I am unable to connect to a server running Windows Server 2012 (not R2). I was originally receiving two error messages in the System event log:
Source: Schannel Event ID: 36870
"A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001."
Source: TerminalServices-RemoteConnectionManager Event ID: 1058
"The RD Session Host Server has failed to replace the expired self signed certificate used for RD Session Host Server authentication on SSL connections. The relevant status code was Access is denied."
These two errors were always next to each other.
I resolved the Schannel error, 36870, by giving the Network Service read access to the key in personal store for the machine:
1. I got the Unique container name by running: certutil -store My
2. I then ran icacls c:\programdata\microsoft\crypto\RSA\<Unique container name>
I am still not able to access remote desktop. I've tried deleting the certificate in the machine store, and restarted the Remote Desktop Configuration Service. Most articles say to just launch Remote Desktop Services Manager, however that is no longer an option in 2012.
The only other thing I can think of is importing a 3rd party signed certificate, however we don't have a CA on site, and I don't really want to have to spend money to get this to work otherwise.