Back to All Scenarios
PASSEDserver / rdp_certificate_expired
RDP Certificate Expired on Terminal Server
The RDP certificate on a critical terminal server has expired, preventing all remote desktop connections. Users receive certificate warnings and connections are rejected by Group Policy enforcing NLA.
Pattern
CERTIFICATE_EXPIRY
Severity
CRITICAL
Confidence
95%
Remediation
Auto-Heal
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | CERTIFICATE_EXPIRY | CERTIFICATE_EXPIRY | |
| Severity Assessment | CRITICAL | CRITICAL | |
| Incident Correlation | Yes | 6 linked | |
| Cascade Escalation | N/A | No | |
| Remediation | — | Auto-Heal — Corax resolves autonomously |
Scenario Conditions
Windows Server 2019 terminal server. Self-signed RDP certificate expired 3 days ago. Network Level Authentication (NLA) enforced by GPO. 50 remote users affected. Certificate auto-renewal failed due to template misconfiguration.
Injected Error Messages (1)
RDP connections failing to terminal server ts01 — certificate expired on the remote host, NLA rejecting all connections due to expired RDP self-signed certificate, event ID 36870: TLS connection request failed because certificate expired 3 days ago, 50 remote users unable to connect, certificate auto-renewal misconfigured
Neural Engine Root Cause Analysis
The terminal server ts01 is rejecting all RDP connections due to an expired self-signed certificate that expired 3 days ago. The certificate auto-renewal mechanism is misconfigured, preventing automatic certificate rotation. This is causing NLA (Network Level Authentication) to reject all incoming RDP connections, affecting 50 remote users who cannot access the terminal server.
Remediation Plan
1. Generate a new self-signed certificate for RDP service on ts01 with appropriate validity period (1-2 years). 2. Replace the expired certificate in the Windows certificate store (Local Computer/Personal). 3. Update RDP service configuration to use the new certificate. 4. Restart Terminal Services/Remote Desktop Services to apply changes. 5. Fix certificate auto-renewal configuration to prevent future occurrences. 6. Verify RDP connectivity is restored for affected users.
Tested: 2026-03-30Monitors: 1 | Incidents: 1Test ID: cmncjxyq505olobqe35wmjivk