In the Terminal Services Configuration MMC applet, in the properties for the RDP-tcp connection on the general tab is a certificate entry. Adding a certificate here allows the use of SSL for encryption. In the course of trying to debug a problem with a terminal server not allowing the third connection to the console, useful for disconnecting one of the other two, I wanted to remove this certificate. As usual, I did it the hard way since there’s no ‘Remove’ button. This is all under TS for Remote Administration.

Open up the ‘Certificates MMC’ applet on the computer, choose the computer store, and under personal certificates delete the certificate for the server for ‘server authentication’. This may break other things. Reboot. After rebooting I could not TS back into the machine and had to use the console. I opened the TS Configuration applet again and made sure that certificate said none and that security layer was set to ‘RDP Security Layer’.

To create a new certificate, open the same MMC applet. Click on ‘Certificates (Local Computer)’ then View -> Options and select ‘Certificate Purpose’. Right click on Server Authentication, All Tasks, Request New Certificate. Once installed, I rebooted again and TS was working again.