Establishing Trust to Remote VM

The above message is a warning Microsoft Remote Desktop will throw when connecting to a remote computer.  While bypassing the error doesn't make the communication less secure, it can leave you open to a Man-in-the-Middle attack, since there is no way for the local PC to verify the remote computers identity.

In order to establish this trust, there are a few steps that must be taken.  In a nutshell:

1. Export the key from the remote computer.

2. Import the key into the local computer.

3. Make sure you're able to connect by name.

4. Change the RDP icon to change by name.

* Note: This procedure will work with both internal (VPN) and external connections.  The only step that is different is the last one.

1. Export the key from the remote computer

a. Open Windows Certificate Manager

b. Go to Remote Desktop \ Certificates

c. Right click the certificate and All Tasks \ Export

- Leave the defaults and save the certificate to the Desktop.

d. Copy the certificate to the local computer.

2. Import the key to the local computer

a. Open Windows Certificate Manager

b. Go to Trusted Root Certificate Authorities \ Certificates

c. Right click and go to All Tasks \ Import

- Import the certificate using the defaults.  Make sure the certificate is placed into Trusted Root Certificate Authorities.

3. Make sure you're able to connect by name

* If there is a Fortinet device in your office, this procedure might not be necessary.  Please contact VirTech Systems to make the appropriate changes to your firewall.

a. Open explorer and go to C:\windows\system32\drivers\etc\

b. Modify the hosts file with the following entry, depending on the connection location:

- If you're connecting over a VPN:

<the VM IP address>     <the VM computer name>

- If you're connecting externally:

216.134.210.20    <the VM computer name>

c. Save the file and change.

4. Modify the RDP icon to connect by name

** Opening the Certificate Manager for the Local Computer

a. Start \ Run \ mmc

b. File \ Add & Remove Snap-ins..

c. Select Certificates -> Computer Account -> Local Computer

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk