Wednesday, 23 April 2014

Remote Desktop Connection & Certicate Errors

I use Remote Desktop Connection (RDP) to connect from my Windows 7 (Home Premium SP1 64-bit) laptop to my Vista (Home Premium SP1 64-bit) desktop computer.  Until recently, every time I tried to connect, the following message was displayed:




[Note: In the image above, I replaced the name of my desktop computer with <remote computer>]

Of course, I could always proceed to connect by pressing Yes, but I still found the warning perplexing if not annoying.

 Clicking the View Certificate button displays the certificate panel, with a button to Install Certificate.  Clicking that invokes the Certificate Import Wizard.  But successfully importing the certificate using the Wizard never remedied my issue.

 It turns out that the Wizard only installed the server authentication certificate in my Current User's Intermediate Certification Authorities Certificates store, rather than in my Local Computer's Trusted Root Certification Authorities Certificates store, where it needs to be.

The following site provided me with the solution that worked for me:
http://serverfault.com/questions/7653/remote-desktop-keeps-asking-me-to-accept-a-certificate 

 The solution uses the Microsoft Management Console (mmc.exe), running one or more snap-ins for Certificates (for Local Computer or Current User), to install (or move/copy) the remote computer's Remote Desktop Server Authentication certificate to the Trusted Root Certification Authorities certificates store (for Local Computer) on the client computer.

 Here are the instructions given there (which I've copied almost verbatim). Skip to Method 2 below if you've already imported the certificate on the client computer, perhaps by running the Wizard while using RDP to connect:

Method 1 - Part 1:  Export Certificate on Server

First the certificate needs to be exported to a file. On the server, i.e. the computer you'd like to connect to:

  1. Run %windir%\System32\mmc.exe
  2. Menu File -> Add/Remove Snap-in...
  3. Select Certificates -> Add > -> Computer account -> Local computer -> Finish
  4. OK the Add or Remove Snap-ins dialog. The console should now contain Certificates (Local Computer).
  5. Select Certificates (Local Computer) -> Remote Desktop -> Certificates. There should be a single certificate with your computer's name.
  6. Open the certificate.
  7. Open the Details tab.
  8. Copy to File...
  9. Select any format, e.g. DER encoded binary X.509 (.CER).
  10. Type in any file name, e.g. <computername>.cer.
  11. Copy the file to your client computer.
Another way to get the certificate is to follow steps 6 to 10 on your client computer, by selecting View Certificate from the Remote Desktop warning dialog mentioned. But you're trusting the network in this case. At least compare the fingerprints, so you can be sure you trust the right certificate.

Method 1 - Part 2:  Import Certificate on Client

On the client, i.e. the computer you're connecting from, and receive the warning popup, do:

  1. Run %windir%\System32\mmc.exe
  2. Menu File -> Add/Remove Snap-in...
  3. Select Certificates -> Add -> Computer account -> Local computer -> Finish
  4. OK the Add or Remove Snap-ins dialog. The console should now contain Certificates (Local Computer).
  5. Select Certificates (Local Computer) -> Trusted Root Certification Authorities -> Certificates.
  6. Menu Action -> All Tasks -> Import....
  7. Enter the path to the exported certificate, e.g. <computername>.cer.
  8. Place all certificates in the following store -> Trusted Root Certification Authorities.
  9. Finish. You should no longer receive the warning.

Method 2:  Move Certificate on Client


If you already installed the certificate through the warning dialog, you can find the certificate in the current user's store. Skip the steps above and just move the certificate to the right place:

  1. Follow steps 1 to 3 as described in "Import Certificate on Client."
  2. Add another Certificates snap-in, this time for My user account.
  3. The certificate should be here somewhere. Try Certificates - Current User -> Intermediate Certification Authorities -> Certificates first.
  4. Drag-and-drop or cut-and-paste the certificate to Certificates (Local Computer) -> Trusted Root Certification Authorities -> Certificates. Note that the certificate stores stack, so you will still see the certificate in you user's store! You should no longer receive the warning.
Posted by at No comments:
Labels: , ,

Monday, 16 December 2013

Windows Media Center: Playing MKV files

Although third party codecs may be installed, so that Windows Media Player plays .MKV files (for which it has not native support), this may not be enough to allow Windows Media Center to do the same.  Instead, when attempting to play .MKV files, even though the file icon appears, WMC may return an error that it cannot find the file!

Instructions abound on the internet about resolving this problem, but none were successful in resolving the issue until I tried the instructions to install Shark007's Advanced Codecs for Windows 7 & 8, along with a Registry modification, available here:

http://www.youtube.com/watch?v=X4LW-Ifk9WQ

Here's the info from the description:

=================================================

This tutorial will show you how to install the codecs you need to play
all forms of video including MKV files from windows and windows media center. Below are the installation packages you will need. Please only install
the ones meant for your operating system.

32bit Install Files
-------------------
32bit Shark007'ss codec pack        http://tinyurl.com/oyjpdm
32bit MKV Registry Patch               http://tinyurl.com/npdjrz

64bit Install Files
-------------------
32bit Shark007's codec pack          http://tinyurl.com/oyjpdm
64bit Shark007's x64 Components  http://tinyurl.com/68o7tq
64bit MKV Registry Patch               http://tinyurl.com/y8bbjtn

=================================================

This replaced Haali Media Splitter with another splitter, but solved the issue on my Windows 7 64-bit Home Premium installation on my Acer Aspire 8940 corei7 laptop.
Posted by at No comments:

Wednesday, 11 December 2013

Windows Media Player: Subitiles & MKV files

When playing .MKV files using Windows Media Player*, subtitles may be displayed despite being explicitly turned-off within WMP. To address this problem, note that, since WMP has no native support for some file formats such as .MKV, WMP loads one or more third-party codecs when playing such files, depending upon which codecs are installed.  When playing these files, the control interface for the loaded codecs appears in the Action Center of the Notification Area on the Taskbar. In my case, three codec interfaces appear as (hidden) icons in the Action Center:  ffdshow, Haali Media Splitter, and DirectVobSub.  Right-clicking on each displays a menu.  Some menu items actually display additional menus for setting the defaults for these individual codecs.  ffdshow has no direct control over subtitles.  Of the other two, settings for Haali Media Splitter, whether default or while running, has no effect.  However, DirectVobSub has options for showing or hiding subtitles.  Checking the "Hide Subtitles" option solves the issue.

*Windows 7 Home Premium SP2, Windows Media Player 12

**PS:  To determine the version of WMP while it is running, click on the Switch Library button at the upper-left corner.  This will display the menu; select Help,  About WMP.  To return to view the video, select View, Now Playing.
Posted by at No comments:

Wednesday, 4 December 2013

Blogger: Settings

Change the Time Zone:

[my-blog] -->  Settings  -->  Language and formatting --> Time Zone

Change the Default Font:

[my-blog] -->  Template  -->  Customize  -->  Advanced -->  Page text [or ...]
Posted by at No comments:

Outlook: How to remove non-Contacts from new-message To: (recipient) list-box

When composing mail in the web-based Outlook.com browser interface, a list-box of addresses appears below the To: (recipient) input-box when it's selected.  This list is composed of Contacts as well as possibly other addresses.  To remove these other addresses (which Outlook gleans from scanning all one's emails), select the following option:

(For Options, select Gear icon on the upper right corner of the page.)

Inbox -->  Options -->  Advanced privacy settings -->  Auto-complete suggestions -->  Only suggest people in my contact list
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)