Assume the following scenario:
- A Manually requested Remote Desktop certificate should be on a computer be assigned to the remote desktop session host.
- The operation fails with the following error message:
Set-WMIInstance : Invalid parameter At line:1 char:1 Set-WMIInstance -path $TerminalServicesConfig.__path -argument @{SSLC ...~~~~~~~~~~~~~~~~~ CategoryInfo : InvalidOperation: (:) [Set-WmiInstance], ManagementException FullyQualifiedErrorId : SetWMIManagementException,Microsoft.PowerShell.Commands.SetWmiInstance
Cause/Solution
The target system is a certification authority.
The following logic was used to determine the SHA1 fingerprint for the Remote Desktop certificate:
$RdcCertHash = (Get-ChildItem -path Cert:\LocalMachine\My | Where-Object { $_.Extensions.EnhancedKeyUsages.Value -eq "1.3.6.1.4.1.311.54.1.2" } | Sort-Object -Property NotAfter -Descending | Select-Object -First 1).Thumbprint
The certification authority certificate on the target system contains a Constraint on the issuance of Remote Desktop certificates.
Therefore, the previous command incorrectly selected the certificate authority certificate that also exists in the machine certificate store from this system, which cannot be assigned to the Remote Desktop session host.