enter image description here

So far I have found that when I check the "don't ask again" checkbox it is generating registry key over here:

HKCU:\Software\Microsoft\Terminal Server Client\Servers

A new record is generated with the name of the server and key name CertHash that contains a value that is specific for a machine. The key is the same for a machine - if I delete it and check the checkbox the same value is again generated. There is a new value in case I recreate the virtual machine so I think it is something machine specific.

Can someone tell me how is this hash generated so I can populate the key from command line? Adding certificate is not an option and the machines will be frequently regenerated so I need an option to ignore this automatically as I need to connect a user to the machine and run some programs in it.

No correct solution

OTHER TIPS

I know this is an old question. But this may help someone who is looking for the same solution.

Method 1

You may over ride the certificate check for ALL RDP connections (use it at your own risk)

Just add a new registry key as below.

reg add "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client" /v "AuthenticationLevelOverride" /t "REG_DWORD" /d 0 /f

Method 2

Considering if you have admin rights on the remote machine, you could actually get the crethash value from the remote machine using the below wmic command. So you could make a small batch file to get this value before you launch the mstsc and add this value in registry. I haven't included the complete batch file but thats the idea.

wmic /node:Testserver /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting get SSLCertificateSHA1Hash

See this link.

Run Microsoft Management Console (mmc) and add the Certificates snap-in if you don't already have it for the computer you would like to connect to. In the Certificates, find the Remote Desktop folder, and open the certificate in that folder. On the Details tab, scroll down to find the Thumbprint value - this is the value you should copy to the registry.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top