Windows 2012 R2 RDP – An internal error has occurred
A few days ago, I received a call from the office that the application owner is not able to remote desktop one of his servers. When I tried with my admin account, I found that RDP is giving the error “An internal error has occurred”, however, I was able to log in server by the console using the vSphere client without any issue. The application team confirmed that no changes were made on the server from their side; the only thing that I remember is that Windows updates were installed 2 days ago. Furthermore, I started troubleshooting and found the following event logged in the System logs.
Event ID: 36870, Source: Schannel
A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001.
There are many solutions for this event on other blogs, I tried one, which is to remove the certificate (don’t forget to take a backup of the certificate by exporting it) from Remote Desktop Container in the certificate in the management console and restart Remote Desktop Service to create this certificate again, unfortunately, it didn’t work form and I had to import the certificate again.
After deleting the certificate and re-importing, I found two more events.
Event ID : 1057 , Source: TerminalServices-RemoteConnectionManager
The RD Session Host Server has failed to create a new self-signed certificate to be used for RD Session Host Server authentication on SSL connections. The relevant status code was Object already exists.
Event ID: 36869, Source: Schannel
The SSL server credential’s certificate does not have a private key information property attached to it. This most often occurs when a certificate is backed up incorrectly and then later restored. This message can also indicate a certificate enrollment failure.
Fix for Windows 2012 R2 Remote Desktop Connection – An internal error has occurred
Solution: Long story short, I renamed the “MachineKeys” folder as “MachineKeys_old” and restart the remote desktop services and RDP worked like charm.
Path: C:\ProgramData\Microsoft\Crypto\RSA
I used the following sources to troubleshoot and fix this issue.
Source 1: Event 36870/ 36880: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001.
Source 2: RDP Fails with Event ID 1058 & Event 36870 with Remote Desktop Session Host Certificate & SSL Communication
Source 3: Event ID 1057 – The Terminal Server has failed to create a new self signed certificate
Source 4: Cannot connect to RDP
Source 5: Windows 2012 – NO RDP
Source 6: Event ID 1057 – The Terminal Server has failed to create a new self signed certificate
This helped a bunch…..back in business
Thanks ! Source 3: worked for me
Source 3: Event ID 1057 – The Terminal Server has failed to create a new self signed certificate
I enabled inheritance for MachineKeys folder and Replace all child object permissions and restarted RDP services.
RDP Working now.
Really helpful. My issue has been resolved.
Many Thanks
This helped a lot. It worked also for a Windows 2022 server. Now clients can open sessions successfully. It has happened after installing the 2024 May updates KB5037782 and KB5038282