Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > DameWare Remote Support & Mini Remote Control > Cannot verify self-signed certificate (error 12045) when attempting to connect to the Central Server

Cannot verify self-signed certificate (error 12045) when attempting to connect to the Central Server

Created by Marlo Bidayan, last modified by MindTouch on Jun 23, 2016

Views: 91 Votes: 0 Revisions: 4

Overview

When you attempt to connect to the Central Server, you receive an error similar to one of the following:

  • Some Unknown error occurred: Error Code 12045
  • Cannot verify the self-signed server certificate

Environment

  • DameWare Remote Support 11.0 and later
  • DameWare Mini Remote Control 1.0 and later

Cause

This usually occurs within a domain network. The Central Server provides a self-signed certificate to the DRS and MRC applications that connect to it. If you use an account which has no privileges to save the certificate in the local trusted root store, or if you have a security policy in place that disallows saving self-signed certificates, you receive an error and cannot connect to the Central Server.

Resolution

You must install the DameWare Central Server certificate on computers with DRS or MRC installed on them that attempt to connect to the DameWare Central Server.
Depending on your security policy, you can resolve this in at least three ways:

  • Modify the security settings on your domain controller.
  • Create a group policy to automatically distribute the certificate.
  • Manually install the certificate.

Note: If your security policy does not allow users to trust self-signed certificates, you must modify your security policy on the domain controller.

 

Modify the security settings on your domain controller

Modify your security settings to allow self-signed certificates.

  1. Logon to your domain controller with domain administrative privileges.
  2. In Administrative Tools, open Group Policy Management.
    ​Note: If this option is not available, either check your credentials or install the Group Policy Management feature in the Server Manager.
  3. In the console tree, navigate to the domain containing the default domain policy that you want to edit.
  4. Right-click the Default Domain Policy, and then click Edit.
  5. Go to Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies.
  6. Open Certificate Path Validation Settings.
  7. In the Stores tab, select Define these policy settings.
  8. Under Per user certificate stores, select both of the following options:
    - Allow user trusted root CAs to be used to validate certificates (recommended) - this allows users to install self-signed certificates to their Trusted Root security store.
    - Allow users to trust peer trust certificates (recommended) - this allows users to trust self-signed certificates.
  9. Click OK.

You may need to restart the computers with DRS or MRC installed on them for the security policy to take immediate effect.
Create a group policy to distribute the certificate
If your security policy allows users to trust self-signed certificates, create a group policy to distribute the self-signed certificate.


Export the certificate from the Central Server:

  1. Logon to the computer running the Central Server as a local administrator.
  2. Press the Windows key + R, and enter certmgr.msc.
  3. Open the Trusted Root Certification Authorities\Certificates folder.
  4. Find the DameWare certificate for the Central Server.
  5. Right-click on the certificate and select All Tasks and then Export....
  6. Click Next in the Certificate Export Wizard.
  7. Select No, do not export the private key..., and click Next.
  8. Follow the prompts in the Certificate Export Wizard to save the exported certificate.
  9. Move the exported certificate to the computer from which you are creating the group policy.

Create the group policy:

  1. In Administrative Tools, open Group Policy Management.
  2. Right-click on the domain, and select Create a GPO in this domain, and Link it here....
  3. Name your new group policy.
  4. Click OK.
  5. Right-click on the group policy object you just created, and select Edit.
  6. Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies.
  7. Right-click Trusted Root Certificate Authorities, and select Import....
  8. Click Next.
  9. Browse to the location of the exported certificate, and then click Next.
  10. Follow the prompts in the Import Wizard to import the saved certificate.

The DameWare Central Server self-signed certificate should now be visible under the Trusted Root Certificate Authorities Store.


Manually install the certificate
Export the certificate from the Central Server and then import the cert to the Trusted Root Certificate store on the computer with DRS or MRC installed on it.
Export the certificate from the Central Server:

  1. Logon to the computer running the Central Server as a local administrator.
  2. Press the Windows key + R, and enter certmgr.msc.
  3. Open the Trusted Root Certification Authorities\Certificates folder.
  4. Find the DameWare certificate for the Central Server.
  5. Right-click on the certificate and select All Tasks and then Export....
  6. Click Next in the Certificate Export Wizard.
  7. Select No, do not export the private key..., and click Next.
  8. Follow the prompts in the Certificate Export Wizard to save the exported certificate.
  9. Move the exported certificate to the computer with DRS or MRC.

Install the certificate on the computer with the DRS or MRC applications installed:

  1. Logon to the computer as a local administrator.
  2. Open the exported certificate.
  3. Click Install Certificate....
  4. Click Next in the Certificate Import Wizard.
  5. Select Place all certificates in the following store.
  6. Click Browse and select Show physical stores.
  7. Select Trusted Root Certification Authorities\Local Computer.
  8. Finish the certificate installation.
  9. Click Yes to approve the certificate installation.
  10. Press the Windows key + R, and enter certmgr.msc.

Verify that the certificate is installed in the Trusted Root Certification Authorities\Certificates folder. You may need to refresh the view.

 

 

Last modified
18:58, 22 Jun 2016

Tags

Classifications

Public