Tuesday, December 4, 2012

Certificate Autoenrollment and RDS cause a certificate flood


I love using machine certificates for RDP SSL as well. This week I came across an issue where I first thought autoenrollment is freaking out and generates on every reboot or gpupdate /force a new certificate.

After I found tons of articles why autoenrollment is not working at all but nothing about issuing to many certificates. I luckily found an article about the GPO settings for RDP.


RDP GPO settings http://technet.microsoft.com/en-us/library/cc771869(WS.10).aspx

So it seems that this "known" issue is not yet fixed. Or perhaps it is and I just do not know the KB article number.

Solution in short: Keep "Template Display Name" and "Template Name" with the exact same spelling and no spaces. See below.